Linux is a family of open-source Unix-like operating systems, such as Debian, Ubuntu, CentOS, and many others. When working with these OSes, we would usually use commands to operate the system and perform tasks like reading, writing, or viewing files, creating, and managing folders. System administrators often need to check system log files or read specific files, and the command tail
is one of the essential tools for this purpose.
The tail
command in Linux complements the cat
and head
commands used for reading files. While these commands start reading files from the beginning, the tail
command reads or monitors files from the end or bottom.
The basic syntax to use the tail
command in Linux is as follows:
tail [Option] [File Name]
The following are a few options that can be used with the Linux tail
command:
Option |
Description |
|
Show the output depending on the number of bytes provided. |
|
Continue to show output as the file grows, follow the output |
|
Output the last specified number of lines instead of 10. |
|
Terminate output after process ID when used with the -f option. |
|
Skip the header that shows the file name. |
|
Add sleep intervals between iterations. |
|
Add a header that contains the file name. |
|
Open help information related to the command. |
Let’s move forward to check the practical administrative uses of this command.
The tail
command Linux is commonly used by administrators to monitor the system logs, debug the system by reading the debug.log
file, and check the authorization or authentication through the auth.log
file. Here are some basic practical examples of using this command in Linux. For demonstration, this blog uses cities.txt
and countries.txt
files.
In Linux, files are normally read using the cat
command. However, the cat command simply reads and displays the complete file content from the start:
cat cities.txt
In contrast, the command tail in Linux reads the file from the end or bottom. By default, it displays the last 10 rows of the file. To use this command, execute the tail <file-name>
:
tail cities.txt
To start reading a file from the desired line number, simply use +NUM
with the command:
tail +60 cities.txt
Here, the result displays the entries from line 60 and onward:
To read or display specified numbers of lines from the tail or bottom, utilize the -n <number of lines>
argument with the command as shown below:
tail -n 15 cities.txt
The output displays the last 15 lines of the cities.txt
file:
Users can also monitor multiple files through the Linux tail command. For this purpose, utilize tail <file1-name> <file2-name> <file3-name>
command:
tail cities.txt countries.txt
This command displays the last 10 entries of provided files and also adds the filename in headers before displaying file entries:
Let’s check out the advanced administrative uses of the tail in Linux through the below section.
The tail
Linux command is more than just viewing the last few lines of the file. It is used for real-time monitoring, managing the output based on bytes, processes, and sleep time intervals. These all advanced options are used to monitor logs and manage the application behaviors.
Let’s check some advanced practical illustrations of the command.
To get the output by providing the number of the bytes, use the -c <number of bytes>
option:
tail -c 50 cities.txt
The below output shows the specified number of bytes from the bottom instead of lines:
The -v
or --verbose
option is used to add the header while displaying the result. The header contains the file name. For demonstration, use the tail -v <file-name>
command:
tail -v cities.txt
Administrators are often needed to monitor the system in real-time, check application behavior, or debug errors. For this purpose, they usually need to view system logs. In Linux, all log files are located in the /var/log
directory. To open and view the log directory, utilize the following commands:
cd /var/log
ls
To monitor the logs in real-time, use the -f
or --follow
argument with the tail:
tail -f /var/log/syslog
As files or logs grow, these are displayed on the screen continuously as shown below:
Use the -s <time-interval>
argument to add the sleep interval between the iteration while monitoring the logs or file in real-time:
tail -f -s 5 /var/log/syslog
To read or monitor the file in quiet mode or to skip the header while viewing multiple files, utilize the -q
option:
tail -q cities.txt countries.txt
Here, the output shows the last 10 lines of the cities.txt
and countries.txt
files but skips the headers of the files:
The Pipe (|
) operator enables us to pass the output of the first command to the second command. It permits the users to use multiple commands at one time. Similarly, the tail Linux can also be used with some other commands such as the grep
command to search specific logs or the sort
command to sort the order. Moreover, users can use the tail command with Docker logs to see the latest logs from a Docker container.
Let’s go through the following examples for demonstration.
To search the specific words from the end of the file or a specified number of files from the bottom, use the following command:
tail -n 20 cities.txt | grep "Bangor"
In this command, the tail extracts the last 20 lines from the file, and then the output is piped out through the pipe operator, and the grep
command filters the specified word from the output:
To sort the output produced from the tail in reverse order, utilize the following command:
tail -n 6 cities.txt | sort -r
To check the logs of a specific date from the log file, first, extract the logs and then filter the log of the date through the grep
command:
tail /var/log/syslog | grep "2024-09-22"
The tail
command in Linux is a powerful tool for system administrators and Linux users, providing both basic and advanced functionalities for reading and monitoring files. This command reads or monitors the file or system logs from the tail or bottom. The tail
command supports options like -f
, -c
, --verbose
, and -q
for advanced functionality. It can also be combined with other commands like grep
, sort
, df
, or cat
using the pipe (|
) operator for extended functionality. By mastering this command, the users can efficiently manage and troubleshoot their Linux systems.