Tail Command in Linux for Logs

In this guide, we want to discuss the Tail Command in Linux for Logs. In Linux systems, the tail command is a powerful tool that is used for different tasks. The most usage of it is in the monitoring and analyzing files. By default, the tail command will display the 10 last lines of a file. But you can customize it to your needs. This option will make the tail command a good choice for monitoring the log files.

Examples of Tail Command in Linux for Logs

You can follow the steps below to see how to use the tail command for analyzing the logs and other text files. To complete this guide, you must have access to your server as a root or non-root user with sudo privileges. You can visit the Orcacore website and check our initial server setup guides for different Linux distros.

Step 1 – Basic Usage of Tail Command in Linux

As we said, the tail command will show the last 10 lines of a file by default. The syntax to use it is like the following command:

tail desired-file

For example, we want to display the last 10 lines of the /var/log/auth.log file with the command below:

tail /var/log/auth.log

This will print the last 10 lines of the auth.log file which contains user logins and the authentication mechanism that is used.

Step 2 – Modify the Number of Tail Command Lines

If you want to see more lines or fewer lines for your checking the logs you can modify the number lines by using the -n option in the tail command. The syntax will look like this:

tail -n number-of-lines desired-file

For example, we want to check the last 50 lines of our auth.log file with the command below:

tail -n 50 /var/log/auth.log

You can modify the number to your needs.

Also, you can display the lines starting with the Nth line.

For example, the following command will start showing the log lines with the line 50:

tail -n+50 /var/log/auth.log

Step 3 – Use Tail Command in Real Time

At this point, you can use the tail command to show you the results in real-time. For this purpose, you need to use the -f option in the tail command.

tail -f desired-file

For example, we use this option for the auth.log file to show the access login in real-time:

tail -f /var/log/auth.log

To stop the process, you can press CTRL+C.

Step 4 – Display Number of Bytes with Tail Command

In this step, you can use the tail command to display the number of bytes. To do this, you can use the -c option with your desired byte number. For example:

tail -c 20 /var/log/auth.log

Also, you can print the results starting with your desired number of bytes:

tail -c+20 /var/log/auth.log

Note: You can also combine the tail command with other tools such as grep to filter your results. For example:

tail /var/log/auth.log | grep 198.50.100.0

This will display the results that only include the 198.50.100.0 IP address.

For more options, you can use the tail help command:

tail --help

In your output, you should see:

Ouput
Usage: tail [OPTION]... [FILE]...
Print the last 10 lines of each FILE to standard output.
With more than one FILE, precede each with a header giving the file name.

With no FILE, or when FILE is -, read standard input.

Mandatory arguments to long options are mandatory for short options too.
  -c, --bytes=[+]NUM       output the last NUM bytes; or use -c +NUM to
                             output starting with byte NUM of each file
  -f, --follow[={name|descriptor}]
                           output appended data as the file grows;
                             an absent option argument means 'descriptor'
  -F                       same as --follow=name --retry
  -n, --lines=[+]NUM       output the last NUM lines, instead of the last 10;
                             or use -n +NUM to output starting with line NUM
      --max-unchanged-stats=N
                           with --follow=name, reopen a FILE which has not
                             changed size after N (default 5) iterations
                             to see if it has been unlinked or renamed
                             (this is the usual case of rotated log files);
                             with inotify, this option is rarely useful
      --pid=PID            with -f, terminate after process ID, PID dies
  -q, --quiet, --silent    never output headers giving file names
      --retry              keep trying to open a file if it is inaccessible
  -s, --sleep-interval=N   with -f, sleep for approximately N seconds
                             (default 1.0) between iterations;
                             with inotify and --pid=P, check process P at
                             least once every N seconds
  -v, --verbose            always output headers giving file names
  -z, --zero-terminated    line delimiter is NUL, not newline
      --help        display this help and exit
      --version     output version information and exit

Conclusion

At this point, you have learned to use the Tail command in Linux to check the logs with examples. Hope you enjoy using it. This is one of the most useful Linux Commands that every Linux user must know the basics at least.

Also, you may like these articles:

4 Ways to Find Which Process Listening on a Port on Debian 11

10 Useful ncat Commands on AlmaLinux

Stress Test and Benchmark CPU Performance Debian

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Stay informed and not overwhelmed, subscribe now!