How to Use the Command 'tail' (with examples)
The tail command is a powerful utility widely used in Unix-like operating systems to display the last part of a file. Typically, it is used to monitor log files, enabling users to view the most recent updates continuously. Unlike its counterpart head, which displays the beginning of a file, tail focuses on the end. This command can be customized to show a specific number of lines or bytes, and can also follow live updates to files as they change in real-time. The flexibility of tail makes it an indispensable tool for system administrators and developers troubleshooting software or analyzing logs.
Use case 1: Show last ‘count’ lines in file
Code:
tail --lines 10 /var/log/syslog
Motivation:
When troubleshooting system issues or reviewing recent activities, examining the last few lines of log files can provide crucial insights. By specifying the number of lines to display, the tail command helps users quickly access the most recent log entries without overwhelming them with too much data.
Explanation:
--lines 10: This option specifies that the last 10 lines of the file should be displayed. Adjusting the number helps target specific information within logs quickly./var/log/syslog: This is the path to the file from which the lines will be read. It is a common system log file that stores important system messages.
Example Output:
Feb 20 10:10:01 myhost CRON[98765]: (root) CMD (command-to-run)
Feb 20 10:15:01 myhost CRON[98766]: (root) CMD (command-to-run)
Feb 20 10:20:01 myhost CRON[98767]: (root) CMD (command-to-run)
...
Use case 2: Print a file from a specific line number
Code:
tail --lines +5 /etc/passwd
Motivation:
Often in configuration files, the content above a certain line is boilerplate or comments. By beginning to display content from a specific line number, users can bypass irrelevant information to focus directly on the content of interest.
Explanation:
--lines +5: The plus sign before the number indicates that the output should start from the 5th line, proceeding to the end of the file./etc/passwd: This is the path to a file that typically contains user account information, such as usernames.
Example Output:
bin:x:2:2:bin:/bin:/usr/sbin/nologin
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
adm:x:3:4:adm:/var/adm:/usr/sbin/nologin
...
Use case 3: Print a specific count of bytes from the end of a given file
Code:
tail --bytes 100 /var/log/nginx/access.log
Motivation:
Sometimes, the exact amount of data needed is better measured in bytes rather than lines, especially when dealing with binary files or files with long lines. This command can help pinpoint specific data segments in various logs or configuration files easily.
Explanation:
--bytes 100: This flag indicates the number of bytes to display from the end of the file. It provides direct control over the exact size of the data snippet./var/log/nginx/access.log: This is the path to a file where access logs from a web server might be stored, offering records of client requests.
Example Output:
...122.45.89.23 - - [20/Feb/2023:11:22:31 +0000] "GET / HTTP/1.1" 200
Use case 4: Print the last lines of a given file and keep reading it until Ctrl + C
Code:
tail --follow /var/log/auth.log
Motivation:
In scenarios where files are being appended to continuously, such as server logs during runtime, using this command allows you to monitor changes in real-time. It is immensely useful for diagnosing issues as they occur or monitoring ongoing processes.
Explanation:
--follow: With this option,tailwill keep the file open and continually display updated content, akin to a live feed./var/log/auth.log: This is the path to a file used for logging authentication messages, such as login attempts.
Example Output:
Feb 20 11:30:45 myhost sshd[98765]: Accepted password for user from 192.168.1.10 port 54112 ssh2
Feb 20 11:31:12 myhost sshd[98766]: Failed password for invalid user root from 192.168.1.15 port 42156 ssh2
...
Use case 5: Keep reading file until Ctrl + C, even if the file is inaccessible
Code:
tail --retry --follow /var/log/mail.log
Motivation:
For situations where files might briefly become inaccessible (due to network issues or during system maintenance), using this command ensures that monitoring resumes automatically once access is restored, without missing any updates.
Explanation:
--retry: This option makes the command keep trying to access a file even if it becomes inaccessible temporarily.--follow: Continues to display the file as it is updated./var/log/mail.log: A typical log file used to capture mail server activity, ensuring the administrator stays informed of email transmissions and receptions.
Example Output:
Tail: error reading ‘/var/log/mail.log’: file temporarily unavailable
(Trying to reconnect...)
Example output updates automatically once file is available, showing new email server logs:
Feb 20 11:32:05 myhost postfix/smtp[98767]: connect to example.com[93.184.216.34]:25: Connection timed out
Feb 20 11:32:30 myhost postfix/smtp[98767]: disconnect from example.com[93.184.216.34]
...
Use case 6: Show last ’num’ lines in ‘file’ and refresh every ’n’ seconds
Code:
tail --lines 20 --sleep-interval 5 --follow /var/log/apache2/error.log
Motivation:
There can be a need to monitor logs and configuration file updates on a fixed interval basis where events are logged repeatedly. This option helps reduce system load by checking updates at defined intervals rather than continuously.
Explanation:
--lines 20: Displays the last 20 lines from the specified file, giving a brief but substantial look at recent activity.--sleep-interval 5: Sets the refresh interval to every 5 seconds, ensuring that the resource usage remains manageable while still ensuring updated information.--follow: Means that the command should keep running and monitoring the file for updates./var/log/apache2/error.log: Specific path to an error log file for an Apache HTTP server that logs errors encountered during the operation of a web server.
Example Output:
[monitored live output which refreshes every 5 seconds]
Example refreshed view:
[Mon Mar 20 11:35:01.123456 2023] [core:error] [pid 12345:tid 123] (13)Permission denied: AH00016:
...
Conclusion:
With these illustrative use cases, the tail command proves to be a versatile tool for monitoring and managing files in the Unix-like operating systems environment. It offers focused inspection of file content from the end, real-time updates, and controlled interval monitoring, making it an essential ally in system administration and development tasks.
