In this guide, we want to discuss the Tail Command in Linux for Logs. In Linux systems, the tail command is a powerful tool that is used for different tasks. The most usage of it is in the monitoring and analyzing files. By default, the tail command will display the 10 last lines of a file. But you can customize it to your needs. This option will make the tail command a good choice for monitoring the log files.
Examples of Tail Command in Linux for Logs
You can follow the steps below to see how to use the tail command for analyzing the logs and other text files. To complete this guide, you must have access to your server as a root or non-root user with sudo privileges. You can visit the Orcacore website and check our initial server setup guides for different Linux distros.
Step 1 – Basic Usage of Tail Command in Linux
As we said, the tail command will show the last 10 lines of a file by default. The syntax to use it is like the following command:
For example, we want to display the last 10 lines of the /var/log/auth.log file with the command below:
This will print the last 10 lines of the auth.log file which contains user logins and the authentication mechanism that is used.
Step 2 – Modify the Number of Tail Command Lines
If you want to see more lines or fewer lines for your checking the logs you can modify the number lines by using the -n option in the tail command. The syntax will look like this:
tail -n number-of-lines desired-file
For example, we want to check the last 50 lines of our auth.log file with the command below:
tail -n 50 /var/log/auth.log
You can modify the number to your needs.
Also, you can display the lines starting with the Nth line.
For example, the following command will start showing the log lines with the line 50:
tail -n+50 /var/log/auth.log
Step 3 – Use Tail Command in Real Time
At this point, you can use the tail command to show you the results in real-time. For this purpose, you need to use the -f option in the tail command.
tail -f desired-file
For example, we use this option for the auth.log file to show the access login in real-time:
tail -f /var/log/auth.log
To stop the process, you can press CTRL+C.
Step 4 – Display Number of Bytes with Tail Command
In this step, you can use the tail command to display the number of bytes. To do this, you can use the -c option with your desired byte number. For example:
tail -c 20 /var/log/auth.log
Also, you can print the results starting with your desired number of bytes:
tail -c+20 /var/log/auth.log
Note: You can also combine the tail command with other tools such as grep to filter your results. For example:
tail /var/log/auth.log | grep 184.108.40.206
This will display the results that only include the 220.127.116.11 IP address.
For more options, you can use the tail help command:
In your output, you should see:
Usage: tail [OPTION]... [FILE]...
Print the last 10 lines of each FILE to standard output.
With more than one FILE, precede each with a header giving the file name.
With no FILE, or when FILE is -, read standard input.
Mandatory arguments to long options are mandatory for short options too.
-c, --bytes=[+]NUM output the last NUM bytes; or use -c +NUM to
output starting with byte NUM of each file
output appended data as the file grows;
an absent option argument means 'descriptor'
-F same as --follow=name --retry
-n, --lines=[+]NUM output the last NUM lines, instead of the last 10;
or use -n +NUM to output starting with line NUM
with --follow=name, reopen a FILE which has not
changed size after N (default 5) iterations
to see if it has been unlinked or renamed
(this is the usual case of rotated log files);
with inotify, this option is rarely useful
--pid=PID with -f, terminate after process ID, PID dies
-q, --quiet, --silent never output headers giving file names
--retry keep trying to open a file if it is inaccessible
-s, --sleep-interval=N with -f, sleep for approximately N seconds
(default 1.0) between iterations;
with inotify and --pid=P, check process P at
least once every N seconds
-v, --verbose always output headers giving file names
-z, --zero-terminated line delimiter is NUL, not newline
--help display this help and exit
--version output version information and exit
At this point, you have learned to use the Tail command in Linux to check the logs with examples. Hope you enjoy using it. This is one of the most useful Linux Commands that every Linux user must know the basics at least.
Also, you may like these articles: