Linux Survival Basics
Read-only, can be slowWatch Logs Without Opening the Whole File
You need to watch recent log lines while reproducing a service, script, or web request failure.
Command
tail -n 80 -f /var/log/nginx/error.logBefore you run this
System impact: Read-only. Can create load on large logs, directories, filesystems, or process tables.
When not to use it: Do not leave noisy log tails running forever on a shared terminal. Be careful copying log output because it may contain URLs, tokens, usernames, or internal paths.
Expected output
Recent log lines followed by new lines as they are written.
System impact
Read-only, can be slow. Nothing changes. The command streams the end of the file so new failures are visible immediately.
May require elevated permissions on protected paths or service-owned files.
Scope this to the smallest useful path or service on busy systems.
When to use it
Use this while reproducing a web server, script, cron, or service failure so the new line appears as the failure happens.
When not to use it
Do not leave noisy log tails running forever on a shared terminal. Be careful copying log output because it may contain URLs, tokens, usernames, or internal paths.
Recovery / rollback
Press Ctrl-C to stop following the file.
Explanation-only example
Illustrated output, not a live lab run
This example is intentionally illustrative. It shows the command shape without killing real processes or changing your machine.
$ tail -n 20 /var/log/nginx/error.log
2026/06/25 10:00:01 [notice] 11#11: start worker process
2026/06/25 10:01:42 [error] 11#11: *7 connect() failed (111: Connection refused) while connecting to upstream
2026/06/25 10:02:05 [warn] 11#11: upstream server temporarily disabled
2026/06/25 10:03:16 [error] 11#11: *9 access forbidden by rule, client: 203.0.113.44
2026/06/25 10:04:33 [error] 11#11: *10 upstream timed out while reading response header$ sh -c "(sleep 1; printf '2026/06/25 10:05:01 [error] 11#11: demo upstream reset\n' >> /var/log/nginx/error.log) &"
$ tail -n 80 -f /var/log/nginx/error.log
2026/06/25 10:00:01 [notice] 11#11: start worker process
2026/06/25 10:01:42 [error] 11#11: *7 connect() failed (111: Connection refused) while connecting to upstream
2026/06/25 10:02:05 [warn] 11#11: upstream server temporarily disabled
2026/06/25 10:03:16 [error] 11#11: *9 access forbidden by rule, client: 203.0.113.44
2026/06/25 10:04:33 [error] 11#11: *10 upstream timed out while reading response header
2026/06/25 10:05:01 [error] 11#11: demo upstream resetView commands shown
These are the commands shown in the sanitized transcript.
Commands shown
tail -n 20 /var/log/nginx/error.logsh -c "(sleep 1; printf '2026/06/25 10:05:01 [error] 11#11: demo upstream reset\n' >> /var/log/nginx/error.log) &"tail -n 80 -f /var/log/nginx/error.log
next steps
Related commands
Find Errors Before Reading Every Log Line
The error was in the log. The problem was finding it without reading noise.
grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -40
Show Only Recent Errors
The log had old failures too. I only cared about the newest ones.
grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -10
Find the Exact Log Line Before You Scroll
The error was there. The useful part was knowing exactly where it was.
grep -inE 'error|failed|denied|timeout' /var/log/nginx/error.log
Read Current-Boot Logs for One Service
Ignore stale logs and inspect only what happened since this boot.
journalctl -u nginx -b --no-pager -n 80
Show Context Around the First App Error
The first error often explains more than the last one.
awk '{buf[NR%5]=$0} tolower($0) ~ /(error|exception|fatal)/ {for (i=NR-4;i<=NR;i++) if (i>0) print buf[i%5]; exit}' fixtures/incidents/app.log
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.