What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

UpGuard checks and validates configurations for every major OS, network device, and cloud provider.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags



Commands using tail from sorted by
Terminal - Commands using tail - 244 results
whatinstalled () { local cmdpath=$(realpath -eP $(which -a $1 | grep -E "^/" | tail -n 1) 2>/dev/null) && [ -x "$cmdpath" ] && dpkg -S $cmdpath 2>/dev/null | grep -E ": $cmdpath\$" | cut -d ":" -f 1; }
2016-11-08 16:13:10
User: lordtoran
Functions: cut grep tail which

Put this one-line function somewhere in your shell init, re-login and try

whatinstalled <command>

This is an elaborate wrapper around "dpkg -S", with numerous safeguards. Symlinks and command aliases are resolved. If the searched command is not an existing executable file or was installed by some other means than dpkg/apt, nothing is printed to stdout, otherwise the package name.

tail -v -f $(php -i | grep "^[ \t]*error_log" | awk -F"=>" '{ print $2; }' | sed 's/^[ ]*//g')
2016-08-31 12:13:31
User: paulera
Functions: awk grep sed tail

Runs "php -i", filter the error_log location, then watches it using "tail"

wget -q -O - | strings | tail -n 2
2016-05-03 23:03:55
User: paulera
Functions: strings tail wget

The router Technicolor TC7200 has an exploit where the file is open for unauthenticated access. Even though it is binary, the 2 last strings are the username and password for the pages for router management. It can be read using the 'strings' command, 'hexdump -C' or a hexadecimal editor.

(default user/password = admin/admin)

Reveals more configuration, including SSID name and Key for the wifi network:

wget -q -O -

Hexadecimal dump of the file:

wget -q -O - | hexdump -C
declare -a array=($(tail -n +2 /proc/net/tcp | cut -d":" -f"3"|cut -d" " -f"1")) && for port in ${array[@]}; do echo $((0x$port)); done
bar() { foo=$(ls -rt|tail -1) && read -ep "cat $foo? <y/n> " a && [[ $a != "n" ]] && eval "cat $foo" ;}
2015-10-21 20:09:33
User: knoppix5
Functions: eval ls read tail

This command will display the file, but you can change 'cat' to anything else

(type 'n' when prompted to cancel the command or anything else to proceed).


Some hints for newbies:


unset bar

to make 'bar' function annihilated.

For permanent usage you can put this (bar) function in your .bashrc (for bash) or in .profile (for sh).


. ~/.bashrc

you can get all new inserted functions in .bashrc (so the function 'bar'

or whatever name you choose) immediately available.

curl -sL http://goo.gl/3sA3iW | head -16 | tail -14
tail -f <file>
2015-06-01 16:55:00
User: adrruiz
Functions: tail

In cases when the user is following a log file that rotates then it is advisable to use the -F option as it keeps following the log even when it is recreated, renamed, or removed as part of log rotation.

To interrupt tail while it is monitoring, break-in with Ctrl+C.

tail -f /var/squid/logs/access.log | perl -pe 's/(\d+)/localtime($1)/e'
tail +### MYFILE
2015-04-23 11:49:15
User: pooderbill
Functions: tail

Useful for finding newly added lines to a file, tail + can be used to show only the lines starting at some offset. A syslog scanner would look at the file for the first time, then record the end_of_file record number using wc -l. Later (hours, days), scan only at the lines that were added since the last scan.

git rev-list --all|tail -n1|xargs git show|grep -v diff|head -n1|cut -f1-3 -d' '
git rev-list --all|tail -n1|xargs git show|grep -v diff|head -n1|cut -f1-3 -d' '
nmap -sP | grep -v "Host" | tail -n +3 | tr '\n' ' ' | sed 's|Nmap|\nNmap|g' | grep "MAC Address" | cut -d " " -f5,8-15
2014-12-26 18:31:53
User: jaimerosario
Functions: cut grep sed tail tr

In the field, I needed to script a process to scan a specific vendor devices in the network. With the help of nmap, I got all the devices of that particular vendor, and started a scripted netcat session to download configuration files from a tftp server.

