|
Last command is to list the current and past users of the system login information. Its main parameters are:
(1) -a sign the host name or IP address of the system, is displayed in the last line.
(2) -d the IP address into a host name.
(3) -f Specifies the log file.
(4) -n or - Settings column lists the number of display lists
(5) -R login system does not display the host name or IP address
(6) -x Display the system shutdown, restart, and the execution level changes and other information.
Command Description:
This command is used to list the current and past users of the system login information. Instruction English original meaning: show listing of last logged in users
Execute permissions: Some need special permission
Instruction where the path: / usr / bin / last
When the last instruction executed, it reads located in / var / log directory name wtmp file, and the list of users that log on to the system log file of all the content is displayed. The default is to show the wtmp record, btmp can display more detail, you can display remote login, such as ssh login.
utmp file is currently being stored in the system user information.
wtmp file is saved in the user logged on the system information.
Command Output Field Description:
The first column: Username
The second column: end position. pts / 0 (pseudo-terminal) from means such as a user .tty (teletypewriter) remote SSH or telnet connection means to connect directly to the user's computer or local connection
The third column: Sign ip or kernel. If you see: 0.0, or nothing at all, which means that the user is connected through a local terminal. In addition to restart activities, kernel version will be displayed in the state.
The fourth column: Start Time
Fifth column: End time (still login in yet exit down until the normal shutdown crash until the forced shutdown)
The sixth column: Duration
Command syntax:
last [-R] [-num] [-n num] [-adiowx] [-f file] [-t YYYYMMDDHHMMSS] [name ...] [tty ...]
Command parameters:
parameter
Length argument
Miao Xu
-a
The host name or IP address of the system, is displayed in the last line
-d
The IP address into a host name
-f
Specifies the log file, the default is to show the recording / var / log directory wtmp file, but the content was btmp can, / var / log directory display more rich, you can display the remote login, such as ssh login, including failed login request.
-i
-i display case specific ip login. -i Display case for tracking specific ip login. Tracking
-o
Read an old-type wtmp file (written by linux-libc5 applications).
-n
-n or - the number of display settings listed in the list of columns
-w
Display full user and domain names in the output
-R
Does not display the host name or IP (omitted hostname field) sign system
-t
Display information before YYYYMMDDHHMMSS
-x
Display system shutdown, user logon and logoff history
Example of use:
1: last command to view the help information
[Root @ linuxhost ~] # man last
[Root @ linuxhost ~] # last -h
last: invalid option - h
Usage: last [-num | -n num] [-f file] [-t YYYYMMDDHHMMSS] [-R] [-x] [-o] [-w] [username ..] [tty ..]
2: N records show the last sign-on system
[Root @ linuxhost ~] #last -10
root pts / 1: 0.0 Wed Dec 18 09:54 still logged in
root pts / 4: 0.0 Wed Dec 18 09:43 - 09:48 (00:04)
root pts / 1: 0.0 Wed Dec 18 09:43 - 09:48 (00:05)
root pts / 3 192.168.103.79 Wed Dec 18 09:41 - 12:40 (02:59)
root pts / 4: 0.0 Wed Dec 18 09:28 - 09:30 (00:01)
root pts / 3: 0.0 Wed Dec 18 09:27 - 09:30 (00:02)
root pts / 2 192.168.103.29 Wed Dec 18 09:27 still logged in
root pts / 1: 0.0 Wed Dec 18 09:27 - 09:42 (00:15)
root pts / 2: 0.0 Wed Dec 18 09:23 - 09:25 (00:01)
