The tail command is the opposite of the head command in Unix-like operating systems. It is used to display the last few lines of a file or the last few lines of output from a command. This is particularly useful when working with large files or monitoring real-time output.
tail [OPTION] [FILE...]By default, tail displays the last 10 lines of a file (or files). For example:
tail filename.txtThis will display the last 10 lines of filename.txt.
-
-nor--lines- Used to specify the number of lines to show from the end of the file.
tail -n 20 filename.txt
This will display the last 20 lines of
filename.txt.Alternatively, you can use the shorthand
-noption:tail -20 filename.txt
-
-cor--bytes- Used to display the last N bytes of the file instead of lines.
tail -c 50 filename.txt
This will show the last 50 bytes of the file.
-
-for--follow- Continuously outputs new lines as they are added to a file. This is particularly useful for monitoring log files in real time.
tail -f filename.log
This will display the last 10 lines of
filename.logand then keep the terminal open, showing new lines as they are appended to the file. -
-F(with-f)- Similar to
-f, but it will also check if the file is rotated (e.g., if a log file is renamed and replaced with a new file).-Fwill keep following the file even if it is deleted or moved and a new file is created with the same name.
tail -F /var/log/syslog
This is useful for long-running log monitoring scripts where log files may be rotated.
- Similar to
-
-qor--quiet- Suppresses the filename header when displaying multiple files. Normally, when you provide multiple files,
tailwill display the filename before showing the last lines of each file.
tail -q file1.txt file2.txt
This will display the last 10 lines of both
file1.txtandfile2.txtwithout showing the filenames. - Suppresses the filename header when displaying multiple files. Normally, when you provide multiple files,
-
-vor--verbose- Always displays the filename, even when there is only one file. This is useful when you want to make the output clearer, especially when working with a single file.
tail -v filename.txt
You can display the last few lines from multiple files at once. For example:
tail file1.txt file2.txtThe output will show the last 10 lines from file1.txt, followed by the last 10 lines from file2.txt, and each section will be prefixed with the filename.
-
Display the last 5 lines of a file:
tail -n 5 myfile.txt
-
Display the last 100 bytes of a file:
tail -c 100 myfile.txt
-
Monitor a log file in real time:
tail -f /var/log/syslog
-
Follow multiple log files:
tail -f /var/log/syslog /var/log/auth.log
-
Show the last 10 lines of several files without filenames:
tail -q file1.txt file2.txt
-
Follow a file and handle rotation (with
-F):tail -F /var/log/nginx/access.log
tail is often used in combination with other commands, particularly when working with pipelines. Here are a few examples:
-
Show the last 5 lines of a command's output:
dmesg | tail -n 5This will show the last 5 lines of the
dmesg(kernel message buffer) output. -
Show the last 10 lines of output from a long-running process:
ps aux | tail -n 10 -
Display the last 10 lines of a file and pipe them to another command:
tail -n 10 filename.txt | grep "error"
This shows the last 10 lines of
filename.txtand then filters those lines withgrepto find occurrences of "error".
| Option | Description |
|---|---|
-n N |
Show the last N lines (default is 10). |
-c N |
Show the last N bytes instead of lines. |
-f |
Follow the file and show new lines as they are added. |
-F |
Like -f, but handles log file rotation. |
-q |
Suppress the filename output when showing multiple files. |
-v |
Always print the filename, even for a single file. |
- Log monitoring: It's often used to monitor logs in real time, especially with the
-foption, such as watching system logs, web server logs, or application logs. - Quick inspection: Useful for quickly checking the most recent output or results without opening the entire file.
- File rotation monitoring: The
-Foption allows you to keep an eye on log files that might be rotated, which is useful for long-running processes.
The tail command is a very versatile tool for working with files and real-time output, making it indispensable for system administrators, developers, and anyone who needs to work with large or constantly changing datasets.
The tail command in Unix-like operating systems has several advanced features and options that can be very useful for various tasks. Beyond just displaying the last few lines of a file, you can combine tail with other options to achieve a wide range of behaviors. Let's explore more details about tail, including some lesser-known options and advanced usage scenarios.
