Quick: What’s the first thing you do when you need to troubleshoot a Linux server? If you answered, “Check log files,” give yourself a cookie because you answered correctly.

A follow up question: What do you do when you need to watch those log files in real time? Do you view that log with the less command and continue a cycle of closing and opening and closing and opening that file until you see what you need? Or do you make use of what many would consider to be a must-use tool within the world of Linux?

Spoiler alert, it’s the latter. The tool in question is called tail. With tail, you can view a Linux log file as the system writes to it in real time. So while you’re trying to troubleshoot that system, you can follow the syslog, the auth.log, faillog, kern.log, or whatever logfile you need to watch. But how do you do this? Let me show you.

Log into your Linux system. Let’s say we’re going to want to watch syslog for anything out of the ordinary. From the bash prompt, issue the command sudo tail -f /var/log/syslog. Once you’ve successfully typed your sudo password, you will see that log file presented to you, in real time. Whenever activity is recorded (such as a user logging in), you will see it appear in the window. Keep watching with tail until you see the output you need to troubleshoot your system. When you’re finished, hit the control X key combination and you’re back to the bash prompt.

With the help of the tail command, troubleshooting Linux servers can be made much more simple. Consider this one of those must-know commands. And don’t forget, for more information about tail, issue the command man tail, so you can get the most out of this tool.