Linux服务器 Linux Log Commands tail command grep command Linux Operations and Maintenance Log Viewing 2025-12-08 86 views

In Linux server management, log files are like “surveillance cameras” that record the running status of the system and applications. When a server encounters an issue, we often need to check the logs to identify the cause. Today, let’s explore several essential log file viewing commands that are easy to learn and apply quickly!

1. tail: Quickly View the End of a File (Most Commonly Used!)

Purpose: View the last few lines of a file, ideal for checking the latest logs (e.g., system errors, application access records).
Basic Syntax: tail [options] filename

Common Parameters:

  • -n <number>: Specify the number of lines to display from the end (default: 10 lines). For example, tail -n 20 shows 20 lines.
  • -f: Real-time monitoring of file changes! For instance, if a website slows down, use tail -f /var/log/nginx/access.log to see the latest access records in real-time, updating like a “live stream.”
  • -q: Suppress the filename display (useful when viewing multiple files simultaneously).

Examples:

# 1. Display the last 5 lines of /etc/passwd (default: 10 lines, here we specify 5)
tail -n 5 /etc/passwd  

# 2. Real-time monitor a log file (e.g., server startup logs)
tail -f /var/log/syslog  

# 3. Show the last 100 lines (explicitly specifying default 10 lines for clarity)
tail -n 100 /var/log/error.log

2. head: Quickly View the Beginning of a File

Purpose: View the first few lines of a file, suitable for checking the “initial part” of logs (e.g., system startup logs).
Basic Syntax: head [options] filename

Common Parameters:

  • -n <number>: Specify the number of lines to display from the start (default: 10 lines).

Examples:

# Display the first 3 lines of the system startup log (dmesg)
head -n 3 /var/log/dmesg  

# Show the first 5 lines of an application's startup log
head -n 5 /var/log/myapp.log

3. cat: View Entire Small Files Quickly

Purpose: Directly output the entire content of a file, ideal for small files (e.g., configuration files, short logs). Avoid using cat for large files, as it will flood the screen.
Basic Syntax: cat filename

Common Parameters:

  • -n: Display line numbers (useful for locating specific content).
  • -b: Display line numbers only for non-empty lines (ignores blank lines).

Examples:

# Directly display the entire authentication log
cat /var/log/auth.log  

# Show line numbers in a configuration file (e.g., /etc/fstab)
cat -n /etc/fstab

4. less: “Slowly Read” Large Files (More Flexible than more)

Purpose: Display file content in pages, supporting up/down navigation and search, perfect for large log files (e.g., multi-GB system logs).
Basic Syntax: less filename

Common Operations:

  • Use / to scroll down/up one line at a time.
  • Press Space to scroll down a page, or b to scroll up a page.
  • Use /<keyword> to search for a keyword (e.g., /error to find “error”), then n to jump to the next match and N to return to the previous one.
  • Press q to exit.

Examples:

# View a large log file (e.g., system service logs)
less /var/log/messages  

# Open a file and search for "warning" directly (case-insensitive: less +/warning filename)
less +/warning /var/log/syslog

5. grep: Filter Logs by Keyword (Must-Learn!)

Purpose: Search for lines containing a specified keyword in a file, often combined with tail/cat (e.g., first tail the last 100 lines, then grep to filter errors).
Basic Syntax: grep [options] keyword filename

Common Parameters:

  • -n: Show line numbers of matching lines.
  • -i: Ignore case (e.g., “error” will match “Error”).
  • -v: Inverse filtering (exclude lines with the keyword, e.g., exclude normal logs to only see errors).
  • -f <file>: Read keywords from a file.

Examples:

# Find all lines containing "error" in the log (with line numbers)
grep -n "error" /var/log/nginx/error.log  

# Case-insensitive search for "warning" (e.g., system warnings)
grep -i "warning" /var/log/syslog  

# Real-time filter for 404 errors (first tail -f the log, then filter 404)
tail -f /var/log/nginx/access.log | grep "404"  

# Exclude lines containing "INFO" (only show non-INFO logs)
grep -v "INFO" /var/log/myapp.log

Pro Tips for Beginners: Boost Efficiency with Combined Commands

  • Real-time view of the latest errors: tail -n 100 /var/log/syslog | grep -i "error" (first get the last 100 lines, then filter errors).
  • Quickly jump to the end of a large file: less +G <log_file> (+G directly jumps to the last line, saving time).
  • Search for issues in the last 24 hours: grep "error" /var/log/syslog | grep $(date -d '1 day ago' +%Y-%m-%d) (combine with date filtering for time-range analysis).

Summary

The above commands cover 90% of daily log viewing scenarios for beginners:
- Real-time monitoring: tail -f
- Quick end-line positioning: tail -n
- Keyword filtering: grep
- Large file pagination: less

Practice these commands with your server logs (or test files) to master them quickly! If you encounter permission issues, remember to use sudo for elevated privileges.

Related Articles

A Comprehensive Guide to Starting and Stopping Linux Services 2025-12-08 System Monitoring Tools: A Guide to Linux Server Performance Viewing 2025-12-08 Linux Service Management: Starting, Stopping, and Checking Status 2025-12-08 Essential for Beginners: 5 Basic Linux Server Commands 2025-12-08 Zero to Hero: A Guide to Installing Linux on a Server 2025-12-08
Xiaoye