-
-nwith+(show from a specific line onwards)- Normally,
-nspecifies how many lines to display from the end of the file. However, if you use a positive value with+, it will show lines starting from a specific line number.
tail -n +20 filename.txt
This will show the file starting from line 20 to the end of the file, not the last 20 lines. This can be particularly useful if you want to skip a certain number of lines at the beginning of the file.
- Normally,
-
-sor--sleep-interval(for-foption)- When you use the
-foption to follow a file in real time, you can control how frequentlytailchecks for new data by using the-soption. This specifies a sleep interval in seconds between each check for new content.
tail -f -s 2 filename.log
This tells
tailto wait for 2 seconds before checking for new lines infilename.log. By default,tail -fchecks every second. - When you use the
-
-vor--verbose- While
-vis used to always display the file name when outputting from multiple files (even if only one file is provided), it can be useful when you're handling several files and want clarity on which file the output is coming from.
tail -v filename.txt
Normally,
tailsuppresses file names when you're working with a single file, but using-vforces it to show the file name. This can be helpful for scripting or when you are following multiple files. - While
-
-f(follow) with multiple files- You can use the
-foption with multiple files. This is useful when you need to monitor more than one file at once, such as log files from different services.
tail -f file1.log file2.log
It will show the last 10 lines of both
file1.logandfile2.log, and then continuously show new lines as they are added to each file. - You can use the
-
--pid(stop following when a process dies)- The
--pidoption can be used with-fto stop following a file when a certain process ID (PID) dies. This is particularly useful in scripts or monitoring tasks where you want to stop following a log file when a related process ends.
tail -f --pid=12345 filename.log
This will keep following
filename.loguntil the process with PID12345terminates. - The
-
Combining
-fwithgrep(real-time filtering)- You can use
tail -fin combination withgrepto filter live logs for specific keywords, which is especially useful for log monitoring. For example, if you want to watch a log for entries related to "error":
tail -f filename.log | grep "error"
This will continuously output any new lines containing "error" as they are added to the file.
- You can use
-
Using
tailwith pipes and redirects- The
tailcommand is commonly used in pipelines to get the last few lines of output from other commands. For example, to see the last 10 lines of a command's output:
dmesg | tail -n 10You can also redirect
tailoutput to another file:tail -n 50 filename.txt > last_lines.txt - The
-
tailwithcatfor quickly viewing the tail of concatenated files- When you want to view the last few lines of multiple files combined, you can use
catalong withtail:
cat file1.txt file2.txt | tail -n 10This will concatenate
file1.txtandfile2.txtand show the last 10 lines of the combined output. - When you want to view the last few lines of multiple files combined, you can use
-
-eoption (for showing file end)- Some versions of
tailsupport the-eoption, which appends a--marker at the end of the output for each file. This is helpful when reading files where the output might be concatenated or merged, especially when monitoring multiple files.
tail -e file1.txt file2.txt
- Some versions of
-
Tail +
watchfor real-time monitoring:- If you want to watch the output of a command continuously at a set interval, you can use the
watchcommand in combination withtail. For example:
watch "tail -n 20 /var/log/syslog"This command will show the last 20 lines of
/var/log/syslogand refresh every 2 seconds. - If you want to watch the output of a command continuously at a set interval, you can use the
-
Tail +
awkfor advanced filtering:awkcan be used to process and filter the data fromtailin real-time. For example, to print only the lines containing a certain keyword, like "error":
tail -f /var/log/syslog | awk '/error/ {print $0}'
-
Tail +
sedfor real-time transformation:- You can also use
sedto modify or format the output in real-time as new lines are added. For instance, to continuously remove any lines that start with "INFO" from a log file:
tail -f /var/log/app.log | sed '/^INFO/d'
- You can also use
-
Monitoring logs in real time:
- The
tail -foption is ideal for monitoring system logs, web server logs, or application logs.
tail -f /var/log/apache2/access.log
- The
-
Watching new file entries:
- If you're working with a large file that is being updated periodically, you can follow its updates live.
tail -f bigfile.txt
-
Getting the latest error entries in real-time from a log:
- You can monitor and highlight new error messages as they are added to a log file.
