Linux Tail Command

Linux Tail Command: Small Tricks to Master the Shell

The tail command is a very useful Linux command when working with files. Do you want to know how to use it at its best? Keep reading 🙂

The Linux tail command allows to see the last lines of a text file in Linux. A scenario in which this can be extremely useful is when working with application logs. The tail command can also be used together with the pipe to filter the output of another command.

The basic usage of the tail command is pretty straightforward but in this tutorial we will look at practical use cases that make tail pretty handy.

Let’s get started!

Tail a Given Number of Lines From a File

I have created a file called tail.txt where every line is a number between 1 and 10.

$ cat tail.txt 
1
2
3
4
5
6
7
8
9
10 

The output we get when we pass this file to the tail command is the following:

$ tail tail.txt 
1
2
3
4
5
6
7
8
9
10 

Interesting, the output is the same of the first cat command.

Let’s see what happens if we add two extra lines to our file with the numbers 11 and 12.

We then run the tail command again…

$ tail tail.txt
3
4
5
6
7
8
9
10
11
12 

This time you can see that the first two lines of the file are missing. That’s because…

The tail command returns by default the last 10 lines of a file.

What if we want to return only the last 5 lines?

You can use the following syntax:

$ tail -5 tail.txt
8
9
10
11
12 

In the same way…

To get the last 100 lines of a file using the Linux tail command you can use the command tail -100 <filename>.

Running the Linux Tail Command in Real Time

The tail command gets very handy when you start using it to see how a text file gets updated in real time.

Imagine you have a log file where you application writes and you want to tail it continuously instead of running the tail command multiple times.

This can be useful to give you an understanding of the traffic received by your application in real-time.

To monitor a log file (or text file in general) in real time you use the following tail command:

tail -f <filename>

Let’s assume the name of the log file of our application is application.log and it has the following content:

$ cat application.log
Request received by user1
Profile for user1 retrieved
Profile for user1 updated 

Now, in one shell run the following command:

$ tail -f application.log

Then open a second shell (or terminal) and run the following command to add a new line at the end of our log file.

$ echo "Application closed by user1" >> application.log 

In the first terminal you will see the following:

$ tail -f application.log 
Request received by user1
Profile for user1 retrieved
Profile for user1 updated

Application closed by user1 

Note: after running the tail -f command in the first terminal I have hit Enter once to create a visual gap after the existing lines of our log file. That’s a common approach used to clearly see any new lines added to the log file.

To stop or exit the execution of the tail -f command use CTRL+C.

Using the Linux Tail Command with the Pipe

Before we have seen that to get the last n lines of a file using tail you can run the command below:

tail -n <filename>

It’s also possible to get the same output by using the Linux pipe and the cat command.

cat <filename> | tail -n

Let’s see how this works with our application.log file.

$ tail -3 application.log      
Profile for user1 retrieved
Profile for user1 updated
Application closed by user1
$ 
$ cat application.log | tail -3
Profile for user1 retrieved
Profile for user1 updated
Application closed by user1 

You can see that the output of the two commands is identical. In the second scenario the pipe takes the output of the cat command and passes it as input to the tail command.

The Linux pipe is used to send the output of the command before the pipe to the input of the command that follows the pipe.

Using Tail with the Linux Grep Command

Why would you use the grep and the tail commands together?

Imagine you have an application that writes hundreds of lines every minute to a log file and you only want to see any new log entries based on a specific criteria.

For example, you want to see all the log entries related to user2 but not the ones for user1.

Open one terminal and run the following command:

$ tail -f application.log | grep user2 

Then in a second terminal run the following echo commands to add four new lines at the end of the application.log file:

$ echo "Application opened by user1" >> application.log 
$ echo "Application opened by user2" >> application.log
$ echo "Application closed by user1" >> application.log 
$ echo "Application closed by user2" >> application.log 

Before continuing verify with the cat command that the four lines have been added at the end of the application.log file.

Now, open the first terminal where you were running the tail -f command.

What do you see?

$ tail -f application.log | grep user2

Application opened by user2
Application closed by user2

You only see the lines that contain the string user2 because we have used the grep command to filter the output of the tail command.

This command would make a huge difference in finding the informations you are looking for in a log file because it would ignore any lines you are not interested in.

A common way to track the lines in the log of an application related to a specific request is to:

  • Assign a unique ID to the request.
  • Log the unique ID in each line of the application log.
  • Grep for lines that contain the specific request ID.

How to Monitor Multiple Files Using the Tail Command

A common standard for applications is to have an application log and an error log.

The error log is used to keep application errors in a single place to make the process of troubleshooting application errors easier.

Create a file called error.log using the touch command and then add two lines to the file using the echo command.

$ touch error.log
$ echo "Error1" >> error.log 
$ echo "Error2" >> error.log
$ cat error.log 
Error1
Error2 

To apply the tail command to two files at the same time you can use the following command:

tail -f <filename1> <filename2>

Now we will use the tail command to monitor the content of the application.log and error.log files at the same time.

$ tail -f application.log error.log 

==> application.log <==
Request received by user1
Profile for user1 retrieved
Profile for user1 updated
Application closed by user1
Application opened by user1
Application opened by user2
Application closed by user1
Application closed by user2 

==> error.log <==
Error1
Error2 

Add a new line at the end of the error.log file.

$ echo "Error3" >> error.log  

Notice how the new line becomes visible in the first terminal where you are running the tail command.

Conclusion

After this tutorial you should have a good understanding of how tail works and how you can also use it to monitor files in real-time.

You also know how to use tail to monitor multiple files at the same time.

Share knowledge with your friends!

Leave a Reply

Your email address will not be published. Required fields are marked *