Getting started with Linux: last Command in Linux

Source: Internet
Author: User

Getting started with Linux: last Command in Linux

The last command is used to list information related to users logging on to the system. Its main parameters include:

(1)-a displays the host name or IP address used to log on to the system on the last line.

(2)-d converts an IP address to a host name.

(3)-f <Record File> specifies the record file.

(4)-n <display Number of columns> or-<display Number of columns>

(5)-R does not display the host name or IP address of the logon System

(6)-x displays information such as system shutdown, restart, and execution grade change.

Linux built-in audit tracking tool-last command

Command introduction:

This command is used to list information about users currently logged on to the system. Command syntax: show listing of last logged in users

Execution permission: Some require special permissions

Command path:/usr/bin/last

When the last command is executed, it reads the file named wtmp in the/var/log directory and displays all the usernames logged on to the system of the file. By default, the wtmp record is displayed. btmp can display more details and display remote logon, such as ssh logon.

The utmp file stores the information of users in the current system.

The wtmp file stores the information of users who have logged on to the system.

Command output fields:

Column 1: User Name

Column 2: terminal location. Pts/0 (Pseudo Terminal) means the user remotely connected from SSH or telnet. tty (teletypewriter) means that the user is directly connected to the computer or local connection.

Column 3: logon ip address or kernel. If you see: 0.0 or nothing, it means that the user is connected through a local terminal. In addition to the restart activity, the kernel version is displayed in the status.

Column 4: Start Time

Column 5: End Time (still login has not exited down until crash is shut down normally until forced shutdown)

Column 6: Duration

Command syntax:

Last [-R] [-num] [-n num] [-adiowx] [-f file] [-t YYYYMMDDHHMMSS] [name...] [tty...]

Command parameters:

Parameters

Long Parameter

Description

-

 

Displays the host name or IP address that you have logged on to the system in the last line.

-D

 

Convert an IP address to a host name

-F

 

Specifies the record file. By default, records of wtmp files under the/var/log directory are displayed. However, the content displayed by btmp in the/var/log directory is richer and remote logon is displayed, for example, ssh logon includes failed login requests.

-I

 

-I: displays the logon status of a specific ip address. Use-I to display the logon status of a specific ip address. Tracking

-O

 

Read an old-type wtmp file (written by linux-libc5 applications ).

-N

 

-N <display Number of columns> or-<display Number of columns>

-W

 

Display full user and domain names in the output

-R

 

The host name or IP address used to log on to the system is not displayed (the hostname field is omitted)

-T

 

Display information before YYYYMMDDHHMMSS

-X

 

Displays system shutdown, user logon, and logout history

Example:

 

 

1: view the help information of the last command


[Root @ bkjia ~] # Man last
 
 
 
[Root @ bkjia ~] # Last-h
Last: invalid option -- h
Usage: last [-num |-n num] [-f file] [-t YYYYMMDDHHMMSS] [-R] [-x] [-o] [-w] [username ..] [tty...]

 

2: displays N records of the Last Logon system.


[Root @ bkjia ~] # Last-10
Root pts/1: 0.0 Wed Dec 18 still logged in
Root pts/4: 0.0 Wed Dec 18)
Root pts/1: 0.0 Wed Dec 18)
Root pts/3 192.168.103.79 Wed Dec 18)
Root pts/4: 0.0 Wed Dec 18)
Root pts/3: 0.0 Wed Dec 18)
Root pts/2 192.168.103.29 Wed Dec 18 09:27 still logged in
Root pts/1: 0.0 Wed Dec 18)
Root pts/2: 0.0 Wed Dec 18)
Root pts/1: 0.0 Wed Dec 18)
 
Wtmp begins Wed Dec 11 03:02:17 2013
 
[Root @ bkjia ~] # Last-n 10
Root pts/1: 0.0 Wed Dec 18 still logged in
Root pts/4: 0.0 Wed Dec 18)
Root pts/1: 0.0 Wed Dec 18)
Root pts/3 192.168.103.79 Wed Dec 18)
Root pts/4: 0.0 Wed Dec 18)
Root pts/3: 0.0 Wed Dec 18)
Root pts/2 192.168.103.29 Wed Dec 18 09:27 still logged in
Root pts/1: 0.0 Wed Dec 18)
Root pts/2: 0.0 Wed Dec 18)
Root pts/1: 0.0 Wed Dec 18)
 
Wtmp begins Wed Dec 11 03:02:17 2013

3: display the host name or IP address of the logon system on the last line.