tail -f /var/log/error.log | grep "ERROR"
-
Post-processing logs with
tail+awk+grep:- Advanced usage where you filter logs by a specific pattern (e.g., error codes or specific terms) and process them in real-time.
tail -f /var/log/system.log | awk '{if ($5 == "ERROR") print $0}'
| Option | Description |
|---|---|
-n +N |
Show lines starting from line N (instead of the last N lines). |
-s N |
Specify the interval (in seconds) for -f to check for new lines. |
-v |
Always print filenames, even with one file. |
--pid=PID |
Stop following the file when the process with PID dies. |
-e |
Mark the end of output with a -- separator (some versions). |
-f (follow) |
Follow a file and continuously output new lines. |
-F |
Follow a file, even if it's rotated or recreated. |
-q |
Suppress filenames when processing multiple files. |
The tail command is not just a simple tool to view the last few lines of a file; it offers a wealth of options and flexibility, especially for monitoring logs, tracking real-time data, and processing large files. By combining tail with other commands like grep, awk, sed, and watch, you can tailor the output to meet specific needs, such as real-time log monitoring, file watching, or advanced filtering and processing. Understanding these advanced tail options can significantly enhance your workflow when working with files and system logs.
The tail command in Unix-like operating systems is used to display the end of a file or the output of a command. It is frequently used to monitor log files, real-time data streams, or to view the last few lines of a file.
Here's a comprehensive guide to the tail command, including options, examples, and advanced use cases.
tail [OPTION] [FILE]...OPTION: Flags to modify the behavior of the command.FILE: The file(s) from whichtailwill display content. If no file is provided, it will read from standard input (stdin).
tail filename- By default,
taildisplays the last 10 lines of the specified file. - Example:
If
tail file.txt
file.txtcontains:The output will be:Line 1 Line 2 Line 3 Line 4 Line 5 Line 6 Line 7 Line 8 Line 9 Line 10 Line 11 Line 12Line 3 Line 4 Line 5 Line 6 Line 7 Line 8 Line 9 Line 10 Line 11 Line 12
tail -n [number] filename-
Use the
-noption to specify how many lines you want to display from the end of the file. -
Example:
tail -n 5 file.txt
This will display the last 5 lines of
file.txt.Output:
Line 8 Line 9 Line 10 Line 11 Line 12 -
Negative Numbers: When a negative number is used, it displays all lines except the first
nlines.tail -n -5 file.txt
This will display all lines except the first 5 lines.
tail -c [number] filename-
This option displays the last N bytes of the file.
-
Example:
tail -c 20 file.txt
If
file.txtcontains:Line 1 Line 2 Line 3 Line 4The last 20 bytes will be displayed, potentially cutting off in the middle of a line if the content isn't aligned with the byte size.
Output:
Line 3 Line 4
tail filename1 filename2 ...- You can provide multiple files as input.
tailwill display the last 10 lines of each file, with a separator that indicates the file name. - Example:
Output:
tail file1.txt file2.txt
==> file1.txt <== Line 8 Line 9 Line 10 Line 11 Line 12 ==> file2.txt <== Line 3 Line 4 Line 5 Line 6 Line 7
The -f (follow) option is one of the most commonly used features of tail. It displays the last few lines of the file and keeps the file open, continuously displaying new lines as they are added. This is especially useful for monitoring logs or streaming data.
tail -f /var/log/syslog-
This command will display the last 10 lines of the
syslogfile and then continue displaying any new lines that are appended to the file. -
Output:
Nov 30 12:35:03 localhost kernel: [123456] some kernel message Nov 30 12:35:04 localhost systemd: Started service Nov 30 12:35:05 localhost apache2: Server started
-
The
-Foption is similar to-f, but it handles missing files more gracefully. If the file is removed and re-created,tail -Fwill continue following it.Example:
tail -F /var/log/syslog
You can also combine the -f option with -n to start viewing the file from a specific line number.
tail -n +50 -f /var/log/syslog- This command will start displaying the file from line 50 and then continue to follow any new lines as they are added.
You can use tail in combination with other commands by piping output to it or piping its output to other commands.
ps aux | tail -n 10- This shows the last 10 processes in the output of the
ps auxcommand.
df -h | tail -n 10- This displays the last 10 lines of the output from the
df -hcommand, showing the disk space usage for mounted filesystems.
