The basic format for the watch command is simply
watch command. Once started, watch keeps running until it is stopped. You don't want to use watch to programs that keep running. If you do, you'll be sorry.
For example, you do not want to issue a command like this one:
watch xchat. That watch command would start a new copy of xchat running every 2 seconds, and keep on doing that until your system expired from lack of resources. Not a good thing.
Watch is made for commands that output data when executed and then stop. There are a lot of those to choose from: things like
netstat as an example, and see what happens when we enter
watch 'netstat -stu' at the CLI to create an interesting, almost real-time TCP/UDP connections summary monitor:
Every 2.0s: netstat -stu Thu May 19 15:45:09 2005 Tcp: 11263 active connections openings 50 passive connection openings 0 failed connection attempts 256 connection resets received 3 connections established 290774 segments received 299217 segments send out 657 segments retransmited 0 bad segments received. 5079 resets sent Udp: 58029 packets received 316 packets to unknown port received. 0 packet receive errors 59566 packets sent TcpExt: 1 packets pruned from receive queue because of socket buffer overrun ArpFilter: 0 3192 TCP sockets finished time wait in fast timer 4 time wait sockets recycled by time stamp 20126 delayed acks sent 2 delayed acks further delayed because of locked socket Quick ack mode was activated 780 times 2955 packets directly queued to recvmsg prequeue. 1446393 packets directly received from prequeue 177007 packets header predicted 241 packets header predicted and directly queued to user TCPPureAcks: 19520 TCPHPAcks: 64828
Note that the first line is a watch title line, and is not part of the netstat output. It shows the frequency (2.0s) of the command, followed by the command being executed. On the right side of the title line, the current date and time are displayed. Even if nothing else on the screen changes, the time clicks as each two-second interval ends.
Or try a different view by netstat, this one showing active TCP connections and their current state:
Every 2.0s: netstat -t Thu May 19 16:05:40 2005 Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.0.101:50664 cs29.msg.dcn.yahoo:mmcc ESTABLISHED tcp 0 0 192.168.0.101:50788 internalmx1.vasof:imaps ESTABLISHED tcp 0 0 192.168.0.101:43686 22.214.171.124:6667 ESTABLISHED
In either case, for as long as you leave watch running, you'll be seeing the latest output screen. You can use a couple of different watch options to highlight data that has changed. The
-d option will highlight screen data that is different than it was on the previous screen. Add
=cumulative to the
-d option and the highlights become sticky, so that if a change has occurred at anytime since watch began running, it is highlighted and remains highlighted.
If 2 seconds isn't the right frequency for your needs, you can specify a different time interval in seconds with the
-n seconds argument. You can also choose not to display the watch title line by specifying
-t. As always,
man is your friend.
Watch is a simple, easy-to-use command. But it's also one that can be just as clever as you are in coming up with new and interesting things you can do with it. If fact, I'll bet a dollar to a doughnut that some of our ubergeek readers already have. Maybe they will share them in comments.