Saturday, 29 April 2017

last and lastb command usage and examples

last
The last command is used to show who has recently used the server and logged in and out. The last command reads listing of last logged in users from the system file called /var/log/wtmp.

Syntax
last [options]
If no options provided last command displays a list of all users logged in/out since /var/log/wtmp file was created.

 Options

user_name Shows specific user last logged in.
tty last will show only those entries matching tty. Names of ttys can be abbreviated, thus last 1 is the same as last tty1.
-t YYYYMMDDHHMMSS Will show state of logins as of the specified time.
-f file Will search specific file other than /var/log/wtmp
-F Will show full login and logout times and dates.
-R Will remove display of the hostname field.
-num Show num lines in the output of last command
-n num
-a Show the hostname in the last column.
-d Will translates the IP number back into a hostname
-i Similar to option –d but it displays the IP number in numbers-and-dots notation
-w Show full user and domain names in the output.
-x Show last shutdown entries and run level changes.

Example

The below example shows recently logged in and out users on your server

last

root pts/0 171.1.6.34 Tue Apr 28 05:59 still logged in

root pts/1 171.1.6.34 Tue Apr 28 04:08 still logged in

root pts/1 171.1.6.34 Sat Apr 25 06:33 - 08:55 (02:22)

root pts/0 171.1.6.34 Thu Apr 23 17:47 - 18:51 (01:03)

root pts/1 171.1.6.34 Thu Apr 23 14:02 - 14:51 (00:48)

root pts/0 171.1.6.34 Tue Apr 7 08:02 - 08:38 (00:35)

lastb
lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.

Syntax
lastb [options]

If no options provided last command displays a list of all users logged in/out since /var/log/btmp file was created.

No comments:

Post a Comment