When working with continuous data streams, tail is invaluable for monitoring and observing changes in real-time.
echo -e "Line 1\nLine 2\nLine 3\nLine 4\nLine 5" | tail -n 3- This will display the last 3 lines of the piped output.
tail is incredibly useful for monitoring log files, especially when combined with the -f option. You can monitor logs in real-time to track system activity or application behavior.
tail -f /var/log/apache2/access.log- This will show new access requests to your Apache web server as they come in.
tail -f /var/log/syslog- This shows real-time logs related to system events.
tail can also be used to monitor the output of running processes or commands in real-time.
tail -f mycommand.log- If
mycommand.logis being updated by a long-running command,tail -fwill show you new output as it's appended.
You can pipe the output of other commands into tail to get the last few lines of their output.
git log | tail -n 10- This shows the last 10 commits in your Git repository.
If you have a large file and only want to inspect the last part of it (without loading the entire file into memory), tail can be used.
tail -n 50 largefile.txt- Displays the last 50 lines of a large file.
-
head: The counterpart totail. Whiletailshows the end of a file,headshows the beginning.head -n 10 filename.txt
-
more: Allows interactive viewing of large files with pagination.more filename.txt
-
less: Similar tomore, but with more navigation options (up/down scroll).less filename.txt
-
grep: Search for patterns in files and output matching lines.grep "pattern" filename.txt
| Option | Description |
|---|---|
-n [num] |
Display the last num lines of the file. |
-c [num] |
Display the last num bytes of the file. |
-f |
Follow the file in real-time, displaying new lines as they are added. |
-F |
Follow the file, but also handle missing files gracefully. |
-n +[num] |
Start viewing from line num and follow in real-time. |
The tail command is an essential tool for inspecting the end of files and continuously monitoring data streams. It is commonly used in system administration, debugging, and real-time data processing scenarios.
Let me know if you'd like more detailed examples or further explanations!
The tail command in Unix-like operating systems is used to display the last part (typically the last few lines) of a file or the output of a command. It is often used to monitor log files or to view the end of large files, where new data is constantly being appended.
Here’s an in-depth look at all the functionalities and options for the tail command:
tail [OPTIONS] [FILE]...OPTIONS: Flags that modify the behavior of the command.FILE: The file(s) you want to display. If no file is specified,tailreads from standard input (stdin).
By default, tail displays the last 10 lines of the specified file.
tail filename- Example:
This will display the last 10 lines of the
tail /var/log/syslog
syslogfile.
Example Output:
Dec 29 10:00:00 myserver systemd[1]: Started Session 22 of user root.
Dec 29 10:00:05 myserver sshd[22044]: Accepted password for root from 192.168.1.10 port 22 ssh2
Dec 29 10:01:00 myserver systemd[1]: Stopping User Slice of root.
Dec 29 10:01:01 myserver systemd[1]: Removed slice User Slice of root.
The -n option allows you to display a specific number of lines from the end of the file. By default, tail shows 10 lines, but you can specify a different number.
tail -n [num] filename-
Example: Display the last 5 lines:
tail -n 5 filename.txt
-
Negative Numbers: If you use a negative number,
tailwill exclude that many lines from the end of the file.tail -n -5 filename.txt
This will display all lines except the last 5 lines.
The -c option allows you to display the last N bytes of a file instead of lines.
tail -c [num] filename- Example: Display the last 50 bytes of a file:
tail -c 50 filename.txt
This can be useful when dealing with binary files or files that don't contain easily countable lines (e.g., images, compressed files).
The -f option allows you to follow the content of a file as it grows. This is commonly used for monitoring log files in real time, such as when observing system logs or application logs.
tail -f filename-
Example: Monitor a log file (
syslog):tail -f /var/log/syslog
This will show the last 10 lines and then continuously display new lines as they are added to the file.
-
Multiple Files: You can also follow multiple files at once.
tail -f file1.txt file2.txt
-
Real-time Output: The command will display any new lines appended to the file as the file is being written to.