This is the nmap loop (part of the script). You can however, add another pipe with grep to filter the vendor/manufacturer devices only. If want to check the whole script, check in http://pastebin.com/ju7h4Xf4

tail -f access_log | awk '{print $1 , $12}'
2014-12-24 14:15:52
User: tyzbit
Functions: awk tail

Use this command to watch apache access logs in real time to see what pages are getting hit.

(ps -U nms -o pid,nlwp,cmd:500 | sort -n -k2) && (ps -U nms -o nlwp | tail -n +2 | paste -sd+ | bc)
2014-09-30 18:25:56
User: cmullican
Functions: paste ps sort tail

I occasionally need to see if a machine is hitting ulimit for threads, and what process is responsible. This gives me the total number, sorted low to high so the worst offender is at the end, then gives me the total number of threads, for convenience.

for file in $(find /var/backup -name "backup*" -type f |sort -r | tail -n +10); do rm -f $file; done ; tar czf /var/backup/backup-system-$(date "+\%Y\%m\%d\%H\%M-\%N").tgz --exclude /home/dummy /etc /home /opt 2>&- && echo "system backup ok"
2014-09-24 14:04:11
User: akiuni
Functions: date echo file find rm sort tail tar
Tags: backup Linux cron

this command can be added to crontab so as to execute a nightly backup of directories and store only the 10 last backup files.

tail -1f /var/opt/fds/logs/TraceEventLogFile.txt.0 | grep <msisdn> | tee <test-case-id>.trace | tr '|' '\n'
2014-08-21 19:29:07
User: neomefistox
Functions: grep tail tee tr

This command allows to follow up a trace on SDP (CS5.2), at the same time as the trace records are stored in the file with "raw" format.

Trace files in native format are useful to filter the records before to translation from '|' to '\n'.


grep -v OP_GET <raw-records>.trace | tr '|' '\n'
tail -f FILE | ccze
tail -f LOG_FILE | grep --line-buffered SEARCH_STR | cut -d " " -f 7-
2014-08-07 10:40:45
User: pjsb
Functions: cut grep tail
Tags: grep cut tail -f

Outputs / monitors the content of the LOG_FILE , which matches the SEARCH_STR. The output is cutted by spaces (as delimiter) starting from column 7 till the end.

find /var/log -type f -iregex '.*[^\.][^0-9]+$' -not -iregex '.*gz$' 2> /dev/null | xargs tail -n0 -f | ccze -A
2014-07-29 17:11:17
User: rubo77
Functions: find tail xargs
Tags: unix ccze logging

This will show all changes in all log files under /var/log/ that are regular files and don't end with `gz` nor with a number

bkname="test"; tobk="*" ; totalsize=$(du -csb $tobk | tail -1 | cut -f1) ; tar cvf - $tobk | tee >(sha512sum > $bkname.sha512) >(tar -tv > $bkname.lst) | mbuffer -m 4G -P 100% | pv -s $totalsize -w 100 | dd of=/dev/nst0 bs=256k
2014-07-22 15:47:50
User: johnr
Functions: cut dd du tail tar tee

This will write to TAPE (LTO3-4 in my case) a backup of files/folders. Could be changed to write to DVD/Blueray.

Go to the directory where you want to write the output files : cd /bklogs

Enter a name in bkname="Backup1", enter folders/files in tobk="/home /var/www".

It will create a tar and write it to the tape drive on /dev/nst0.

In the process, it will

1) generate a sha512 sum of the tar to $bkname.sha512; so you can validate that your data is intact

2) generate a filelist of the content of the tar with filesize to $bkname.lst

3) buffer the tar file to prevent shoe-shining the tape (I use 4GB for lto3(80mb/sec), 8gb for lto4 (120mb/sec), 3Tb usb3 disks support those speed, else I use 3x2tb raidz.

