How To Find Last Time The User Logged In On The System Print

  • 216

In this tutorial I will teach you how to find out who has recently used the unix-like server, which terminals are used and the time users logged in and out of the server. The command that we will use in order to accomplish the task is called last. It searches back through the file /var/log/wtmp and displays information about all users logged in and logged out. You can also specify names of users and tty’s in order to filter the output and show only those entries matching the specified input arguments. The last command-line utility comes with many various options and can also give information about the reboot pseudouser which logs in each time the system is rebooted. For example the last reboot command will show show a log of all reboots since the log file was created. How does the last command react when it catches a SIGINT signal? According to the man page for the last utility, when it catches a SIGNIT signal it show how far it has searched through the file and will terminate. You can generate a SIGINT signal with control-C. 
It is time to go into action. Open a new terminal (CTRL+ALT+T in Ubuntu Linux) and run the following command to get information on all users logged in and out in your unix-like system.
last
To display when a certain user has logged in type the following command.
last oltjano
Make sure to replace the username oltjano with the name of the user you are looking for. If you want full login and logout times and dates use the -F option to print them.
last -F
The -x option can be used to display the system shutdown entries and run level changes.
last -x
What about non-local logins? Can we get information about them? We are very lucky because Linux stores both the host name of the remote host and its IP number. The -d option will help us.
last -d
The -i option displays the IP number in numbers-and-dots notation.
last -i
The -f option tells last to use a specific file instead of /var/log/wtmp.
last -f  path_to_file
A very useful option is the -n option which can be used to tell the last command-line utility how many lines to show. The example shown below tells last to show only three lines.
last -n 3
Suppresses the display of the hostname field with the -R option.
last -R
A tool which is the same as last is the lastb command-line utility. It shows a log of the file /var/log/btmp, which contains all the bad login attempts. As far as I am concerned you can use the same options we used with the last tool with the lastb utility but it is worth experimenting and playing by yourself. Note: If wtmp and btmp files are not found you can create them with a simple touch command or by using your favourite text editor.
touch /var/log/wtmp

touch /var/log/btmp
If these files do not exist the system will not log any information on them so make sure they exist before using the last and lastb utilities.

Was this answer helpful?

« Back

["\r\n