Linux view login log

1. `utmp`, `wtmp`, `btmp` File

/var/run/utmp: The utmp file allows one to discover information about who is currently using the system. By default, who and w record the information of the currently logged in user, and uptime records the system startup time;
/var/log/wtmp: wtmp gives historical data of utmp. By default, viewed by the last command.
/var/log/btmp: btmp records only failed login attempts. By default, viewed by the lastb command.

2.1 `lastlog` Command

The lastlog command reports the most recent login of all users or of a given user

Username         Port     From             Latest
root             pts/0    115.218.214.109  Tue Feb  8 12:53:24 +0800 2022
bin                                        **Never logged in**
daemon                                     **Never logged in**
adm                                        **Never logged in**
lp                                         **Never logged in**
sync                                       **Never logged in**
shutdown                                   **Never logged in**
halt                                       **Never logged in**
mail                                       **Never logged in**
operator                                   **Never logged in**
games                                      **Never logged in**
ftp                                        **Never logged in**
nobody                                     **Never logged in**
dbus                                       **Never logged in**
systemd-coredump                           **Never logged in**
systemd-resolve                            **Never logged in**
tss                                        **Never logged in**
polkitd                                    **Never logged in**
unbound                                    **Never logged in**
libstoragemgmt                             **Never logged in**
cockpit-ws                                 **Never logged in**
setroubleshoot                             **Never logged in**
sssd                                       **Never logged in**
insights                                   **Never logged in**
sshd                                       **Never logged in**
chrony                                     **Never logged in**
tcpdump                                    **Never logged in**
syslog                                     **Never logged in**
lighthouse                                 **Never logged in**
nginx                                      **Never logged in**

2.2 `last` Command

The last command gives a chronological list of user logins in a Linux system for a period of time.

[root@VM-4-10-centos ~]# last
root     pts/0        115.***.***.***  Tue Feb  8 12:53   still logged in
root     pts/0        115.***.***.***  Mon Feb  7 23:53 - 00:03  (00:09)
root     pts/0        115.***.***.***  Sun Feb  6 11:54 - 11:57  (00:03)
root     pts/3        112.***.***.***  Wed Feb  2 20:15 - 20:18  (00:03)
root     pts/2        112.***.***.***  Wed Feb  2 20:10 - 22:24  (02:14)
root     pts/2        112.***.***.***  Wed Feb  2 20:05 - 20:08  (00:03)

2.3 `lastb` Command

The lastb command gives a similar list of failed logins to the system.

[root@VM-4-10-centos ~]# lastb
root     ssh:notty    112.***.***.***   Tue Feb  8 05:15 - 05:15  (00:00)
root     ssh:notty    112.***.***.***   Tue Feb  8 05:12 - 05:12  (00:00)
root     ssh:notty    112.***.***.***   Tue Feb  8 05:09 - 05:09  (00:00)
root     ssh:notty    112.***.***.***   Tue Feb  8 05:06 - 05:06  (00:00)
root     ssh:notty    112.***.***.***   Tue Feb  8 05:04 - 05:04  (00:00)
pi       ssh:notty    220.***.***.***   Tue Feb  8 04:06 - 04:06  (00:00)
pi       ssh:notty    220.***.***.***   Tue Feb  8 04:06 - 04:06  (00:00)
pi       ssh:notty    220.***.***.***   Tue Feb  8 04:06 - 04:06  (00:00)
pi       ssh:notty    220.***.***.***   Tue Feb  8 04:06 - 04:06  (00:00)
Deploy   ssh:notty    185.***.***.***   Mon Feb  7 20:57 - 20:57  (00:00)

2.4 `who` Command

The who command prints a list of currently logged in users.

1 2	`[root@VM-4-10-centos ~]# who root pts/0 2022-02-08 12:53 (115.*..**)`

2.5 `w` Command

The w command shows the information about the users currently on the machine and their processes. The header shows, in this order, the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.

[root@VM-4-10-centos ~]# w
 14:58:01 up 15 days, 23:36,  1 user,  load average: 0.02, 0.06, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    115.***.***.***  12:53    0.00s  0.04s  0.00s w

2.6 `users` Command

The users command in Linux system is used to show the user names of users currently logged in to the current host.

1 2	`[root@VM-4-10-centos ~]# users root`

#Linux

Linux view login log

https://www.hardyhu.cn/2022/02/08/Linux-view-login-log/

Author

John Doe

Posted on

February 8, 2022

Licensed under

Jenkins Tutorial for Beginners Previous

Docker Deployment Project - Demo vueblog Next

Linux view login log

1. utmp, wtmp, btmp File

2. Introduction to related commands

2.1 lastlog Command

2.2 last Command

2.3 lastb Command

2.4 who Command

2.5 w Command

2.6 users Command

1. `utmp`, `wtmp`, `btmp` File

2.1 `lastlog` Command

2.2 `last` Command

2.3 `lastb` Command

2.4 `who` Command

2.5 `w` Command

2.6 `users` Command