4) show buffer in/out speed and used space in the buffer

5) show progress bar with time approximation using pv


To eject the tape :

; sleep 75; mt-st -f /dev/nst0 rewoffl


1) When using old tapes, if the buffer is full and the drive slows down, it means the tape is old and would need to be replaced instead of wiping it and recycling it for an other backup. Logging where and when it slows down could provide good information on the wear of the tape. I don't know how to get that information from the mbuffer output and to trigger a "This tape slowed down X times at Y1gb, Y2gb, Y3gb down to Zmb/s for a total of 30sec. It would be wise to replace this tape next time you want to write to it."

2) Fix filesize approximation

3) Save all the output to $bkname.log with progress update being new lines. (any one have an idea?)

4) Support spanning on multiple tape.

5) Replace tar format with something else (dar?); looking at xar right now (https://code.google.com/p/xar/), xml metadata could contain per file checksum, compression algorithm (bzip2, xv, gzip), gnupg encryption, thumbnail, videopreview, image EXIF... But that's an other project.


1) You can specify the width of the progressbar of pv. If its longer than the terminal, line refresh will be written to new lines. That way you can see if there was speed slowdown during writing.

2) Remove the v in tar argument cvf to prevent listing all files added to the archive.

3) You can get tarsum (http://www.guyrutenberg.com/2009/04/29/tarsum-02-a-read-only-version-of-tarsum/)

and add >(tarsum --checksum sha256 > $bkname_list.sha256) after the tee to generate checksums of individual files !

tail -f *.log | grep --color=always '|==>.+<=='
2014-07-11 07:47:27
User: danimath
Functions: grep tail
Tags: grep tail -f

This shows the the filenames of tail output in color. Helpful if you have many log files to tail

echo $(ifconfig) | egrep -o "en.*?inet [^ ]* " | sed 's/.*inet \(.*\)$/\1/' | tail -n +2
find -type f -iregex '.*\.\(mkv\|mp4\|wmv\|flv\|webm\|mov\|dat\|flv\)' -print0 | xargs -0 mplayer -vo dummy -ao dummy -identify 2>/dev/null | perl -nle '/ID_LENGTH=([0-9\.]+)/ && ($t +=$1) && printf "%02d:%02d:%02d\n",$t/3600,$t/60%60,$t%60' | tail -n 1
2014-06-07 15:50:41
User: powerinside
Functions: find perl printf tail xargs

Use case insensitive regex to match files ending in popular video format extensions and calculate their total time. (traverses all files recursively starting from the current directory)

getlunid() { lv=$(df -P $1|grep "^/dev/"|awk '{print $1}'|awk -F/ '{print $3}'); hd=$(lslv -l $lv|tail -1|awk '{print $1}');id=$(odmget -q "name like $hd AND attribute=unique_id" CuAt|grep "value ="|awk -F= '{print $2}'|tr -d '"');echo $id;}
2014-04-20 18:43:21
User: bigstupid
Functions: awk df echo grep tail tr
Tags: aix lvm SAN odm

For a given filesystem return the LUN ID. Command assumes 1:1 relationship between fs:lv:hdisk:lun which may not be the case in all environments.

echo $(sudo lshw -businfo | grep -B 1 -m 1 $(df "/path/to/file" | tail -1 | awk '{print $1}' | cut -c 6-8) | head -n 1 | awk '{print $1}' | cut -c 5- | tr ":" "-") | sudo tee /sys/bus/usb/drivers/usb/unbind
2014-04-06 12:06:29
User: tweet78
Functions: awk cut df echo grep head sudo tail tee tr

You have an external USB drive or key.

Apply this command (using the file path of anything on your device) and it will simulate the unplug of this device.

If you just want the port, just type :

echo $(sudo lshw -businfo | grep -B 1 -m 1 $(df "/path/to/file" | tail -1 | awk '{print $1}' | cut -c 6-8) | head -n 1 | awk '{print $1}' | cut -c 5- | tr ":" "-")