Http://www.jb51.net/article/120140.htm
Recently in the study of Linux commands, learned the last command, found that many students are not very familiar with the last command, the function of the previous command lists the current and the past logged in the system user-related information, the following this article mainly on the use of Linux commonly used commands, The need for friends can be used for reference.
Objective
This article mainly introduces about the use of Linux commonly used command last usage of relevant content, share out for everyone to refer to the study, words do not say, come together to see the detailed introduction bar.
Introduction to Commands:
This command is used to list information about users who have logged in to the system in the past. Directive English literal: Show listing of last logged in users
Execute permissions: Some require special permissions
Instruction Path:/usr/bin/last
When the last instruction is executed, it reads a file that is named Wtmp in the/var/log directory and displays all the user lists of the logged-on system to the file's content record. The default is to display Wtmp records, BTMP can display more detailed, can display remote logins, such as SSH login.
The utmp file holds information about the users currently in the system.
The wtmp file holds information about the user who has logged in to the system.
The command output field describes:
First column: User name
Second column: End position. pts/0 (pseudo terminal) means a remote connection from a user such as SSH or Telnet. TTY (teletypewriter) means a user connected directly to a computer or locally connected
Third column: Login IP or kernel. If you see: 0.0 or nothing, this means that the user is connected via a local terminal. In addition to restarting the activity, the kernel version is displayed in the status.
Fourth column: Start time
Fifth column: End time (still login in has not exited down until normal shutdown crash until shutdown is forced)
Sixth column: Duration
Command syntax:
last [-R] [-num] [ -n num ] [-adiowx] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...] [tty...]
Command parameters:
Parameters |
Long parameters |
Description |
-A |
|
The host name or IP address that will be logged into the system, displayed in the last line |
-D |
|
Convert IP address to host name |
-F |
|
Specifies the record file, the default is to display the records of the Wtmp file under the/var/log directory, but the/var/log directory has more content btmp to display, can display remote logins, such as SSH logins, including failed login requests. |
-I. |
|
-I displays the status of a specific IP login. Track the case of a specific IP login with-i display. Tracking with |
-O |
|
Read an old-type wtmp file (written by LINUX-LIBC5 applications). |
-N |
|
-N < Show rows > or-< show rows > Set how many rows of records are displayed |
-W |
|
Display full user and domain names in the output |
-R |
|
Do not display the host name or IP of the login system (omit hostname fields) |
-T |
|
To display information before YYYYMMDDHHMMSS |
-X |
|
Shows the history of system shutdown, user login, and exit |
Examples of Use:
1: View the Help information for last command
?
1234567 |
[[email protected] ~] # man last [[email protected] ~] # last -h last: invalid option -- h Usage: last [-num | -n num] [-f file ] [-t YYYYMMDDHHMMSS] [-R] [-x] [-o] [-w] [username..] [ tty ..] |
2: Display the last logged in System N records
?
123456789101112131415161718192021222324252627 |
[[email protected] ~]
#last -10
root pts
/1 :0.0 Wed Dec 18 09:54 still logged
in
root pts
/4 :0.0 Wed Dec 18 09:43 - 09:48 (00:04)
root pts
/1 :0.0 Wed Dec 18 09:43 - 09:48 (00:05)
root pts
/3 192.168.103.79 Wed Dec 18 09:41 - 12:40 (02:59)
root pts
/4 :0.0 Wed Dec 18 09:28 - 09:30 (00:01)
root pts
/3 :0.0 Wed Dec 18 09:27 - 09:30 (00:02)
root pts
/2 192.168.103.29 Wed Dec 18 09:27 still logged
in
root pts
/1 :0.0 Wed Dec 18 09:27 - 09:42 (00:15)
root pts
/2 :0.0 Wed Dec 18 09:23 - 09:25 (00:01)
root pts
/1 :0.0 Wed Dec 18 09:22 - 09:25 (00:02)
wtmp begins Wed Dec 11 03:02:17 2013
[[email protected] ~]
# last -n 10
root pts
/1 :0.0 Wed Dec 18 09:54 still logged
in
root pts
/4 :0.0 Wed Dec 18 09:43 - 09:48 (00:04)
root pts
/1 :0.0 Wed Dec 18 09:43 - 09:48 (00:05)
root pts
/3 192.168.103.79 Wed Dec 18 09:41 - 12:40 (02:59)
root pts
/4 :0.0 Wed Dec 18 09:28 - 09:30 (00:01)
root pts
/3 :0.0 Wed Dec 18 09:27 - 09:30 (00:02)
root pts
/2 192.168.103.29 Wed Dec 18 09:27 still logged
in
root pts
/1 :0.0 Wed Dec 18 09:27 - 09:42 (00:15)
root pts
/2 :0.0 Wed Dec 18 09:23 - 09:25 (00:01)
root pts
/1 :0.0 Wed Dec 18 09:22 - 09:25 (00:02)
wtmp begins Wed Dec 11 03:02:17 2013
|
3: Display the host name or IP address of the login system on the last line
?
