Skip to content
SoftPrayog
  • Home
  • Software Engineering
  • Tutorials
  • Troubleshooting
  • Programming

Find user login history – last and lastb commands in Linux

Leave a Comment / Tutorials / By kjohri
FacebookTweetPinLinkedInEmail

Login

1.0 last and lastb

The last command gives a chronological list of user logins in a Linux system for a period of time. The lastb commands gives a similar list of failed logins to the system. By default, last uses the /var/log/wtmp file for the record of login data. Similarly, lastb, by default, reads the /var/log/btmp file for the record of failed logins.

2.0 Command syntax

last [-R] [-num] [ -n num ] [-adFiowx] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...]  [tty...]
lastb [-R] [-num] [ -n num ] [ -f file ] [-adFiowx] [name...]  [tty...]

3.0 Examples

3.1 last

$ last
user1    pts/0        203.0.113.168    Tue May 17 10:26   still logged in
user1    ttyS0                         Tue May 17 10:19 - 10:20  (00:00)
user2    pts/1        198.51.100.12    Tue May 17 00:54 - 01:33  (00:38)
user3    pts/3        198.51.100.15    Mon May 16 10:13 - 17:54  (07:40)
user2    pts/7        198.51.100.11    Sun May 15 17:28 - 17:41  (00:13)
user1    pts/2        198.51.100.19    Sun May 15 15:08 - 15:19  (00:10)
user3    pts/0        198.51.100.17    Sat May 14 08:29 - 11:15  (02:45)
  ...
  ...
  ...
user1    ttyS0                         Sat May  7 03:51 - 03:53  (00:02)
reboot   system boot  4.5.0-x86_64-lin Sat May  7 03:50   still running

For each login, username, terminal, IP address, date and times of login and logout and the session time are printed. The line for pseudo-user reboot gives the time of system boot.

3.2 lastb

lastb gives the history of failed logins.

$ sudo lastb
admin    ssh:notty    203.0.113.252    Wed May  4 05:17 - 05:17  (00:00)
UNKNOWN  ttyS0                         Tue May  3 16:48 - 16:48  (00:00)

btmp begins Tue May  3 16:48:02 2016

3.3 last -f filename

With the -f option , we can use a different input file. The -R option suppresses the display of hostname.

$ last -R -f /var/log/wtmp.1
user1    :0           Fri Apr 29 05:46 - down   (00:20)
reboot   system boot  Fri Apr 29 05:46 - 06:07  (00:21)
guest-8S :1           Thu Apr 28 20:53 - 21:15  (00:21)
   ...

3.4 last -n num

The -n num option limits the output to the first num lines. We can skip -n and say last -num and get the same output.

3.5 last -F

The -F option is for the printing of full login and logout dates and times.

3.6 last -a

with the -a option, we get the hostname in the last column.

3.7 last -d

-d displays the hostname instead of its IP address. For example,

$ last -5  -F -a -d
user1    pts/0        Wed May 18 00:27:06 2016   still logged in                       arbt-equat-dynamic-198.51.100.19.expressbroadband.com
user1    ttyS0        Wed May 18 00:26:11 2016 - Wed May 18 00:26:42 2016  (00:00)     0.0.0.0
user1    pts/0        Tue May 17 17:12:26 2016 - Tue May 17 17:20:32 2016  (00:08)     arbt-equat-dynamic-198.51.100.19.expressbroadband.com
user1    ttyS0        Tue May 17 17:11:26 2016 - Tue May 17 17:11:57 2016  (00:00)     0.0.0.0
user1    pts/0        Tue May 17 10:26:14 2016 - Tue May 17 12:02:32 2016  (01:36)     arbt-equat-dynamic-198.51.100.19.expressbroadband.com

3.8 last -i

The -i option causes prining of user's IP address in numbers and dots notation.

3.9 last user

If a username is passed as a command line parameter, the login data for that user is printed.

$ last alice -5 -a -i
alice   pts/0        Wed May 18 06:54   still logged in    198.51.100.17
alice   pts/0        Wed May 18 00:27 - 01:00  (00:33)     203.0.113.168
alice   ttyS0        Wed May 18 00:26 - 00:26  (00:00)     0.0.0.0
alice   pts/0        Tue May 17 17:12 - 17:20  (00:08)     198.51.100.15
alice   ttyS0        Tue May 17 17:11 - 17:11  (00:00)     0.0.0.0

Related Posts

  • uptime and w commands in Linux

    The uptime and w commands in Linux and Unix systems give pointed information about the system uptime, load average and about logged in users. uptime The uptime command is given…

  • Not able to login

    Problem: Not able to login to Ubuntu Linux system because the disk partition containing the HOME directory has become full. Solution: Press CTRL ALT F1 together to switch to text…

  • Comm Command in Linux

    1.0 comm The comm command compares two sorted files and gives output in three columns. The first column has lines which are present only in the first file. The second…

  • Mounting Windows partitions under Linux

    Multi-boot systems with Linux and Windows are quite common. With the following steps, it is easy to access Windows partitions under Linux. 1. Examine the disk partitions. For example, sudo…

Post navigation

← Previous Post
Next Post →

Random Quotes

Get it on Google Play

Most Popular

  • POSIX message queues in Linux
  • Interprocess communication using POSIX Shared Memory in Linux
  • fork and exec in Linux
  • POSIX Semaphores
  • System V message queues in Linux
  • Interprocess communication using System V Shared Memory in Linux
  • System V Semaphores
  • D-Bus Tutorial
  • htop command in Linux
  • FIFOs in Linux

About
Privacy Policy
Contact Us
youtube channel    Photographs    SoftPrayog on Facebook    SoftPrayog at Twitter
SoftPrayog at Pinterest    My Linkedin profile    My Tumblr Blog
Copyright © 2007 - 2019 SoftPrayog.in. All Rights Reserved.
Share this ArticleLike this article? Email it to a friend!

Email sent!