Sign In
Sign In

How to Use the tail Command in Linux

How to Use the tail Command in Linux
Anees Asghar
Technical writer
Linux
30.09.2024
Reading time: 6 min

Linux is a family of open-source Unix-like operating systems, such as Debian, Ubuntu, CentOS, and many others. When working with these OSes, we would usually use commands to operate the system and perform tasks like reading, writing, or viewing files, creating, and managing folders. System administrators often need to check system log files or read specific files, and the command tail is one of the essential tools for this purpose.

UNIX tail Command

The tail command in Linux complements the cat and head commands used for reading files. While these commands start reading files from the beginning, the tail command reads or monitors files from the end or bottom.

Syntax

The basic syntax to use the tail command in Linux is as follows:

tail [Option] [File Name]

Options

The following are a few options that can be used with the Linux tail command:

Option

Description

-c

Show the output depending on the number of bytes provided.

-f, --follow

Continue to show output as the file grows, follow the output

-n, --lines

Output the last specified number of lines instead of 10.

--pid

Terminate output after process ID when used with the -f option.

-q, --quiet

Skip the header that shows the file name.

-s, --sleep-interval

Add sleep intervals between iterations.

-v, --verbose

Add a header that contains the file name.

--help

Open help information related to the command.

Let’s move forward to check the practical administrative uses of this command.

Basic Use of Linux tail Command

The tail command Linux is commonly used by administrators to monitor the system logs, debug the system by reading the debug.log file, and check the authorization or authentication through the auth.log file. Here are some basic practical examples of using this command in Linux. For demonstration, this blog uses cities.txt and countries.txt files.

Read File

In Linux, files are normally read using the cat command. However, the cat command simply reads and displays the complete file content from the start:

cat cities.txt

Image1

In contrast, the command tail in Linux reads the file from the end or bottom. By default, it displays the last 10 rows of the file. To use this command, execute the tail <file-name>:

tail cities.txt

Image3

Read File From Specific Line

To start reading a file from the desired line number, simply use +NUM with the command:

tail +60 cities.txt

Here, the result displays the entries from line 60 and onward:

Image2

Read File with -n Option

To read or display specified numbers of lines from the tail or bottom, utilize the -n <number of lines> argument with the command as shown below:

tail -n 15 cities.txt

The output displays the last 15 lines of the cities.txt file:

Image5

Read Multiple Files

Users can also monitor multiple files through the Linux tail command. For this purpose, utilize tail <file1-name> <file2-name> <file3-name> command:

tail cities.txt countries.txt

This command displays the last 10 entries of provided files and also adds the filename in headers before displaying file entries:

Image4

Let’s check out the advanced administrative uses of the tail in Linux through the below section.

Advanced Uses of tail Command in Linux

The tail Linux command is more than just viewing the last few lines of the file. It is used for real-time monitoring, managing the output based on bytes, processes, and sleep time intervals. These all advanced options are used to monitor logs and manage the application behaviors.

Let’s check some advanced practical illustrations of the command.

tail Command with -c Option

To get the output by providing the number of the bytes, use the -c <number of bytes> option: 

tail -c 50 cities.txt

The below output shows the specified number of bytes from the bottom instead of lines:

Image7

tail Command with -v Option

The -v or --verbose option is used to add the header while displaying the result. The header contains the file name. For demonstration, use the tail -v <file-name> command:

tail -v cities.txt

Image6

Monitoring Logs with tail -f

Administrators are often needed to monitor the system in real-time, check application behavior, or debug errors. For this purpose, they usually need to view system logs. In Linux, all log files are located in the /var/log directory. To open and view the log directory, utilize the following commands:

cd /var/log
ls

Image9

To monitor the logs in real-time, use the -f or --follow argument with the tail:

tail -f /var/log/syslog

As files or logs grow, these are displayed on the screen continuously as shown below:

Image8

tail Command with -s Option

Use the -s <time-interval> argument to add the sleep interval between the iteration while monitoring the logs or file in real-time:

tail -f -s 5 /var/log/syslog

Image12

tail Command with -q Option

To read or monitor the file in quiet mode or to skip the header while viewing multiple files, utilize the -q option:

tail -q cities.txt countries.txt

Here, the output shows the last 10 lines of the cities.txt and countries.txt files but skips the headers of the files:

Image10

tail Command with Pipe(|) Operator

The Pipe (|) operator enables us to pass the output of the first command to the second command. It permits the users to use multiple commands at one time. Similarly, the tail Linux can also be used with some other commands such as the grep command to search specific logs or the sort command to sort the order. Moreover, users can use the tail command with Docker logs to see the latest logs from a Docker container.

Let’s go through the following examples for demonstration.

Example 1: Search for the Specific Word From the End

To search the specific words from the end of the file or a specified number of files from the bottom, use the following command:

tail -n 20 cities.txt | grep "Bangor"

In this command, the tail extracts the last 20 lines from the file, and then the output is piped out through the pipe operator, and the grep command filters the specified word from the output:

Image11

Example 2: Sort the Output in Reverse Order

To sort the output produced from the tail in reverse order, utilize the following command:

tail -n 6 cities.txt | sort -r

Image13

Example 3: Monitor the System Logs of Specific Date

To check the logs of a specific date from the log file, first, extract the logs and then filter the log of the date through the grep command:

tail /var/log/syslog | grep "2024-09-22"

Image14

Conclusion

The tail command in Linux is a powerful tool for system administrators and Linux users, providing both basic and advanced functionalities for reading and monitoring files. This command reads or monitors the file or system logs from the tail or bottom. The tail command supports options like -f, -c, --verbose, and -q for advanced functionality. It can also be combined with other commands like grep, sort, df, or cat using the pipe (|) operator for extended functionality. By mastering this command, the users can efficiently manage and troubleshoot their Linux systems. 

Linux
30.09.2024
Reading time: 6 min

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start
Email us