12345678910111213 |
[[email protected] ~]
# last -10 -a
root pts
/1 Wed Dec 18 09:54 still logged
in :0.0
root pts
/4 Wed Dec 18 09:43 - 09:48 (00:04) :0.0
root pts
/1 Wed Dec 18 09:43 - 09:48 (00:05) :0.0
root pts
/3 Wed Dec 18 09:41 - 12:40 (02:59) 192.168.103.79
root pts
/4 Wed Dec 18 09:28 - 09:30 (00:01) :0.0
root pts
/3 Wed Dec 18 09:27 - 09:30 (00:02) :0.0
root pts
/2 Wed Dec 18 09:27 still logged
in 192.168.103.29
root pts
/1 Wed Dec 18 09:27 - 09:42 (00:15) :0.0
root pts
/2 Wed Dec 18 09:23 - 09:25 (00:01) :0.0
root pts
/1 Wed Dec 18 09:22 - 09:25 (00:02) :0.0
wtmp begins Wed Dec 11 03:02:17 2013
|
4: Do not display the host name or IP address of the login system
?
12345678910111213 |
[[email protected] ~]
# last -10 -R
root pts
/1 Wed Dec 18 09:54 still logged
in
root pts
/4 Wed Dec 18 09:43 - 09:48 (00:04)
root pts
/1 Wed Dec 18 09:43 - 09:48 (00:05)
root pts
/3 Wed Dec 18 09:41 - 12:40 (02:59)
root pts
/4 Wed Dec 18 09:28 - 09:30 (00:01)
root pts
/3 Wed Dec 18 09:27 - 09:30 (00:02)
root pts
/2 Wed Dec 18 09:27 still logged
in
root pts
/1 Wed Dec 18 09:27 - 09:42 (00:15)
root pts
/2 Wed Dec 18 09:23 - 09:25 (00:01)
root pts
/1 Wed Dec 18 09:22 - 09:25 (00:02)
wtmp begins Wed Dec 11 03:02:17 2013
|
5: Specify the/var/log/btmp file to view information about users logged on to the system
?
12345678910111213 |
[[email protected] ~]
# last -n 10 -f /var/log/btmp
root
ssh
:notty 192.168.136.163 Fri Oct 17 18:16 gone - no
logout
root
ssh
:notty 192.168.136.163 Fri Oct 17 09:50 - 18:16 (08:26)
root
ssh
:notty 192.168.136.163 Fri Oct 17 09:50 - 09:50 (00:00)
root
ssh
:notty 192.168.40.218 Tue Jul 23 17:40 - 09:50 (450+16:10)
root
ssh
:notty 192.168.236.149 Sun Apr 14 01:34 - 17:40 (100+16:05)
root
ssh
:notty 192.168.178.147 Fri Mar 8 17:25 - 01:34 (36+08:08)
tomcat
ssh
:notty get185806.gfg1.e Fri Oct 26 16:48 - 17:25 (133+00:37)
root
ssh
:notty 192.168.193.3 Mon Oct 22 18:13 - 16:48 (3+22:34)
root
ssh
:notty 192.168.193.3 Mon Oct 22 18:13 - 18:13 (00:00)
devloper
ssh
:notty get185819.gfg1.e Wed Oct 17 17:22 - 18:13 (5+00:50)
btmp begins Thu Apr 12 14:30:06 2012
|
6: Convert IP address to host name
?
7: Show information before YYYYMMDDHHMMSS (20150110093000)
?
12345678910111213 |
[[email protected] ~]
# last -10 -t 20150110093000
root pts
/2 192.168.102.186 Fri Jan 9 15:35 - 17:27 (01:52)
root pts
/2 192.168.102.134 Thu Jan 8 10:25 - 12:27 (02:02)
root pts
/3 192.168.125.53 Tue Jan 6 23:59 - 00:09 (00:09)
root pts
/2 192.168.125.53 Tue Jan 6 23:45 - 00:09 (00:23)
root pts
/3 192.168.102.88 Tue Jan 6 15:23 - 16:20 (00:57)
root pts
/2 192.168.102.88 Tue Jan 6 15:08 - 17:25 (02:16)
oracle pts
/1 :2.0 Tue Jan 6 15:07 still logged
in
reboot system boot 2.6.32-200.13.1. Tue Jan 6 15:07 (7+20:21)
root pts
/2 192.168.102.88 Tue Jan 6 14:47 - down (00:17)
oracle pts
/1 :2.0 Tue Jan 6 14:46 - down (00:18)
wtmp begins Wed Apr 11 16:31:10 2012
|
Summarize
The above is the entire content of this article, I hope that the content of this article on everyone's study or work can bring certain help, if there are questions you can message exchange, thank you for the script home support.
How to use Linux common command last