How to use Linux common command last

Http://www.jb51.net/article/120140.htm

Recently in the study of Linux commands, learned the last command, found that many students are not very familiar with the last command, the function of the previous command lists the current and the past logged in the system user-related information, the following this article mainly on the use of Linux commonly used commands, The need for friends can be used for reference.

Objective

This article mainly introduces about the use of Linux commonly used command last usage of relevant content, share out for everyone to refer to the study, words do not say, come together to see the detailed introduction bar.

Introduction to Commands:

This command is used to list information about users who have logged in to the system in the past. Directive English literal: Show listing of last logged in users

Execute permissions: Some require special permissions

Instruction Path:/usr/bin/last

When the last instruction is executed, it reads a file that is named Wtmp in the/var/log directory and displays all the user lists of the logged-on system to the file's content record. The default is to display Wtmp records, BTMP can display more detailed, can display remote logins, such as SSH login.

The utmp file holds information about the users currently in the system.

The wtmp file holds information about the user who has logged in to the system.

The command output field describes:

First column: User name

Second column: End position. pts/0 (pseudo terminal) means a remote connection from a user such as SSH or Telnet. TTY (teletypewriter) means a user connected directly to a computer or locally connected

Third column: Login IP or kernel. If you see: 0.0 or nothing, this means that the user is connected via a local terminal. In addition to restarting the activity, the kernel version is displayed in the status.

Fourth column: Start time

Fifth column: End time (still login in has not exited down until normal shutdown crash until shutdown is forced)

Sixth column: Duration

Command syntax:

last [-R] [-num] [ -n num ] [-adiowx] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...]  [tty...]

Command parameters:

Parameters	Long parameters	Description
-A		The host name or IP address that will be logged into the system, displayed in the last line
-D		Convert IP address to host name
-F		Specifies the record file, the default is to display the records of the Wtmp file under the/var/log directory, but the/var/log directory has more content btmp to display, can display remote logins, such as SSH logins, including failed login requests.
-I.		-I displays the status of a specific IP login. Track the case of a specific IP login with-i display. Tracking with
-O		Read an old-type wtmp file (written by LINUX-LIBC5 applications).
-N		-N < Show rows > or-< show rows > Set how many rows of records are displayed
-W		Display full user and domain names in the output
-R		Do not display the host name or IP of the login system (omit hostname fields)
-T		To display information before YYYYMMDDHHMMSS
-X		Shows the history of system shutdown, user login, and exit

Examples of Use:

1: View the Help information for last command

?

1234567

[[email protected] ~]# man last    [[email protected] ~]# last -hlast: invalid option -- hUsage: last [-num | -n num] [-f file] [-t YYYYMMDDHHMMSS] [-R] [-x] [-o] [-w] [username..] [tty..]

2: Display the last logged in System N records

?

123456789101112131415161718192021222324252627

[[email protected] ~]#last -10root pts/1 :0.0 Wed Dec 18 09:54 still logged inroot pts/4 :0.0 Wed Dec 18 09:43 - 09:48 (00:04) root pts/1 :0.0 Wed Dec 18 09:43 - 09:48 (00:05) root pts/3 192.168.103.79 Wed Dec 18 09:41 - 12:40 (02:59) root pts/4 :0.0 Wed Dec 18 09:28 - 09:30 (00:01) root pts/3 :0.0 Wed Dec 18 09:27 - 09:30 (00:02) root pts/2 192.168.103.29 Wed Dec 18 09:27 still logged inroot pts/1 :0.0 Wed Dec 18 09:27 - 09:42 (00:15) root pts/2 :0.0 Wed Dec 18 09:23 - 09:25 (00:01) root pts/1 :0.0 Wed Dec 18 09:22 - 09:25 (00:02)  wtmp begins Wed Dec 11 03:02:17 2013 [[email protected] ~]# last -n 10root pts/1 :0.0 Wed Dec 18 09:54 still logged inroot pts/4 :0.0 Wed Dec 18 09:43 - 09:48 (00:04) root pts/1 :0.0 Wed Dec 18 09:43 - 09:48 (00:05) root pts/3 192.168.103.79 Wed Dec 18 09:41 - 12:40 (02:59) root pts/4 :0.0 Wed Dec 18 09:28 - 09:30 (00:01) root pts/3 :0.0 Wed Dec 18 09:27 - 09:30 (00:02) root pts/2 192.168.103.29 Wed Dec 18 09:27 still logged inroot pts/1 :0.0 Wed Dec 18 09:27 - 09:42 (00:15) root pts/2 :0.0 Wed Dec 18 09:23 - 09:25 (00:01) root pts/1 :0.0 Wed Dec 18 09:22 - 09:25 (00:02)  wtmp begins Wed Dec 11 03:02:17 2013

3: Display the host name or IP address of the login system on the last line

?

