Linux Command learning Summary: last, linux Command summary last

Linux Command learning Summary: last, linux Command summary last

Command introduction:

This command is used to list information about users currently logged on to the system. Command syntax: show listing of last logged in users

Execution permission: Some require special permissions

Command path:/usr/bin/last

When the last command is executed, it reads the file named wtmp in the/var/log directory and displays all the usernames logged on to the system of the file. By default, the wtmp record is displayed. btmp can display more details and display remote logon, such as ssh logon.

The utmp file stores the information of users in the current system.

The wtmp file stores the information of users who have logged on to the system.

Command output fields:

Column 1: User Name

Column 2: terminal location. Pts/0 (Pseudo Terminal) means the user remotely connected from SSH or telnet. tty (teletypewriter) means that the user is directly connected to the computer or local connection.

Column 3: logon ip address or kernel. If you see: 0.0 or nothing, it means that the user is connected through a local terminal. In addition to the restart activity, the kernel version is displayed in the status.

Column 4: Start Time

Column 5: End Time (still login has not exited down until crash is shut down normally until forced shutdown)

Column 6: Duration

Command syntax:

Last [-R] [-num] [-n num] [-adiowx] [-f file] [-t YYYYMMDDHHMMSS] [name...] [tty...]

Command parameters:

Parameters	Long Parameter	Description
-		Displays the host name or IP address that you have logged on to the system in the last line.
-D		Convert an IP address to a host name
-F		Specifies the record file. By default, records of wtmp files under the/var/log directory are displayed. However, the content displayed by btmp in the/var/log directory is richer and remote logon is displayed, for example, ssh logon includes failed login requests.
-I		-I: displays the logon status of a specific ip address. Use-I to display the logon status of a specific ip address. Tracking
-O		Read an old-type wtmp file (written by linux-libc5 applications ).
-N		-N <display Number of columns> or-<display Number of columns>
-W		Display full user and domain names in the output
-R		The host name or IP address used to log on to the system is not displayed (the hostname field is omitted)
-T		Display information before YYYYMMDDHHMMSS
-X		Displays system shutdown, user logon, and logout history

Example:

1: view the help information of the last command

[root@DB-Server ~]# man last

[root@DB-Server ~]# last -h

last: invalid option -- h

Usage: last [-num | -n num] [-f file] [-t YYYYMMDDHHMMSS] [-R] [-x] [-o] [-w] [username..] [tty..]

2: displays N records of the Last Logon system.

[root@DB-Server ~]#last -10

root     pts/1        :0.0             Wed Dec 18 09:54   still logged in   

root     pts/4        :0.0             Wed Dec 18 09:43 - 09:48  (00:04)    

root     pts/1        :0.0             Wed Dec 18 09:43 - 09:48  (00:05)    

root     pts/3        192.168.103.79   Wed Dec 18 09:41 - 12:40  (02:59)    

root     pts/4        :0.0             Wed Dec 18 09:28 - 09:30  (00:01)    

root     pts/3        :0.0             Wed Dec 18 09:27 - 09:30  (00:02)    

root     pts/2        192.168.103.29   Wed Dec 18 09:27   still logged in   

root     pts/1        :0.0             Wed Dec 18 09:27 - 09:42  (00:15)    

root     pts/2        :0.0             Wed Dec 18 09:23 - 09:25  (00:01)    

root     pts/1        :0.0             Wed Dec 18 09:22 - 09:25  (00:02)    

wtmp begins Wed Dec 11 03:02:17 2013

[root@DB-Server ~]# last -n 10

root     pts/1        :0.0             Wed Dec 18 09:54   still logged in   

root     pts/4        :0.0             Wed Dec 18 09:43 - 09:48  (00:04)    

root     pts/1        :0.0             Wed Dec 18 09:43 - 09:48  (00:05)    

root     pts/3        192.168.103.79   Wed Dec 18 09:41 - 12:40  (02:59)    

root     pts/4        :0.0             Wed Dec 18 09:28 - 09:30  (00:01)    

root     pts/3        :0.0             Wed Dec 18 09:27 - 09:30  (00:02)    

root     pts/2        192.168.103.29   Wed Dec 18 09:27   still logged in   

root     pts/1        :0.0             Wed Dec 18 09:27 - 09:42  (00:15)    

root     pts/2        :0.0             Wed Dec 18 09:23 - 09:25  (00:01)    

root     pts/1        :0.0             Wed Dec 18 09:22 - 09:25  (00:02)    

wtmp begins Wed Dec 11 03:02:17 2013

3: display the host name or IP address of the logon system on the last line.

