tail Command in Linux Explained [With Examples]

When talking about viewing files in Linux, common commands that come to our picture are cat, more, less, head, and tail. Each command has its own unique features where it standout. Here we are going to learn about tail command in Linux.

The tail command is a powerful tool used in Linux, primarily used to view the end of files. This comes useful to track growing files such as log files. By default tail display the last 10 lines to the standard output.

So tail would be the best tool to check the most recent entries in a file.

Syntax and Options

The basic syntax of Linux tail command:

tail [OPTION]... [FILE]...

Where,

• [FILE]... : Specific file or files you want to view the end of.
• [OPTIONS]... : This changes the behavior of the command. Let's look at some of the commonly used options:
  • -n : Specific number of last lines to print.
  • -f or --follow : Follow the file. ie Display added data of the file.
  • -F or --follow=name --retry : Same follow file same time watch for the file if it's inaccessible ( for example file got deleted).
  • q : Useful when viewing multiple files to remove headers.
  • v : For a single file this print the name of the file in the first line of the output.
  • -s or --sleep-interval=N : This is used with -f option to specify the time interval to check for new lines.
  • -c : Display the last specified number of K bytes.

Practical Usage of tail Command

Let's look into detail how we can use practical use tail for viewing and monitoring.

Viewing the End of a Text File

One purpose of tail command is to view and manipulate the number of lines at the end of the file.

To illustrate we have a sample file with 11 lines.

cat country.txt

Example:

tail country.txt

This command prints the last 10 lines of the file named country.txt. As mentioned before this is the default behavior of the tail command.

You can use -n to manipulate this default value.

tail -n 4 country.txt
or 
tail -4 country.txt

This print the last 4 number of lines of the file named country.txt

One practical example is where you need to print the last 100 lines from /var/log/syslog file:

tail -n 100 /var/log/syslog

Using + operator you can specify the starting line number where tail command needs to start reading.

Example:

tail +5 number.txt
or
tail -n +5 number.txt 

This command print from line number 5 to till end of the file.

You can use -c option ie Byte Offset which allows specifying the number of bytes instead of lines.

tail -c -6 country.txt
or
tail -c 6 country.txt 

This command display the last 6 bytes of the file named country.txt.

With the positive number, it prints file content after skipping that number of bytes from the start of the file.

tail -c +6 country.txt 

Tail -f

The tail -f command is used to continuously monitor a file to display newly added data of the file. This comes more useful for log file monitoring. You can watch each new entries in real-time.

Example:

tail -f /var/log/syslog

This command print the last 10 lines of the file /var/log/syslog and then tail will wait for the new entries.

The tail -f will keep watching for new entries unless you press Ctrl+C to stop it. On this tail -f will clear the screen and you won't be able to navigate or see the data on the terminal. Then the only option see the data would be to open the file with any file content viewer. Alternatively, you can use less +F.

Using tail -F for Persistent File Tracking

The tail -f won't be able to watch new entries if the file is replaced or deleted. That means tail -f follows the file descriptor. The fail -F (or --follow=name --retry) follows the filename. That means even if you replace or delete the file it wait for the data.

Example:

tail -F /var/log/syslog

This command performs a persistent monitoring of /var/log/syslog file, even if this recreated tail will watch new entries. This comes useful for logs especially when it has log rotations.

Multiple Files

The tail command allows multiple files to be passed as arguments to it. This will list each file's last 10 lines. There will be a header before each file entry showing its filename.

tail food.txt country.txt 

You can use -q option if you want to remove headers, then look more neat.

tail -q food.txt country.txt

This prints the last 10 lines of both files without displaying the filenames.

Multiple files come most useful when using tail -f. This way you can monitor multiples files in real time.

Example:

sudo tail -f -n 5 /var/log/dmesg /var/log/syslog

This command prints the last 5 lines from /var/log/dmesg and /var/log/syslog file and then continuously waits for new entries in both files.

Adjusting the Sleep Interval with -s

The -s option only applies for tail -f or tail -F command. When we run tail -f by default the command check for new entries every one second. We can adjust this interval using the -s option.

Example:

tail -f -s 5 /var/log/dmesg

This command checks every 5 seconds for new lines in /var/log/dmesg file. This helps to check files that don't have updates very often.

Combining tail with Other Linux Commands

The tail command can be combined with other Linux commands to archive complex tasks. Mostly it is combined with commands such as grep, awk, or head.

With grep:

tail -n 100 /var/log/syslog | grep failed

This find lines containing the pattern 'failed' in the last 100 lines of the file /var/log/syslog.

With sort:

tail –n 5 country.txt | sort

This prints the last 5 lines and sort them alphabetically from the country.txt file

With head:

tail –n +5 country.txt | head –n 2

This command first gets all lines starting from line 5 from the country.txt file and then prints the first two lines from those.