last
The last command is used to show who has recently used the server and logged in and out. The last command reads listing of last logged in users from the system file called /var/log/wtmp.
Syntax
last [options]If no options provided last command displays a list of all users logged in/out since /var/log/wtmp file was created.
Options
user_name | Shows specific user last logged in. |
tty | last will show only those entries matching tty. Names of ttys can be abbreviated, thus last 1 is the same as last tty1. |
-t YYYYMMDDHHMMSS | Will show state of logins as of the specified time. |
-f file | Will search specific file other than /var/log/wtmp |
-F | Will show full login and logout times and dates. |
-R | Will remove display of the hostname field. |
-num | Show num lines in the output of last command |
-n num | |
-a | Show the hostname in the last column. |
-d | Will translates the IP number back into a hostname |
-i | Similar to option –d but it displays the IP number in numbers-and-dots notation |
-w | Show full user and domain names in the output. |
-x | Show last shutdown entries and run level changes. |
Example
The below example shows recently logged in and out users on your server
last
root pts/0 171.1.6.34 Tue Apr 28 05:59 still logged in
root pts/1 171.1.6.34 Tue Apr 28 04:08 still logged in
root pts/1 171.1.6.34 Sat Apr 25 06:33 - 08:55 (02:22)
root pts/0 171.1.6.34 Thu Apr 23 17:47 - 18:51 (01:03)
root pts/1 171.1.6.34 Thu Apr 23 14:02 - 14:51 (00:48)
root pts/0 171.1.6.34 Tue Apr 7 08:02 - 08:38 (00:35)
lastb
lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
Syntax
lastb [options]
No comments:
Post a Comment