How to use tail Command to See Logs In Real Time
About tail command
tail outputs the last part, or "tail", of files. It can also monitor new information written to the file in real time, displaying the newest entries in a system log, for example.
Syntax
tail [{-c |--bytes=}num] [-f] [--follow[={name|descriptor}]]
[-F] [{-n |--lines=}num] [--max-unchanged-stats[=num]]
[--pid=pid] [{-p|--quiet|--silent}] [--retry]
[{-s |--sleep-interval=}num] [{-v|--verbose}] [file ...]
Monitoring ssh log via tail
tail -f /var/log/auth.log
Output:
root@webleit:~# ./tail-auth-log
Feb 23 13:16:36 webleit sshd[5526]: Received disconnect from 172.92.151.71 port 55252:11: Bye Bye [preauth]
Feb 23 13:16:36 webleit sshd[5526]: Disconnected from invalid user 172.92.151.71 port 55252 [preauth]
Feb 23 13:17:01 webleit CRON[5528]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 23 13:17:01 webleit CRON[5528]: pam_unix(cron:session): session closed for user root
Feb 23 13:25:12 webleit sudo: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/su
Feb 23 13:25:12 webleit sudo: pam_unix(sudo:session): session opened for user root by sonik(uid=0)
Feb 23 13:25:12 webleit su[5551]: Successful su for root by root
Feb 23 13:25:12 webleit su[5551]: + /dev/pts/0 root:root
Feb 23 13:25:12 webleit su[5551]: pam_unix(su:session): session opened for user root by sonik(uid=0)
Feb 23 13:25:12 webleit su[5551]: pam_systemd(su:session): Cannot create session: Already running in a session