How to view CentOS User login log

Data interchange, shutdown, and restart are also recorded in the Wtmp file. All records contain a timestamp.
Each time a user logs on, the login program sees the UID of the user in the file lastlog. If found, writes the user's last login, exit time, and host name to standard output, and the login program records the new logon time in Lastlog.
After the new Lastlog record is written, the Utmp file opens and inserts the user's utmp record. The record is used until the user logs on and exits. utmp files are used by various command files, including who, W, users, and finger.
Next, the login program opens the file wtmp the attached user's utmp record. The same utmp record with the update timestamp is appended to the file when the user logs out. wtmp files are used by program last and AC.
Wtmp and utmp files are binary files, and users need to use who, W, users, last, and AC to use the information contained in these two files.

Here's how to view the CentOS user login log.

The 1.who:who command queries the utmp file and reports each user who is currently logged on. The WHO default output includes user name, terminal type, logon date, and remote host. For example: Who (carriage return) display

The code is as follows	Copy Code
Root pts/0 2014-03-04 10:03 (218.2.11.178)

2. If the wtmp file name is specified, the WHO command queries for all Www.111cn.Net prior to the login record. Use the command who/var/log/wtmp to view all login logs as follows:

The code is as follows

Copy Code

Lxy ftpd5946 2013-01-09 16:48 (218.2.11.178) Ipfangwen ftpd6036 2013-01-09 16:49 (218.2.11.178) Zhaiken ftpd6064 2013-01-09 16:50 (218.2.11.178) Beifen ftpd6065 2013-01-09 16:50 (218.2.11.178) Root pts/0 2013-01-09 17:27 (218.2.11.178) Lxy ftpd9472 2013-01-09 17:30 (218.2.11.178) Lxy ftpd9482 2013-01-09 17:31 (218.2.11.178) Root pts/0 2013-01-11 12:58 (218.2.11.178) Dy.lxy.me ftpd9801 2013-01-25 16:15 (218.2.11.178)

The 3.last:last command searches back wtmp to show who has logged in since the first time the file was created. For example:

The code is as follows	Copy Code
Root pts/0 218.2.11.178 Tue Mar 4 10:03 still logged in Root pts/0 218.2.11.178 Wed Feb 26 15:34-15:43 (00:09) Lxy ftpd18086 218.2.11.178 Wed Oct 9 17:14-17:16 (00:02) Root pts/0 218.2.11.178 Tue Oct 8 16:54-17:50 (00:55)