Linux-Last (Turn)

Source: Internet
Author: User

Linux Last Command Introduction

Feature Description: Lists information about users that are currently logged in to the system in the past.

Syntax: last [-adrx][-f < record file >][-n < show number of columns >][account name ...] [Terminal number ...]

Additional Note: Execute the last instruction separately, it will read the file named Wtmp in the/var/log directory, and display the user list of the logged-in system to the file's content record.

Parameters

-a the host name or IP address from which to log in to the system, displayed on the last line.

-D converts the IP address to the host name.

-F < record file > specify record file.

-N < Show columns > or-< Show columns > set the number of displayed columns for the list.

-R does not display the host name or IP address of the login system.

-X displays information such as system shutdown, reboot, and execution level changes.

Last command:

Feature Description: Lists information about users that are currently logged in to the system in the past.

======== test Environment: Fedora core 6.0; Kernel: 2.6.18========

#last用了显示用户登录情况. The following is a record that displays a fixed number of rows directly. KKK is a new user.

[Email protected] ~]$ last-6

KKK pts/2:0.0 Thu Jul 20:48 still logged in

KKK pts/2:0.0 Thu Jul 26 20:21-20:21 (00:00)

kkk:0 Thu Jul 20:21 still logged in

Reboot system boot 2.6.18-1.2798.FC Thu Jul 26 20:20 (00:41)

KKK pts/2:0.0 Thu Jul 26 11:16-11:46 (00:30)

KKK pts/2:0.0 Thu Jul 26 10:18-10:18 (00:00)

Wtmp begins Sun Jul 1 15:17:08 2007

#默认是显示wtmp的记录, the btmp can be displayed in more detail and can display remote logins, such as SSH logins.

[Email protected] ~]# last-n 15-f/var/log/btmp

kkk:0 Thu Jul 20:21 still logged in

Klot tty1 Fri Jul 22:27 gone-no Logout

np962e76 tty1 Fri Jul 20 22:26-22:27 (00:00)

Klot tty1 Fri Jul 20 22:26-22:26 (00:00)

root:0 Fri Jul 20 22:22-20:21 (5+21:58)

klot:0 Fri Jul 20 22:22-22:22 (00:00)

Root tty1 Fri Jul 20 20:58-22:26 (01:28)

Klot tty1 Fri Jul 20 20:58-20:58 (00:00)

Klot tty1 Fri Jul 20 20:57-20:58 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Reboot tty1 Fri Jul 20 20:55-20:57 (00:02)

Root tty1 Fri Jul 20 20:54-20:55 (00:00)

Root tty1 Fri Jul 20 20:54-20:54 (00:00)

Btmp begins Mon Apr 30 22:05:54 2007

#显示特定tty口的登录, 1 is tty1 login situation, see very clearly. Np962e76 and lkdjflkj and Klot are not actually

#录成功, I forgot my password. The first two users, there is no at all, but there are records.

[Email protected] ~]# last-n 15-f/var/log/btmp 1

Klot tty1 Fri Jul 22:27 gone-no Logout

np962e76 tty1 Fri Jul 20 22:26-22:27 (00:00)

Klot tty1 Fri Jul 20 22:26-22:26 (00:00)

Root tty1 Fri Jul 20 20:58-22:26 (01:28)

Klot tty1 Fri Jul 20 20:58-20:58 (00:00)

Klot tty1 Fri Jul 20 20:57-20:58 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Reboot tty1 Fri Jul 20 20:55-20:57 (00:02)

Root tty1 Fri Jul 20 20:54-20:55 (00:00)

Root tty1 Fri Jul 20 20:54-20:54 (00:00)

Root tty1 Fri Jul 20 20:54-20:54 (00:00)

LKDJFLKJ tty1 Fri Jul 20 20:54-20:54 (00:00)

Klot tty1 Fri Jul 20 20:53-20:54 (00:00)

Btmp begins Mon Apr 30 22:05:54 2007

#显示特定用户的登录情况.

[Email protected] ~]# last-n 15-f/var/log/btmp klot

Klot tty1 Fri Jul 22:27 gone-no Logout

Klot tty1 Fri Jul 20 22:26-22:26 (00:00)

klot:0 Fri Jul 20 22:22-22:22 (00:00)

Klot tty1 Fri Jul 20 20:58-20:58 (00:00)

Klot tty1 Fri Jul 20 20:57-20:58 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 Fri Jul 20 20:53-20:54 (00:00)

Klot tty1 Fri Jul 20 20:53-20:53 (00:00)

Klot tty1 Fri Jul 20 20:53-20:53 (00:00)

Klot tty1 Fri Jul 20 20:53-20:53 (00:00)

Klot tty1 Fri Jul 20 20:52-20:53 (00:00)

Klot tty1 Fri Jul 20 20:52-20:52 (00:00)

Klot tty1 Fri Jul 20 20:52-20:52 (00:00)

Btmp begins Mon Apr 30 22:05:54 2007

#显示登录登出的记录,-X.

