As an example if you execute last without any parameters you might see something like the below:
[root@temmpnode ~]# last -a opc pts/3 Fri Mar 17 08:42 still logged in 61.113.181.37 opc pts/3 Fri Mar 17 07:45 - 07:45 (00:00) 61.113.181.37 opc pts/2 Fri Mar 17 07:14 - 09:24 (02:10) 61.113.181.37 opc pts/1 Fri Mar 17 07:09 still logged in 61.113.181.37 opc pts/0 Fri Mar 17 07:03 still logged in 61.113.181.37
The last command has a number of parameters that can make your life more easy when trying to find out who did log into the system.
-f file
Tells last to use a specific file instead of /var/log/wtmp.
-num
This is a count telling last how many lines to show.
-n num
The same as -num
-t YYYYMMDDHHMMSS
Display the state of logins as of the specified time. This is useful, e.g., to determine easily who was logged in at a particular time -- specify that time with -t and look for "still logged in".
-f file
Specifies a file to search other than /var/log/wtmp.
-R
Suppresses the display of the hostname field.
-a
Display the hostname in the last column. Useful in combination with the next flag.
-d
For non-local logins, Linux stores not only the host name of the remote host but its IP number as well. This option translates the IP number back into a hostname.
-F
Print full login and logout times and dates.
-i
This option is like -d in that it displays the IP number of the remote host, but it displays the IP number in numbers-and-dots notation.
-o
Read an old-type wtmp file (written by linux-libc5 applications).
-w
Display full user and domain names in the output.
-x
Display the system shutdown entries and run level changes.
No comments:
Post a Comment