You can use -n with -f to control how many lines you want to display initially, while still following the file as it updates.
tail -n [num] -f filename- Example: Display the last 20 lines of a log file and follow new lines:
This will display the last 20 lines of
tail -n 20 -f /var/log/syslog
/var/log/syslogand keep displaying new lines as they are written to the file.
You can specify more than one file for tail to display. By default, tail will display the last 10 lines of each file, separated by a header indicating the file name.
tail filename1 filename2- Example: Display the last 10 lines of multiple files:
tail file1.txt file2.txt
Output:
==> file1.txt <==
Line 1
Line 2
Line 3
Line 4
Line 5
==> file2.txt <==
Line 1
Line 2
Line 3
Line 4
Line 5
You can follow multiple files at the same time by using -f. This will allow you to monitor several files for changes in real-time.
tail -f file1.txt file2.txt- Example: Monitor multiple log files:
tail -f /var/log/syslog /var/log/auth.log
By default, tail prints headers when multiple files are provided. If you want to suppress the file name headers, use the -q (quiet) option.
tail -q filename1 filename2- Example: Display the last 10 lines of two files without headers:
tail -q file1.txt file2.txt
You can combine tail with grep to monitor logs in real-time for specific keywords or patterns. For example, you might want to monitor a system log for "error" messages as they happen.
tail -f /var/log/syslog | grep "error"This command will show new log entries that contain the word "error" as they are written to /var/log/syslog.
Web server logs can be monitored to see incoming requests or error messages.
tail -f /var/log/apache2/access.logThis will display the last few lines of the access log, and continuously display new requests as they come in.
If you want to follow the log and display all new entries from a certain point onwards, you can use the -n option with -f to show the last few lines and then follow the file.
tail -n 50 -f /var/log/syslogThis will display the last 50 lines of the syslog and follow it in real time for any new log entries.
You can combine tail with other commands using pipes. Here are some common examples:
You can pipe the output of a command to tail to display the last few lines.
ls -l | tailYou can filter log files for specific entries and then view the last few matching entries.
grep "error" /var/log/syslog | tail| Option | Description |
|---|---|
-n [num] |
Display the last num lines (default is 10). |
-c [num] |
Display the last num bytes of the file. |
-f |
Follow the file, displaying new lines as they are added. |
-q |
Suppress file name headers when displaying multiple files. |
-f -n [num] |
Combine -n and -f to display the last num lines and follow the file. |
tail -f /var/log/syslogtail -f /var/log/apache2/access.logtail -f /var/log/syslog /var/log/auth.logtail -n 100 largefile.txtThe tail command is crucial for examining the last few lines of files and for real-time monitoring of continuously updated logs or output streams. Let me know if you'd like to explore any specific use case or command further!
Here’s a detailed and comprehensive guide to the tail command, including advanced options, practical use cases, and command combinations for various tasks:
The tail command is commonly used in Unix-like operating systems (Linux, macOS, etc.) to display the last part of a file or data stream. This is particularly useful when working with large files or data logs, as it allows users to view just the most recent information, such as the last few lines or bytes. The command is also used extensively in log file monitoring and real-time data inspection.
By default, tail shows the last 10 lines of the file. However, it offers a variety of options to customize the output based on the needs of the user.
tail [OPTION]... [FILE]...Where:
- OPTION is one or more command options you can use to modify the behavior of the command.
- FILE refers to the file(s) you want to display the last lines from. If no file is provided,
tailwill read from standard input (stdin).
tail filename- Example: Display the last 10 lines of a file
example.txt:tail example.txt
Explanation:
- By default,
taildisplays the last 10 lines of the file specified.
The -n option allows you to specify how many lines you want to display from the end of a file. By default, this is 10.
tail -n [num] filename- Display the last 5 lines:
tail -n 5 example.txt
- Display the last 100 lines:
tail -n 100 example.txt
- Display the last 50 lines excluding the last 50 lines of the file:
tail -n -50 example.txt
Explanation:
- Positive
-n [num]: Displays the lastnumlines. - Negative
-n -[num]: Displays all lines except the lastnumlines.