[Email protected] ~]# last-n 15-f/var/log/btmp klot-x

Klot tty1 Fri Jul 22:27 gone-no Logout

Klot tty1 Fri Jul 20 22:26-22:26 (00:00)

klot:0 Fri Jul 20 22:22-22:22 (00:00)

Klot tty1 Fri Jul 20 20:58-20:58 (00:00)

Klot tty1 Fri Jul 20 20:57-20:58 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 Fri Jul 20 20:53-20:54 (00:00)

Klot tty1 Fri Jul 20 20:53-20:53 (00:00)

Klot tty1 Fri Jul 20 20:53-20:53 (00:00)

Klot tty1 Fri Jul 20 20:53-20:53 (00:00)

Klot tty1 Fri Jul 20 20:52-20:53 (00:00)

Klot tty1 Fri Jul 20 20:52-20:52 (00:00)

Klot tty1 Fri Jul 20 20:52-20:52 (00:00)

Btmp begins Mon Apr 30 22:05:54 2007

#-i shows the status of a specific IP login. Tracking use.

[Email protected] ~]# last-n 15-i 127.0.0.1-f/var/log/btmp klot

Klot tty1 0.0.0.0 Fri Jul 22:27 gone-no Logout

Klot tty1 0.0.0.0 Fri Jul 20 22:26-22:26 (00:00)

klot:0 0.0.0.0 Fri Jul 20 22:22-22:22 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:58-20:58 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:57-20:58 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:57-20:57 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:53-20:54 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:53-20:53 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:53-20:53 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:53-20:53 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:52-20:53 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:52-20:52 (00:00)

Klot tty1 0.0.0.0 Fri Jul 20 20:52-20:52 (00:00)

1, clear the Login system success record, that is, the last command to see the record

[[Email protected] ~]echo >/var/log/wtmp This file is garbled when it is opened by default, it can see the IP and so on information

Validation process

[[Email protected] ~] #last

Root pts/0 10.5.10.51 Thu Sep 2 00:59 still logged in

Root PTS/2 10.5.10.60 Wed Sep 1 16:11-17:47 (01:35)

Root PTS/2 10.5.10.60 Wed Sep 1 16:08-16:10 (00:02)

Root pts/0 10.5.10.61 Wed Sep 1 14:16-23:02 (08:46)

Root PTS/3 10.5.10.59 Wed Sep 1 11:28-19:38 (08:10)

Root PTS/2 10.5.10.60 Wed Sep 1 11:18-16:07 (04:49)

Root PTS/1 10.5.10.191 Wed Sep 1 11:17-19:12 (07:55)

。。。。。。。。。。。。。。。。。。。。。。。

[[Email protected] ~] #echo >/var/log/wtmp

[[Email protected] ~] #last

Wtmp begins Thu Sep 2 01:04:34 2010

[Email protected] ~]#

The user logon information is not visible at this time

2, clear the login system failed record, that is, the LASTB command to see the record

[[Email protected] ~]echo >/var/log/btmp This file is garbled when it is opened by default

Validation methods

Execute LASTB before executing the command as follows

[[Email protected] ~] #lastb

Root Ssh:notty 10.5.10.60 Wed Sep 1 16:11-16:11 (00:00)

Tty6 Mon 30 22:53-22:53 (00:00)

Tty6 Mon 30 18:52-18:52 (00:00)

Tty6 Mon 30 18:52-18:52 (00:00)

++++++ tty6 Mon 30 18:52-18:52 (00:00)

LINUXZGF Ssh:notty 10.5.10.60 Mon 30 11:21-11:21 (00:00)

LINUXZGF Ssh:notty 10.5.10.60 Mon 30 09:37-09:37 (00:00)

。。。。。。。。。

And then execute

[[Email protected] ~] #echo >/var/log/btmp

[[Email protected] ~] #lastb

Btmp begins Thu Sep 2 01:01:06 2010

3. Clear History Execution Command

[Email protected] ~]history-c

Turn from:

http://blog.csdn.net/a007zheng/article/details/6985521

Linux-Last (Turn)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.