Linux Last Command Introduction
Feature Description: Lists information about users that are currently logged in to the system in the past.
Syntax: last [-adrx][-f < record file >][-n < show number of columns >][account name ...] [Terminal number ...]
Additional Note: Execute the last instruction separately, it will read the file named Wtmp in the/var/log directory, and display the user list of the logged-in system to the file's content record.
Parameters
-a the host name or IP address from which to log in to the system, displayed on the last line.
-D converts the IP address to the host name.
-F < record file > specify record file.
-N < Show columns > or-< Show columns > set the number of displayed columns for the list.
-R does not display the host name or IP address of the login system.
-X displays information such as system shutdown, reboot, and execution level changes.
Last command:
Feature Description: Lists information about users that are currently logged in to the system in the past.
======== test Environment: Fedora core 6.0; Kernel: 2.6.18========
#last用了显示用户登录情况. The following is a record that displays a fixed number of rows directly. KKK is a new user.
[Email protected] ~]$ last-6
KKK pts/2:0.0 Thu Jul 20:48 still logged in
KKK pts/2:0.0 Thu Jul 26 20:21-20:21 (00:00)
kkk:0 Thu Jul 20:21 still logged in
Reboot system boot 2.6.18-1.2798.FC Thu Jul 26 20:20 (00:41)
KKK pts/2:0.0 Thu Jul 26 11:16-11:46 (00:30)
KKK pts/2:0.0 Thu Jul 26 10:18-10:18 (00:00)
Wtmp begins Sun Jul 1 15:17:08 2007
#默认是显示wtmp的记录, the btmp can be displayed in more detail and can display remote logins, such as SSH logins.
[Email protected] ~]# last-n 15-f/var/log/btmp
kkk:0 Thu Jul 20:21 still logged in
Klot tty1 Fri Jul 22:27 gone-no Logout
np962e76 tty1 Fri Jul 20 22:26-22:27 (00:00)
Klot tty1 Fri Jul 20 22:26-22:26 (00:00)
root:0 Fri Jul 20 22:22-20:21 (5+21:58)
klot:0 Fri Jul 20 22:22-22:22 (00:00)
Root tty1 Fri Jul 20 20:58-22:26 (01:28)
Klot tty1 Fri Jul 20 20:58-20:58 (00:00)
Klot tty1 Fri Jul 20 20:57-20:58 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Reboot tty1 Fri Jul 20 20:55-20:57 (00:02)
Root tty1 Fri Jul 20 20:54-20:55 (00:00)
Root tty1 Fri Jul 20 20:54-20:54 (00:00)
Btmp begins Mon Apr 30 22:05:54 2007
#显示特定tty口的登录, 1 is tty1 login situation, see very clearly. Np962e76 and lkdjflkj and Klot are not actually
#录成功, I forgot my password. The first two users, there is no at all, but there are records.
[Email protected] ~]# last-n 15-f/var/log/btmp 1
Klot tty1 Fri Jul 22:27 gone-no Logout
np962e76 tty1 Fri Jul 20 22:26-22:27 (00:00)
Klot tty1 Fri Jul 20 22:26-22:26 (00:00)
Root tty1 Fri Jul 20 20:58-22:26 (01:28)
Klot tty1 Fri Jul 20 20:58-20:58 (00:00)
Klot tty1 Fri Jul 20 20:57-20:58 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Reboot tty1 Fri Jul 20 20:55-20:57 (00:02)
Root tty1 Fri Jul 20 20:54-20:55 (00:00)
Root tty1 Fri Jul 20 20:54-20:54 (00:00)
Root tty1 Fri Jul 20 20:54-20:54 (00:00)
LKDJFLKJ tty1 Fri Jul 20 20:54-20:54 (00:00)
Klot tty1 Fri Jul 20 20:53-20:54 (00:00)
Btmp begins Mon Apr 30 22:05:54 2007
#显示特定用户的登录情况.
[Email protected] ~]# last-n 15-f/var/log/btmp klot
Klot tty1 Fri Jul 22:27 gone-no Logout
Klot tty1 Fri Jul 20 22:26-22:26 (00:00)
klot:0 Fri Jul 20 22:22-22:22 (00:00)
Klot tty1 Fri Jul 20 20:58-20:58 (00:00)
Klot tty1 Fri Jul 20 20:57-20:58 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 Fri Jul 20 20:53-20:54 (00:00)
Klot tty1 Fri Jul 20 20:53-20:53 (00:00)
Klot tty1 Fri Jul 20 20:53-20:53 (00:00)
Klot tty1 Fri Jul 20 20:53-20:53 (00:00)
Klot tty1 Fri Jul 20 20:52-20:53 (00:00)
Klot tty1 Fri Jul 20 20:52-20:52 (00:00)
Klot tty1 Fri Jul 20 20:52-20:52 (00:00)
Btmp begins Mon Apr 30 22:05:54 2007
#显示登录登出的记录,-X.
