Skip to content
SoftPrayog
SoftPrayog

SoftPrayog

  • Home
  • Software Engineering
  • Tutorials
  • Troubleshooting
  • Programming
Posted on October 3, 2018December 2, 2018

Find user login history – last and lastb commands in Linux

Login

1.0 last and lastb

The last command gives a chronological list of user logins in a Linux system for a period of time. The lastb commands gives a similar list of failed logins to the system. By default, last uses the /var/log/wtmp file for the record of login data. Similarly, lastb, by default, reads the /var/log/btmp file for the record of failed logins.

2.0 Command syntax

last [-R] [-num] [ -n num ] [-adFiowx] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...]  [tty...]
lastb [-R] [-num] [ -n num ] [ -f file ] [-adFiowx] [name...]  [tty...]

3.0 Examples

3.1 last

$ last
user1    pts/0        203.0.113.168    Tue May 17 10:26   still logged in
user1    ttyS0                         Tue May 17 10:19 - 10:20  (00:00)
user2    pts/1        198.51.100.12    Tue May 17 00:54 - 01:33  (00:38)
user3    pts/3        198.51.100.15    Mon May 16 10:13 - 17:54  (07:40)
user2    pts/7        198.51.100.11    Sun May 15 17:28 - 17:41  (00:13)
user1    pts/2        198.51.100.19    Sun May 15 15:08 - 15:19  (00:10)
user3    pts/0        198.51.100.17    Sat May 14 08:29 - 11:15  (02:45)
  ...
  ...
  ...
user1    ttyS0                         Sat May  7 03:51 - 03:53  (00:02)
reboot   system boot  4.5.0-x86_64-lin Sat May  7 03:50   still running

For each login, username, terminal, IP address, date and times of login and logout and the session time are printed. The line for pseudo-user reboot gives the time of system boot.

3.2 lastb

lastb gives the history of failed logins.

$ sudo lastb
admin    ssh:notty    203.0.113.252    Wed May  4 05:17 - 05:17  (00:00)
UNKNOWN  ttyS0                         Tue May  3 16:48 - 16:48  (00:00)

btmp begins Tue May  3 16:48:02 2016

3.3 last -f filename

With the -f option , we can use a different input file. The -R option suppresses the display of hostname.

$ last -R -f /var/log/wtmp.1
user1    :0           Fri Apr 29 05:46 - down   (00:20)
reboot   system boot  Fri Apr 29 05:46 - 06:07  (00:21)
guest-8S :1           Thu Apr 28 20:53 - 21:15  (00:21)
   ...

3.4 last -n num

The -n num option limits the output to the first num lines. We can skip -n and say last -num and get the same output.

3.5 last -F

The -F option is for the printing of full login and logout dates and times.

3.6 last -a

with the -a option, we get the hostname in the last column.

3.7 last -d

-d displays the hostname instead of its IP address. For example,

$ last -5  -F -a -d
user1    pts/0        Wed May 18 00:27:06 2016   still logged in                       arbt-equat-dynamic-198.51.100.19.expressbroadband.com
user1    ttyS0        Wed May 18 00:26:11 2016 - Wed May 18 00:26:42 2016  (00:00)     0.0.0.0
user1    pts/0        Tue May 17 17:12:26 2016 - Tue May 17 17:20:32 2016  (00:08)     arbt-equat-dynamic-198.51.100.19.expressbroadband.com
user1    ttyS0        Tue May 17 17:11:26 2016 - Tue May 17 17:11:57 2016  (00:00)     0.0.0.0
user1    pts/0        Tue May 17 10:26:14 2016 - Tue May 17 12:02:32 2016  (01:36)     arbt-equat-dynamic-198.51.100.19.expressbroadband.com

3.8 last -i

The -i option causes prining of user's IP address in numbers and dots notation.

3.9 last user

If a username is passed as a command line parameter, the login data for that user is printed.

$ last alice -5 -a -i
alice   pts/0        Wed May 18 06:54   still logged in    198.51.100.17
alice   pts/0        Wed May 18 00:27 - 01:00  (00:33)     203.0.113.168
alice   ttyS0        Wed May 18 00:26 - 00:26  (00:00)     0.0.0.0
alice   pts/0        Tue May 17 17:12 - 17:20  (00:08)     198.51.100.15
alice   ttyS0        Tue May 17 17:11 - 17:11  (00:00)     0.0.0.0

Related Posts:

ip command in Linuxip command in Linux 1.0 INTRODUCTION The iproute2 package contains utilities for network and traffic control. The major commands in iproute2 package are the ip command for IPV4 and IPV6 configuration and tc for traffic control.…
netstatnetstat 1. netstat command The netstat command in Linux provides network statistics and information about the networking subsystem. It gives information about network connections, routing tables and network interface statistics. For example, $…
Git TutorialGit Tutorial Git is a software source code management (SCM) system, originally developed by Linus Torvalds in 2005 for the management of Linux kernel source code. Using Git greatly simplifies the source code management…
Routing in LinuxRouting in Linux In Internet, the Internet Protocol (IP) is at the Network Layer, which is the third layer of the ISO reference model of network architecture. IP deals with IP packets or datagrams, which…
Awk TutorialAwk Tutorial 1.0 awk awk is a filter which takes the input and gives output after matching desired patterns and doing processing linked to matched patterns. awk is well suited for processing voluminous raw…
ss command in Linuxss command in Linux 1. ss command The ss command gives the socket statistics. It gives information about the network connections. ss is a replacement for the netstat command. By default, the ss command gives information…
CategoriesTutorials Tagscommand, example, last, lastb, Linux, login, syntax, user

Post navigation

Previous PostPrevious Dovecot: imap Error: open (/var/mail/username) failed
Next PostNext D-Bus Tutorial

Recent Posts

  • MCE hardware error cpu 0
  • Network Socket Programming using UDP in C
  • Network Socket Programming using TCP in C
  • Signals in Linux
  • systemd – System and service manager in Linux

Most Popular

App
  • Random Quotes

    Download Random Quotes
About SoftPrayog            Privacy Policy            Contact Us            Photographs
Copyright © 2007-2019 SoftPrayog.in. All Rights Reserved.