[Root @ bkjia ~] # Last-10-
Root pts/1 Wed Dec 18 still logged in: 0.0
Root pts/4 Wed Dec 18-(): 0.0
Root pts/1 Wed Dec 18-(): 0.0
Root pts/3 Wed Dec 18-() 192.168.103.79
Root pts/4 Wed Dec 18-(): 0.0
Root pts/3 Wed Dec 18-(): 0.0
Root pts/2 Wed Dec 18 still logged in 192.168.103.29
Root pts/1 Wed Dec 18-(): 0.0
Root pts/2 Wed Dec 18-(): 0.0
Root pts/1 Wed Dec 18-(): 0.0
 
Wtmp begins Wed Dec 11 03:02:17 2013

4: The host name or IP address used to log on to the system is not displayed.

[Root @ bkjia ~] # Last-10-R
Root pts/1 Wed Dec 18 still logged in
Root pts/4 Wed Dec 18)
Root pts/1 Wed Dec 18)
Root pts/3 Wed Dec 18)
Root pts/4 Wed Dec 18)
Root pts/3 Wed Dec 18)
Root pts/2 Wed Dec 18 still logged in
Root pts/1 Wed Dec 18)
Root pts/2 Wed Dec 18)
Root pts/1 Wed Dec 18)
 
Wtmp begins Wed Dec 11 03:02:17 2013

5. Specify the/var/log/btmp file to view the user information of the logon system.

[Root @ bkjia ~] # Last-n 10-f/var/log/btmp
Root ssh: notty 192.168.136.163 Fri Oct 17 18:16 gone-no logout
Root ssh: notty 192.168.136.163 Fri Oct 17)
Root ssh: notty 192.168.136.163 Fri Oct 17)
Root ssh: notty 192.168.40.218 Tue Jul 23-(450 + 16: 10)
Root ssh: notty 192.168.236.149 Sun Apr 14-(100 + 16: 05)
Root ssh: notty 192.168.178.147 Fri Mar 8-(36 + 08: 08)
Tomcat ssh: notty get185806.gfg1. e Fri Oct 26-(133 + 00: 37)
Root ssh: notty 192.168.193.3 Mon Oct 22-(3 + 22: 34)
Root ssh: notty 192.168.193.3 Mon Oct 22)
Devloper ssh: notty get185819.gfg1. e Wed Oct 17-(5 + 00: 50)
 
Btmp begins Thu Apr 12 14:30:06 2012

6. convert an IP address to a host name.

Last-10-d

Clip_image001

7: displays information before YYYYMMDDHHMMSS (20150110093000 ).

[Root @ bkjia ~] # Last-10-t 20150110093000
Root pts/2 192.168.102.186 Fri Jan 9)
Root pts/2 192.168.102.134 Thu Jan 8)
Root pts/3 192.168.125.53 Tue Jan 6)
Root pts/2 192.168.125.53 Tue Jan 6)
Root pts/3 192.168.102.88 Tue Jan 6)
Root pts/2 192.168.102.88 Tue Jan 6)
Oracle pts/1: 2.0 Tue Jan 6 still logged in
Reboot system boot 2.6.32-200.13.1. Tue Jan 6 :07 (7 + 20: 21)
Root pts/2 192.168.102.88 Tue Jan 6-down)
Oracle pts/1: 2.0 Tue Jan 6-down)
 
Wtmp begins Wed Apr 11 16:31:10 2012

This article permanently updates the link address:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.