root pts / 1: 0.0 Wed Dec 18 09:22 - 09:25 (00:02)
wtmp begins Wed Dec 11 03:02:17 2013
[Root @ linuxhost ~] # last -n 10
root pts / 1: 0.0 Wed Dec 18 09:54 still logged in
root pts / 4: 0.0 Wed Dec 18 09:43 - 09:48 (00:04)
root pts / 1: 0.0 Wed Dec 18 09:43 - 09:48 (00:05)
root pts / 3 192.168.103.79 Wed Dec 18 09:41 - 12:40 (02:59)
root pts / 4: 0.0 Wed Dec 18 09:28 - 09:30 (00:01)
root pts / 3: 0.0 Wed Dec 18 09:27 - 09:30 (00:02)
root pts / 2 192.168.103.29 Wed Dec 18 09:27 still logged in
root pts / 1: 0.0 Wed Dec 18 09:27 - 09:42 (00:15)
root pts / 2: 0.0 Wed Dec 18 09:23 - 09:25 (00:01)
root pts / 1: 0.0 Wed Dec 18 09:22 - 09:25 (00:02)
wtmp begins Wed Dec 11 03:02:17 2013
3: The host name or IP address of the log is displayed in the last line
[Root @ linuxhost ~] # last -10 -a
root pts / 1 Wed Dec 18 09:54 still logged in: 0.0
root pts / 4 Wed Dec 18 09:43 - 09:48 (00:04): 0.0
root pts / 1 Wed Dec 18 09:43 - 09:48 (00:05): 0.0
root pts / 3 Wed Dec 18 09:41 - 12:40 (02:59) 192.168.103.79
root pts / 4 Wed Dec 18 09:28 - 09:30 (00:01): 0.0
root pts / 3 Wed Dec 18 09:27 - 09:30 (00:02): 0.0
root pts / 2 Wed Dec 18 09:27 still logged in 192.168.103.29
root pts / 1 Wed Dec 18 09:27 - 09:42 (00:15): 0.0
root pts / 2 Wed Dec 18 09:23 - 09:25 (00:01): 0.0
root pts / 1 Wed Dec 18 09:22 - 09:25 (00:02): 0.0
wtmp begins Wed Dec 11 03:02:17 2013
4: Do not display the host name or IP address of the sign system
[Root @ linuxhost ~] # last -10 -R
root pts / 1 Wed Dec 18 09:54 still logged in
root pts / 4 Wed Dec 18 09:43 - 09:48 (00:04)
root pts / 1 Wed Dec 18 09:43 - 09:48 (00:05)
root pts / 3 Wed Dec 18 09:41 - 12:40 (02:59)
root pts / 4 Wed Dec 18 09:28 - 09:30 (00:01)
root pts / 3 Wed Dec 18 09:27 - 09:30 (00:02)
root pts / 2 Wed Dec 18 09:27 still logged in
root pts / 1 Wed Dec 18 09:27 - 09:42 (00:15)
root pts / 2 Wed Dec 18 09:23 - 09:25 (00:01)
root pts / 1 Wed Dec 18 09:22 - 09:25 (00:02)
wtmp begins Wed Dec 11 03:02:17 2013
5: Specify the / var / log / btmp file, view the user log information
[Root @ linuxhost ~] # last -n 10 -f / var / log / btmp
root ssh: notty 192.168.136.163 Fri Oct 17 18:16 gone - no logout
root ssh: notty 192.168.136.163 Fri Oct 17 09:50 - 18:16 (08:26)
root ssh: notty 192.168.136.163 Fri Oct 17 09:50 - 09:50 (00:00)
root ssh: notty 192.168.40.218 Tue Jul 23 17:40 - 09:50 (450 + 16: 10)
root ssh: notty 192.168.236.149 Sun Apr 14 01:34 - 17:40 (100 + 16: 05)
root ssh: notty 192.168.178.147 Fri Mar 8 17:25 - 01:34 (36 + 08: 08)
tomcat ssh: notty get185806.gfg1.e Fri Oct 26 16:48 - 17:25 (133 + 00: 37)
root ssh: notty 192.168.193.3 Mon Oct 22 18:13 - 16:48 (3 + 22: 34)
root ssh: notty 192.168.193.3 Mon Oct 22 18:13 - 18:13 (00:00)
devloper ssh: notty get185819.gfg1.e Wed Oct 17 17:22 - 18:13 (5 + 00: 50)
btmp begins Thu Apr 12 14:30:06 2012
6: The IP address into a host name
last -10 -d
clip_image001
7: Display YYYYMMDDHHMMSS (20150110093000) prior information
[Root @ linuxhost ~] # last -10 -t 20150110093000
root pts / 2 192.168.102.186 Fri Jan 9 15:35 - 17:27 (01:52)
root pts / 2 192.168.102.134 Thu Jan 8 10:25 - 12:27 (02:02)
root pts / 3 192.168.125.53 Tue Jan 6 23:59 - 00:09 (00:09)
root pts / 2 192.168.125.53 Tue Jan 6 23:45 - 00:09 (00:23)
root pts / 3 192.168.102.88 Tue Jan 6 15:23 - 16:20 (00:57)
root pts / 2 192.168.102.88 Tue Jan 6 15:08 - 17:25 (02:16)
Oracle pts / 1: 2.0 Tue Jan 6 15:07 still logged in
reboot system boot 2.6.32-200.13.1 Tue Jan 6 15:07. (7 + 20: 21)
root pts / 2 192.168.102.88 Tue Jan 6 14:47 - down (00:17)
oracle pts / 1: 2.0 Tue Jan 6 14:46 - down (00:18)
wtmp begins Wed Apr 11 16:31:10 2012 |
|
|
|