tail Command Syntax
The syntax of the tail command is similar to other Linux commands:
$ tail [OPTIONS] [FILE-1] [FILE-2] ...
1. Print Last 10 Lines Of File in Linux
By default, the tail command prints the last 10 lines of the given file as shown.
$ tail /var/log/secure
Apr 2 14:17:24 Tect sshd[201178]: Disconnected from user tecmint 192.168.0.162 port 59774
Apr 2 14:17:24 Tect sshd[201165]: pam_unix(sshd:session): session closed for user tecmint
Apr 2 14:29:12 Tect sshd[201366]: Accepted password for tecmint from 192.168.0.162 port 56378 ssh2
Apr 2 14:29:12 Tect systemd[201371]: pam_unix(systemd-user:session): session opened for user tecmint(uid=1002) by (uid=0)
Apr 2 14:29:12 Tect sshd[201366]: pam_unix(sshd:session): session opened for user tecmint(uid=1002) by (uid=0)
Apr 2 14:29:12 Tect sshd[201382]: Received disconnect from 192.168.0.162 port 56378:11: disconnected by user
Apr 2 14:29:12 Tect sshd[201382]: Disconnected from user tecmint 192.168.0.162 port 56378
Apr 2 14:29:12 Tect sshd[201366]: pam_unix(sshd:session): session closed for user tecmint
Apr 2 15:12:55 Tect sshd[202049]: Accepted password for root from 192.168.0.162 port 53334 ssh2
Apr 2 15:12:55 Tect sshd[202049]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
Here, we can see that the above command shows the last ten lines from the /var/log/secure file.
2. Print Last N Lines of File in Linux
In the last example, the command prints the last 10 lines of the given file. However, we can use the -n option which allows us to limit the number of lines to be printed on the screen as shown.
$ tail -n 3 /var/log/secure
Apr 2 14:29:12 Tect sshd[201366]: pam_unix(sshd:session): session closed for user tecmint
Apr 2 15:12:55 Tect sshd[202049]: Accepted password for root from 192.168.0.162 port 53334 ssh2
Apr 2 15:12:55 Tect sshd[202049]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
In this example, we can see that now the command shows the last three lines only instead of the ten lines.
3. Ignore First N Lines of a File in Linux
Here, we can use the plus (+) symbol with the -n option, which allows us to control the starting point from the given file.
To understand this, let’s use the +5 value to start the output from the 5th line:
$ tail -n +5 /var/log/secure
Apr 2 14:17:24 Tect sshd[201178]: Disconnected from user tecmint 192.168.0.162 port 59774
Apr 2 14:17:24 Tect sshd[201165]: pam_unix(sshd:session): session closed for user tecmint
Apr 2 14:29:12 Tect sshd[201366]: Accepted password for tecmint from 192.168.0.162 port 56378 ssh2
Apr 2 14:29:12 Tect systemd[201371]: pam_unix(systemd-user:session): session opened for user tecmint(uid=1002) by (uid=0)
Apr 2 14:29:12 Tect sshd[201366]: pam_unix(sshd:session): session opened for user tecmint(uid=1002) by (uid=0)
Apr 2 14:29:12 Tect sshd[201382]: Received disconnect from 192.168.0.162 port 56378:11: disconnected by user
Apr 2 14:29:12 Tect sshd[201382]: Disconnected from user tecmint 192.168.0.162 port 56378
Apr 2 14:29:12 Tect sshd[201366]: pam_unix(sshd:session): session closed for user tecmint
Apr 2 15:12:55 Tect sshd[202049]: Accepted password for root from 192.168.0.162 port 53334 ssh2
Apr 2 15:12:55 Tect sshd[202049]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
4. Show Last N Characters of the File
Similar to lines, we can also use the command to display the last N characters of the file using the -c option as shown below:
$ tail -c 7 /var/log/secure
(uid=0)
In this example, we can see that the command shows the last seven ASCII characters of the given file.
5. Remove First N Characters of File
Similarly, we can use the plus symbol (+) with the -c option to skip the first N character. So let’s skip the first line of the file using the below command:
$ tail -c +5 /var/log/secure
Apr 2 03:02:59 TecMint sudo[162801]: root : TTY=pts/2 ; PWD=/root ; USER=root ; COMMAND=/bin/dnf install R
Apr 2 03:02:59 TecMint sudo[162801]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0)
Apr 2 03:03:02 TecMint sudo[162801]: pam_unix(sudo:session): session closed for user root
Apr 2 03:11:17 TecMint groupadd[163602]: group added to /etc/group: name=avahi, GID=70
Apr 2 03:11:18 TecMint groupadd[163602]: group added to /etc/gshadow: name=avahi
Apr 2 03:11:18 TecMint groupadd[163602]: new group: name=avahi, GID=70
Apr 2 03:11:19 TecMint useradd[163610]: new user: name=avahi, UID=70, GID=70, home=/var/run/avahi-daemon, shell=/sbin/nologin, from=none
Apr 2 03:13:41 TecMint groupadd[163704]: group added to /etc/group: name=colord, GID=986
Apr 2 03:13:41 TecMint groupadd[163704]: group added to /etc/gshadow: name=colord
Here, we can see that the command shows all the lines except the first line.
