It is time to go into action. Open a new terminal (CTRL+ALT+T in Ubuntu Linux) and run the following command to get information on all users logged in and out in your unix-like system.
lastTo display when a certain user has logged in type the following command.
last oltjanoMake sure to replace the username oltjano with the name of the user you are looking for. If you want full login and logout times and dates use the -F option to print them.
last -FThe -x option can be used to display the system shutdown entries and run level changes.
last -xWhat about non-local logins? Can we get information about them? We are very lucky because Linux stores both the host name of the remote host and its IP number. The -d option will help us.
last -dThe -i option displays the IP number in numbers-and-dots notation.
last -iThe -f option tells last to use a specific file instead of /var/log/wtmp.
last -f path_to_fileA very useful option is the -n option which can be used to tell the last command-line utility how many lines to show. The example shown below tells last to show only three lines.
last -n 3Suppresses the display of the hostname field with the -R option.
last -RA tool which is the same as last is the lastb command-line utility. It shows a log of the file /var/log/btmp, which contains all the bad login attempts. As far as I am concerned you can use the same options we used with the last tool with the lastb utility but it is worth experimenting and playing by yourself. Note: If wtmp and btmp files are not found you can create them with a simple touch command or by using your favourite text editor.
touch /var/log/wtmp touch /var/log/btmpIf these files do not exist the system will not log any information on them so make sure they exist before using the last and lastb utilities.