Instead of specifying the number of lines, you can use the -c option to display the last N bytes of the file.
tail -c [num] filename- Display the last 50 bytes:
tail -c 50 example.txt
- Display the last 200 bytes:
tail -c 200 example.txt
Explanation:
- The
-coption is useful for inspecting binary files, images, or data where lines don't provide meaningful separation, and you want to focus on a specific byte size.
The -f option allows you to follow the file’s content as it’s written. It’s especially useful for monitoring log files or continuously updated output.
tail -f filenametail -f /var/log/syslogExplanation:
- This command will display the last 10 lines of
/var/log/syslogand then keep monitoring the file, displaying any new lines as they are written to the file. This is useful for log monitoring or real-time tracking of file updates.
You can follow the output from multiple files simultaneously using the -f option. tail will monitor and display updates from all the specified files.
tail -f file1 file2tail -f /var/log/syslog /var/log/auth.logExplanation:
- The
tail -fcommand will display the last 10 lines of each file and will continue monitoring updates in both files simultaneously.
By default, when you monitor multiple files, tail prints the file name as a header before displaying the last lines. If you prefer to suppress this file name output, use the -q (quiet) option.
tail -q file1 file2tail -q /var/log/syslog /var/log/auth.logExplanation:
- This will display the last 10 lines of each file but without any headers for the filenames, making it easier to read the output without extra file names.
You can combine the -n and -f options to follow the file from a specific point. This is useful when you want to see the last N lines of a file and monitor for new data as it’s added.
tail -n [num] -f filenametail -n 20 -f /var/log/syslogExplanation:
- Displays the last 20 lines of
/var/log/syslogand continues to follow the file in real-time as new entries are added.
You can follow a file and display the last N bytes using the -c option with -f. This is useful when working with binary files or logs where you care about the data size rather than the number of lines.
tail -c [num] -f filenametail -c 100 -f /var/log/syslogExplanation:
- This will show the last 100 bytes of the file and continue to monitor it as new data is appended.
You can pipe tail's output into grep to filter and display lines that match a specific pattern.
tail -f filename | grep "pattern"tail -f /var/log/syslog | grep "error"Explanation:
- This command follows
/var/log/syslogand only displays lines that contain the word "error," filtering out all other log lines.
When working with multiple log files, tail becomes especially useful. It can monitor and display updates to multiple files simultaneously, which is ideal for debugging or tracking system health.
tail -f /var/log/syslog /var/log/auth.log /var/log/kern.logThis will display the last 10 lines of each log file and follow updates to all of them, allowing you to track different logs at the same time.
For large files like data dumps, logs, or system outputs, tail helps you quickly locate the most recent changes, which is especially important when dealing with files too large to open entirely in a text editor.
tail -n 1000 largefile.txtExplanation:
- This command will display the last 1000 lines of a file and help you locate the most recent data.
You can pipe the output of tail to grep for a more refined search. This is commonly used for monitoring logs for specific events, errors, or keywords in real time.
tail -f /var/log/syslog | grep "failed"Explanation:
- This will continuously monitor
/var/log/syslogand only display lines containing the word "failed," which is useful for tracking error events, failed logins, or service failures.
-
Monitoring Server Logs in Real Time:
- Keep track of server activities like new user logins, system errors, or service starts.
tail -f /var/log/auth.log
-
Checking Application Logs for Issues:
- Monitor logs of a running application to debug or identify issues.
tail -f /var/log/myapp.log
-
Watching for New Data in Files:
- Continuously watch for new data being written to a file.
tail -f data.csv
-
Processing Data Streams:
- Combine
tailwith other tools (e.g.,grep,awk,sed) to process data streams.
tail -f /var/log/syslog | grep "warning"
- Combine
| Option | Description |
|---|---|
-n [num] |
Display the last num lines. |
-c [num] |
Display the last num bytes. |
-f |
Follow the file, continuously displaying new lines. |
-q |
Suppress file name headers when displaying multiple files. |
-n -[num] |
Exclude the last num lines from the display. |
-n [num] -f |
Show the last num lines and follow the file in real-time. |
The tail command is a powerful tool for inspecting the end of files, real-time log monitoring, and processing continuous data streams. It can be used to track system behavior, monitor services, or check for issues in long-running applications.