6. Show File Name in Header
We can instruct the tail command to display the current file name as a display header, which comes in handy while working with multiple files.
So, let’s use the -v option to enable the display header:
$ tail -n 3 -v /var/log/secure
==>/var/log/secure <==
Apr 2 14:29:12 TecMint sshd[201366]: pam_unix(sshd:session): session closed for user tecmint
Apr 2 15:12:55 TecMint sshd[202049]: Accepted password for root from 192.168.0.162 port 53334 ssh2
Apr 2 15:12:55 TecMint sshd[202049]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
In the above output, ==> /var/log/secure <== represents the display header.
7. Show File Name as Header in Multiple Files
Just like any other file-processing command, we can also use multiple files with the tail command. In such cases, the display header gets used to separate the file contents.
$ tail -n 3 -v /var/log/secure /var/log/secure-20230402
==> /var/log/secure <==
Apr 2 14:29:12 TecMint sshd[201366]: pam_unix(sshd:session): session closed for user tecmint
Apr 2 15:12:55 TecMint sshd[202049]: Accepted password for root from 192.168.0.162 port 53334 ssh2
Apr 2 15:12:55 TecMint sshd[202049]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
==> /var/log/secure-20230402 <==
Mar 31 03:50:53 TecMint groupadd[156163]: new group: name=docker, GID=987
Mar 31 04:46:11 TecMint sshd[159403]: Accepted password for root from 192.168.0.162 port 46480 ssh2
Mar 31 04:46:11 TecMint sshd[159403]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
In the above output, we can see the display header for each file.
8. How to Disable Display Header in File
In the previous example, we saw that the command enables the display header while working with multiple files. However, we can suppress this default behavior using the -q option.
$ tail -q -n 3 /var/log/secure /var/log/secure-20230402
Apr 2 14:29:12 TecMint sshd[201366]: pam_unix(sshd:session): session closed for user tecmint
Apr 2 15:12:55 TecMint sshd[202049]: Accepted password for root from 192.168.0.162 port 53334 ssh2
Apr 2 15:12:55 TecMint sshd[202049]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
Mar 31 03:50:53 TecMint groupadd[156163]: new group: name=docker, GID=987
Mar 31 04:46:11 TecMint sshd[159403]: Accepted password for root from 192.168.0.162 port 46480 ssh2
Mar 31 04:46:11 TecMint sshd[159403]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
Here, we can see that now the command displays the file contents one after another without any display header.
9. How to Watch a File for Changes
So far we saw that the tail command exits once it processes the required number of lines or characters. However, sometimes we want to view the newly generated logs as well.
In such cases, we can use the -f option with the command, which allows us to monitor the file for changes in a real-time.
To understand this, first, let’s execute the below command in the first terminal:
$ tail -f /var/log/messages
Apr 2 15:13:28 Tect NetworkManager[741]: [1680462808.8441] policy: set-hostname: current hostname was changed outside NetworkManager: 'TecMint'
Apr 2 15:13:28 Tect systemd[1]: Starting Network Manager Script Dispatcher Service...
Apr 2 15:13:28 Tect systemd[1]: Started Network Manager Script Dispatcher Service.
Apr 2 15:13:37 Tect arpwatch[11001]: rename arp.dat -> arp.dat-: Operation not permitted
Apr 2 15:13:38 Tect systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully.
Apr 2 15:13:58 Tect systemd[1]: systemd-hostnamed.service: Deactivated successfully.
Apr 2 15:18:03 Tect systemd[1]: Starting dnf makecache...
Apr 2 15:18:03 Tect dnf[202235]: Metadata cache refreshed recently.
Apr 2 15:18:03 Tect systemd[1]: dnf-makecache.service: Deactivated successfully.
Apr 2 15:18:03 Tect systemd[1]: Finished dnf makecache.
Here, we can see that the command is waiting infinitely after displaying the last ten lines:
Next, let’s open another terminal and append some text to the numbers-2.txt file:
$ echo "View Logs in Real-Time" >> /var/log/messages
Now, let’s switch to the first terminal to view the newly added text:
$ tail -f /var/log/messages
Apr 2 15:13:28 Tect NetworkManager[741]: [1680462808.8441] policy: set-hostname: current hostname was changed outside NetworkManager: 'TecMint'
Apr 2 15:13:28 Tect systemd[1]: Starting Network Manager Script Dispatcher Service...
Apr 2 15:13:28 Tect systemd[1]: Started Network Manager Script Dispatcher Service.
Apr 2 15:13:37 Tect arpwatch[11001]: rename arp.dat -> arp.dat-: Operation not permitted
Apr 2 15:13:38 Tect systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully.
Apr 2 15:13:58 Tect systemd[1]: systemd-hostnamed.service: Deactivated successfully.
Apr 2 15:18:03 Tect systemd[1]: Starting dnf makecache...
Apr 2 15:18:03 Tect dnf[202235]: Metadata cache refreshed recently.
Apr 2 15:18:03 Tect systemd[1]: dnf-makecache.service: Deactivated successfully.
Apr 2 15:18:03 Tect systemd[1]: Finished dnf makecache.
View Logs in Real-Time
No comments:
Post a Comment