You can set up your root login using keys only and limit the key to run this only command, which mitigates the most of the dangers. You would create the key and store it on the server root's authorized_keys file with modifier like this:
command="tail -f /var/log/apache2/my.log",no-pty,no-port-forwarding ssh-rsa AAAAB3Nza...LiPk== And change the option in sshd_config to PermitRootLogin forced-commands-only
The other way round, as you suggest is to use sudo, but you would need also to modify sodoers file to achieve appropriate results -- also allow only this command for your user and probably use option without password to be able to automate things.