[root@DB-Server ~]# last -10 -a

root     pts/1        Wed Dec 18 09:54   still logged in    :0.0

root     pts/4        Wed Dec 18 09:43 - 09:48  (00:04)     :0.0

root     pts/1        Wed Dec 18 09:43 - 09:48  (00:05)     :0.0

root     pts/3        Wed Dec 18 09:41 - 12:40  (02:59)     192.168.103.79

root     pts/4        Wed Dec 18 09:28 - 09:30  (00:01)     :0.0

root     pts/3        Wed Dec 18 09:27 - 09:30  (00:02)     :0.0

root     pts/2        Wed Dec 18 09:27   still logged in    192.168.103.29

root     pts/1        Wed Dec 18 09:27 - 09:42  (00:15)     :0.0

root     pts/2        Wed Dec 18 09:23 - 09:25  (00:01)     :0.0

root     pts/1        Wed Dec 18 09:22 - 09:25  (00:02)     :0.0

wtmp begins Wed Dec 11 03:02:17 2013

4: The host name or IP address used to log on to the system is not displayed.

[root@DB-Server ~]# last -10 -R

root     pts/1        Wed Dec 18 09:54   still logged in   

root     pts/4        Wed Dec 18 09:43 - 09:48  (00:04)    

root     pts/1        Wed Dec 18 09:43 - 09:48  (00:05)    

root     pts/3        Wed Dec 18 09:41 - 12:40  (02:59)    

root     pts/4        Wed Dec 18 09:28 - 09:30  (00:01)    

root     pts/3        Wed Dec 18 09:27 - 09:30  (00:02)    

root     pts/2        Wed Dec 18 09:27   still logged in   

root     pts/1        Wed Dec 18 09:27 - 09:42  (00:15)    

root     pts/2        Wed Dec 18 09:23 - 09:25  (00:01)    

root     pts/1        Wed Dec 18 09:22 - 09:25  (00:02)    

wtmp begins Wed Dec 11 03:02:17 2013

5. Specify the/var/log/btmp file to view the user information of the logon system.

[root@DB-Server ~]#  last -n 10 -f /var/log/btmp

root     ssh:notty    192.168.136.163  Fri Oct 17 18:16    gone - no logout 

root     ssh:notty    192.168.136.163  Fri Oct 17 09:50 - 18:16  (08:26)    

root     ssh:notty    192.168.136.163  Fri Oct 17 09:50 - 09:50  (00:00)    

root     ssh:notty    192.168.40.218   Tue Jul 23 17:40 - 09:50 (450+16:10) 

root     ssh:notty    192.168.236.149  Sun Apr 14 01:34 - 17:40 (100+16:05) 

root     ssh:notty    192.168.178.147  Fri Mar  8 17:25 - 01:34 (36+08:08)  

tomcat   ssh:notty    get185806.gfg1.e Fri Oct 26 16:48 - 17:25 (133+00:37) 

root     ssh:notty    192.168.193.3    Mon Oct 22 18:13 - 16:48 (3+22:34)   

root     ssh:notty    192.168.193.3    Mon Oct 22 18:13 - 18:13  (00:00)    

devloper ssh:notty    get185819.gfg1.e Wed Oct 17 17:22 - 18:13 (5+00:50)   

btmp begins Thu Apr 12 14:30:06 2012

6. convert an IP address to a host name.

Last-10-d

7: displays information before YYYYMMDDHHMMSS (20150110093000 ).

[root@DB-Server ~]#  last -10 -t 20150110093000

root     pts/2        192.168.102.186  Fri Jan  9 15:35 - 17:27  (01:52)    

root     pts/2        192.168.102.134  Thu Jan  8 10:25 - 12:27  (02:02)    

root     pts/3        192.168.125.53   Tue Jan  6 23:59 - 00:09  (00:09)    

root     pts/2        192.168.125.53   Tue Jan  6 23:45 - 00:09  (00:23)    

root     pts/3        192.168.102.88   Tue Jan  6 15:23 - 16:20  (00:57)    

root     pts/2        192.168.102.88   Tue Jan  6 15:08 - 17:25  (02:16)    

oracle   pts/1        :2.0             Tue Jan  6 15:07   still logged in   

reboot   system boot  2.6.32-200.13.1. Tue Jan  6 15:07         (7+20:21)   

root     pts/2        192.168.102.88   Tue Jan  6 14:47 - down   (00:17)    

oracle   pts/1        :2.0             Tue Jan  6 14:46 - down   (00:18)    

wtmp begins Wed Apr 11 16:31:10 2012