tail -f /var/log/syslog do?You run the command tail -f /var/log/syslog in a terminal. What will you see?
tail -f /var/log/syslog
Think about what -f means in tail.
The -f option in tail means 'follow'. It shows the last part of the file and keeps the terminal open to display new lines as they are added, useful for live monitoring.
tail -f /var/log/syslog and the file is deleted?You start tail -f /var/log/syslog. While it is running, the syslog file is deleted by another process. What will tail do?
tail -f /var/log/syslog
Consider how tail -f tracks files by inode, not just name.
tail -f follows the file descriptor. If the file is deleted but recreated with the same name, tail will continue to follow the new file if it detects it.
tail -f to show only lines containing 'error' live?You want to monitor a log file live but only see lines that contain the word 'error'. Which command will do this?
Think about how to keep grep showing matches as they appear.
The --line-buffered option makes grep output lines as soon as they match, which is necessary when piping from tail -f for live filtering.
tail -f stop showing new lines after log rotation?You use tail -f /var/log/app.log to watch a log. After log rotation, no new lines appear. Why?
Think about how log rotation works and how tail -f tracks files.
Log rotation renames or moves the current log file and creates a new one. tail -f keeps following the old file descriptor, so it misses new lines in the new file.
You want to monitor logs live and ensure the tool continues showing new lines even after log rotation. Which tool is best suited?
Consider tools designed for advanced log monitoring beyond basic tail.
multitail can follow multiple files and handles log rotation gracefully, unlike basic tail -f.