[Email protected] ~]# last-n 15-f/var/log/btmp klot-x
Klot tty1 Fri Jul 22:27 gone-no Logout
Klot tty1 Fri Jul 20 22:26-22:26 (00:00)
klot:0 Fri Jul 20 22:22-22:22 (00:00)
Klot tty1 Fri Jul 20 20:58-20:58 (00:00)
Klot tty1 Fri Jul 20 20:57-20:58 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 Fri Jul 20 20:53-20:54 (00:00)
Klot tty1 Fri Jul 20 20:53-20:53 (00:00)
Klot tty1 Fri Jul 20 20:53-20:53 (00:00)
Klot tty1 Fri Jul 20 20:53-20:53 (00:00)
Klot tty1 Fri Jul 20 20:52-20:53 (00:00)
Klot tty1 Fri Jul 20 20:52-20:52 (00:00)
Klot tty1 Fri Jul 20 20:52-20:52 (00:00)
Btmp begins Mon Apr 30 22:05:54 2007
#-i shows the status of a specific IP login. Tracking use.
[Email protected] ~]# last-n 15-i 127.0.0.1-f/var/log/btmp klot
Klot tty1 0.0.0.0 Fri Jul 22:27 gone-no Logout
Klot tty1 0.0.0.0 Fri Jul 20 22:26-22:26 (00:00)
klot:0 0.0.0.0 Fri Jul 20 22:22-22:22 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:58-20:58 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:57-20:58 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:57-20:57 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:53-20:54 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:53-20:53 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:53-20:53 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:53-20:53 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:52-20:53 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:52-20:52 (00:00)
Klot tty1 0.0.0.0 Fri Jul 20 20:52-20:52 (00:00)
1, clear the Login system success record, that is, the last command to see the record
[[Email protected] ~]echo >/var/log/wtmp This file is garbled when it is opened by default, it can see the IP and so on information
Validation process
[[Email protected] ~] #last
Root pts/0 10.5.10.51 Thu Sep 2 00:59 still logged in
Root PTS/2 10.5.10.60 Wed Sep 1 16:11-17:47 (01:35)
Root PTS/2 10.5.10.60 Wed Sep 1 16:08-16:10 (00:02)
Root pts/0 10.5.10.61 Wed Sep 1 14:16-23:02 (08:46)
Root PTS/3 10.5.10.59 Wed Sep 1 11:28-19:38 (08:10)
Root PTS/2 10.5.10.60 Wed Sep 1 11:18-16:07 (04:49)
Root PTS/1 10.5.10.191 Wed Sep 1 11:17-19:12 (07:55)
。。。。。。。。。。。。。。。。。。。。。。。
[[Email protected] ~] #echo >/var/log/wtmp
[[Email protected] ~] #last
Wtmp begins Thu Sep 2 01:04:34 2010
[Email protected] ~]#
The user logon information is not visible at this time
2, clear the login system failed record, that is, the LASTB command to see the record
[[Email protected] ~]echo >/var/log/btmp This file is garbled when it is opened by default
Validation methods
Execute LASTB before executing the command as follows
[[Email protected] ~] #lastb
Root Ssh:notty 10.5.10.60 Wed Sep 1 16:11-16:11 (00:00)
Tty6 Mon 30 22:53-22:53 (00:00)
Tty6 Mon 30 18:52-18:52 (00:00)
Tty6 Mon 30 18:52-18:52 (00:00)
++++++ tty6 Mon 30 18:52-18:52 (00:00)
LINUXZGF Ssh:notty 10.5.10.60 Mon 30 11:21-11:21 (00:00)
LINUXZGF Ssh:notty 10.5.10.60 Mon 30 09:37-09:37 (00:00)
。。。。。。。。。
And then execute
[[Email protected] ~] #echo >/var/log/btmp
[[Email protected] ~] #lastb
Btmp begins Thu Sep 2 01:01:06 2010
3. Clear History Execution Command
[Email protected] ~]history-c
Turn from:
http://blog.csdn.net/a007zheng/article/details/6985521
Linux-Last (Turn)