12345678910111213

[[email protected] ~]# last -10 -aroot pts/1 Wed Dec 18 09:54 still logged in :0.0root pts/4 Wed Dec 18 09:43 - 09:48 (00:04) :0.0root pts/1 Wed Dec 18 09:43 - 09:48 (00:05) :0.0root pts/3 Wed Dec 18 09:41 - 12:40 (02:59) 192.168.103.79root pts/4 Wed Dec 18 09:28 - 09:30 (00:01) :0.0root pts/3 Wed Dec 18 09:27 - 09:30 (00:02) :0.0root pts/2 Wed Dec 18 09:27 still logged in 192.168.103.29root pts/1 Wed Dec 18 09:27 - 09:42 (00:15) :0.0root pts/2 Wed Dec 18 09:23 - 09:25 (00:01) :0.0root pts/1 Wed Dec 18 09:22 - 09:25 (00:02) :0.0 wtmp begins Wed Dec 11 03:02:17 2013

4: Do not display the host name or IP address of the login system

?

12345678910111213

[[email protected] ~]# last -10 -Rroot pts/1 Wed Dec 18 09:54 still logged inroot pts/4 Wed Dec 18 09:43 - 09:48 (00:04) root pts/1 Wed Dec 18 09:43 - 09:48 (00:05) root pts/3 Wed Dec 18 09:41 - 12:40 (02:59) root pts/4 Wed Dec 18 09:28 - 09:30 (00:01) root pts/3 Wed Dec 18 09:27 - 09:30 (00:02) root pts/2 Wed Dec 18 09:27 still logged inroot pts/1 Wed Dec 18 09:27 - 09:42 (00:15) root pts/2 Wed Dec 18 09:23 - 09:25 (00:01) root pts/1 Wed Dec 18 09:22 - 09:25 (00:02)  wtmp begins Wed Dec 11 03:02:17 2013

5: Specify the/var/log/btmp file to view information about users logged on to the system

?

12345678910111213

[[email protected] ~]# last -n 10 -f /var/log/btmproot ssh:notty 192.168.136.163 Fri Oct 17 18:16 gone - no logoutroot ssh:notty 192.168.136.163 Fri Oct 17 09:50 - 18:16 (08:26) root ssh:notty 192.168.136.163 Fri Oct 17 09:50 - 09:50 (00:00) root ssh:notty 192.168.40.218 Tue Jul 23 17:40 - 09:50 (450+16:10) root ssh:notty 192.168.236.149 Sun Apr 14 01:34 - 17:40 (100+16:05) root ssh:notty 192.168.178.147 Fri Mar 8 17:25 - 01:34 (36+08:08) tomcat ssh:notty get185806.gfg1.e Fri Oct 26 16:48 - 17:25 (133+00:37) root ssh:notty 192.168.193.3 Mon Oct 22 18:13 - 16:48 (3+22:34) root ssh:notty 192.168.193.3 Mon Oct 22 18:13 - 18:13 (00:00) devloper ssh:notty get185819.gfg1.e Wed Oct 17 17:22 - 18:13 (5+00:50)   btmp begins Thu Apr 12 14:30:06 2012

6: Convert IP address to host name

?

1	last -10 -d

7: Show information before YYYYMMDDHHMMSS (20150110093000)

?

12345678910111213

[[email protected] ~]# last -10 -t 20150110093000root pts/2 192.168.102.186 Fri Jan 9 15:35 - 17:27 (01:52) root pts/2 192.168.102.134 Thu Jan 8 10:25 - 12:27 (02:02) root pts/3 192.168.125.53 Tue Jan 6 23:59 - 00:09 (00:09) root pts/2 192.168.125.53 Tue Jan 6 23:45 - 00:09 (00:23) root pts/3 192.168.102.88 Tue Jan 6 15:23 - 16:20 (00:57) root pts/2 192.168.102.88 Tue Jan 6 15:08 - 17:25 (02:16) oracle pts/1 :2.0 Tue Jan 6 15:07 still logged inreboot system boot 2.6.32-200.13.1. Tue Jan 6 15:07 (7+20:21) root pts/2 192.168.102.88 Tue Jan 6 14:47 - down (00:17) oracle pts/1 :2.0 Tue Jan 6 14:46 - down (00:18)  wtmp begins Wed Apr 11 16:31:10 2012

Summarize

The above is the entire content of this article, I hope that the content of this article on everyone's study or work can bring certain help, if there are questions you can message exchange, thank you for the script home support.

How to use Linux common command last