Last: View current and past user login information[[emailprotected] ~]# lastroot pts/0 192.168.1.106 Fri June 09:53 still logged in admin tty1 : 0 Fri June 09:47 still logged in root tty5 Fri June 09:31 still logged in reboot System boot 2.6.32-431.el6.x Fri June 17:35-09:56 ( -7:-38) root tty5 Fri June 3 07:31 -Down (00:34) reboot system boot 2.6.32-431.el6.x Fri June 3 07:27-08:06 (00:39) root tty5 Fri June 3 07:21-down (00:04) Admin tty1
configuration file-m,–create-home Automatically create login directories-L, do not add the user to the Lastlog file-M, do not create the login directory automatically-R, set up the system account-o,–non-unique allows the user to have the same UID-p,–password password using encrypted passwords for new users-s,–shell Shell Login Time Shell-u,–uid UID Specifies a UID for the new user-z,–selinux-user Seuser use a specific seuser for the SELinux user mapp
First, the cause of the common crashSecond, log analysisThe log system, which is controlled by the Rsyslog.service service, is used to record the system kernel and the log information of each application respectively. Configuration file/etc/rsyslog.conf/var/log/messages records system kernel messages and common log information for various applications, including startup, IO error, network error, program error, etc., for applications or services that do not use stand-alone log files, you can gene
functionality implementationWarning Alert information (warning message)Notice general conditions of importance (common but important messages)Message (Informational message) for infoDebug does not contain additional information about a function condition or problem (debug level-most information)None has no important level and is usually used for troubleshooting (no log messages are logged)* All levels, except noneAction1./var/log/lastlog: Records the
??????????????????? Help-k,–skel Skel_dir?????????? Specify a different Skel directory-k,–key Key=value?????????? Overwrite/etc/login.defs configuration file-m,–create-home???????????? Automatically create a login directory-L,?????????????????????????? Do not add users to the Lastlog file-M,?????????????????????????? Do not automatically create a login directory-R,?????????? ???????????????? Create a System account-o,–non-unique????????????? Allow use
,–create-home Automatically create login directories-L, do not add the user to the Lastlog file-M, do not create the login directory automatically-R, set up the system account-o,–non-unique allows the user to have the same UID-p,–password password using encrypted passwords for new users-s,–shell Shell Login Time Shell-u,–uid UID Specifies a UID for the new user-z,–selinux-user Seuser use a specific seuser for the SELinux user mapping[Email protected]
login command is also recorded in this file. /var/log/fontconfig.log- log associated with the font configuration . /var/log/fsck- File System log/var/log/faillog- contains user logon failure information. In addition, the error login command is also recorded in this file. /var/log/hp//var/log/install//var/log/jokey.log/var/log/kern.log – Contains logs generated by the kernel to help resolve issues when customizing the kernel. /var/log/lastlog- record
The log of connection time in Linux is usually recorded by the two files of/var/log/wtmp and/var/run/utmp, but these two files cannot be viewed directly with cat, and the file is automatically updated by the system, we can use W, who, Finger, ID, Last, Lastlog, ac command to view.Linux in the monitoring log for the process, first of all, the process monitoring log in the monitoring of the user's operation instructions is very effective, when the serve
############The most important use of snort is also as a network intrusion detection system (NIDS), using the following command line to start this mode:./snort-d-L/log-h 192.168.0.0/24-c snort.confNine, Linux log analysisLinux Log System classificationConnection time Log--The connection time log is executed by multiple programs, writing records to/var/log/wtmp and/var/run/utmp. Login and other programs update the WTMP and utmp files so that system administrators can track who is logged on to the
possible to obtain related event logging information from the file. 2. >/var/log/cron: Log event messages generated by Crond scheduled tasks. 3. >/VARLOG/DMESG: Record the various event information of the Linux system during the boot process. 4. >/var/log/maillog: Record the e-mail activity that enters or issues the system. 5. >/var/log/lastlog: Recent successful logon events and last unsuccessful logon events. 6. >/var/log/rpmpkgs: Install each RPM
, the error login command is also recorded in this file./var/log/fontconfig.log-log associated with the font configuration . /VAR/LOG/FSCK-File System log/var/log/faillog-Contains user logon failure information. In addition, the error login command is also recorded in this file./var/log/hp//var/log/install//var/log/jokey.log/var/log/kern.log– contains the logs generated by the kernel to help resolve problems when customizing the kernel./var/log/lastlog
: Automatically mounts based on the contents of the/etc/fstab profile#mount [-t file system] [-o Special Options] device mount name mount pointOptions:-T File system: Add File system and other types to make mount type, can ext3, Ext4, iso9660 and other file system-O Special option: You can specify additional options for mountingExample: #mount-o remount,noexec/home: Using the Noexec#cd/Home #vi hello.sh (#! /bin/bash echo "Hello") #chmod 755 hello.sh#./hello.sh Run error prompt does not have per
logs generated by the kernel to help resolve issues when customizing the kernel.
/var/log/lastlog -Records the most recent information for all users. This is not an ASCII file, so you need to use the Lastlog command to view the content.
/var/log/maillog/var/log/mail.log -Contains the log information of the system running the e-mail server. For example, SendMail log information is all sent to this file.
permissions (3) Mount Disc mkdir/mnt/cdrom/#建立挂载点, empty directories can be Mount-T iso9660/dev/sr0/mnt/cdrom/or Mount/dev/sr0/mnt/cdrom/#挂载光盘 (4) unmount the disc umount device file name or mount point Umount/mnt/cdrom/or umount/dev/Sr0 (5) mount the USB flash drive Fdisk-l# View Device file name Mount-T vfat/dev/sdb1/mnt/usb/#vfat指的是fat32文件系统 #linux The NTFS file system is not supported by defaultW View user information (with system resources) the load average:x.xx x.xx x.xx represents the a
Key words
Write
Wall
Last
Lastlog
Traceroute
Netstat
Mount
1.write
This command can send messages to all online users Example: Accept Message User: Press ENTER to exit 2.wall
Send messages to all online users Example: 3.last
This command to see who has logged into the system 4.lastlog
To view the last logon time for each user 5.traceroute
Route Trace command,
/log/lastlog-records the most recent information for all users. This is not an ASCII file, so you need to use the Lastlog command to view the content./var/log/maillog/var/log/mail.log-contains the log information of the system running the e-mail server. For example, SendMail log information is all sent to this file./var/log/user.log-logs all levels of user information./var/log/xorg.x.log-the log information
records the kernel self-test information when the system is powered on, or can use the DMESG command to view the kernel self-test information directly.
/var/log/btmp
Logs logging of incorrect logins. The file is a binary file and cannot be viewed directly from VI, but to use the LASTB command to view
/var/log/lastlog
Log the last logon time of all users in the system, the file is also a binary file, cannot be dir
1, use the WHO command to view the current login status., The WHO command allows you to view the current user and IP login status.2, use the last command to view recent logins., the last command lists user logon times and IP records for the most recent period.3. Use the Lastlog command to view individual user logins, the Lastlog command lists the logins for each user and, if not logged in, displays never lo
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.