Linux tail Command: 20+ Practical Examples, Real-Time Monitoring & Troubleshooting
The tail command in Linux is a powerful tool for displaying the last lines of a file, monitoring real-time log updates, and troubleshooting system issues. It is widely used by system administrators to analyze logs, diagnose server problems, and ensure smooth operations.
In this guide, we will explore:
✅ The syntax and options of the tail command
✅ Practical use cases with real-world examples
✅ Advanced troubleshooting techniques for system logs
✅ Automation and scripting with tail
By the end of this article, you will have a solid understanding of how to leverage tail for system monitoring and debugging.
Table of Contents
1. Introduction to the tail Command
The tail command in Linux allows users to:
- View the last N lines of a file
- Monitor logs in real-time (
-foption) - Track system performance and errors
- Extract information from large files
Common use cases include:
✔ Checking system logs (e.g., /var/log/syslog)
✔ Debugging failed services
✔ Monitoring security incidents
2. Basic Syntax and Options
The general syntax of the tail command is:
tail [OPTIONS] [FILE]
Common Options:
| Option | Description |
|---|---|
-n N | Show last N lines |
-f | Monitor file in real-time |
-c N | Display last N bytes |
--pid=P | Stop when process P exits |
Example:
tail -n 20 /var/log/syslog
Displays the last 20 lines of the system log file.
3. Displaying the Last N Lines of a File
By default, tail shows the last 10 lines. To modify:
tail -n 50 file.txt
or
tail -50 file.txt
This prints the last 50 lines.
4. Real-Time Log Monitoring with -f
The -f option is crucial for monitoring live logs.
tail -f /var/log/syslog
💡 Press CTRL+C to stop.
To track a log until a process stops, use:
tail -f /var/log/syslog --pid=1234
5. Using tail with Piping and Grep
To filter specific log entries:
tail -f /var/log/syslog | grep "error"
🔍 Only shows lines containing “error”.
6. Displaying Multiple Files
View multiple logs together:
tail -n 5 file1.txt file2.txt
7. Ignoring Bytes Instead of Lines
Instead of lines, extract N bytes:
tail -c 200 file.txt
8. Advanced Filtering with head and tail
Extract lines 10-20:
head -n 20 file.txt | tail -n 10
9. System Log Monitoring for Troubleshooting
Track real-time system events and failures:
sudo tail -f /var/log/syslog
Example Output:
Feb 19 12:00:30 server01 systemd[1]: apache2.service failed
💡 Restart Apache:
sudo systemctl restart apache2
10. Debugging SSH Login Failures
If users can’t log in:
sudo tail -f /var/log/auth.log
Feb 19 12:05:00 server01 sshd[1234]: Failed password for invalid user admin
💡 Block attacker:
sudo fail2ban-client set sshd banip 192.168.1.50
11. Monitoring High CPU Usage
Check CPU-related errors:
sudo tail -f /var/log/kern.log
CPU1: Soft lockup - stuck for 22s!
💡 Identify process:
ps aux --sort=-%cpu | head -5
12. Investigating Web Server Errors
Monitor Apache/Nginx errors:
sudo tail -f /var/log/nginx/error.log
💡 Fix timeout errors:
proxy_read_timeout 60;
sudo systemctl reload nginx
13. Tracking Disk Space Issues
sudo tail -f /var/log/syslog | grep -i "disk"
💡 Free space:
sudo rm -rf /var/log/*.gz
14. Blocking Malicious Activity
Monitor repeated 404 attacks:
sudo tail -f /var/log/nginx/access.log | grep "404"
💡 Block IP:
sudo iptables -A INPUT -s 203.0.113.50 -j DROP
15. FAQs on tail Command
Q1: What is the default number of lines displayed by tail?
10 lines
Q2: How to monitor a log file continuously?
Use:
tail -f /var/log/syslog
Q3: How to stop tail -f?
Press CTRL+C
Q4: Can tail be used in shell scripts?
Yes, for automating log monitoring.
Q5: How to check the last 100 bytes of a file?
tail -c 100 file.txt
Conclusion
The tail command is an essential Linux utility for log monitoring, debugging, and real-time troubleshooting. Whether you’re analyzing logs, fixing SSH issues, or blocking attackers, mastering tail will improve your Linux administration skills.
🚀 Use tail like a pro and keep your servers running smoothly!
Comments (0)