サーバーのよく使うコマンドメモ : last

2016/10/26

Tips サーバー テクノロジー

t f B! P L

Summery

対象サーバーにログインした履歴を順番に表示する。

Construction

$ last [options] last [-num | -n num] [-f file] [-t YYYYMMDDHHMMSS] [-R] [-adioxFw] [username..] [tty..]

Option

-n : 表示件数の指定 -R : hostnameを非表示 -a : 情報の全表示(hostnameが追加表示) -d : ログイン元ホストをホスト名で表示 -i : ログイン元ホストをIPアドレスで表示 -d : シャットダウン情報も表示

Sample

vagrantで実行サンプル $ last vagrant pts/1 10.0.2.2 Sun Oct 23 06:46 still logged in vagrant pts/0 10.0.2.2 Sat Oct 8 23:49 still logged in reboot system boot 3.2.0-23-generic Wed Oct 5 22:25 - 09:38 (17+11:13) vagrant pts/2 10.0.2.2 Tue Oct 4 00:59 - 22:36 (21:37) vagrant pts/1 10.0.2.2 Sun Oct 2 17:51 - 22:36 (2+04:45) vagrant pts/0 10.0.2.2 Sun Oct 2 17:47 - 22:36 (2+04:49) $ last -a vagrant pts/1 Sun Oct 23 06:46 still logged in 10.0.2.2 vagrant pts/0 Sat Oct 8 23:49 still logged in 10.0.2.2 reboot system boot Wed Oct 5 22:25 - 09:39 (17+11:14) 3.2.0-23-generic-pae vagrant pts/2 Tue Oct 4 00:59 - 22:36 (21:37) 10.0.2.2 vagrant pts/1 Sun Oct 2 17:51 - 22:36 (2+04:45) 10.0.2.2 vagrant pts/0 Sun Oct 2 17:47 - 22:36 (2+04:49) 10.0.2.2 $ last -d vagrant pts/1 10.0.2.2 Sun Oct 23 06:46 still logged in vagrant pts/0 10.0.2.2 Sat Oct 8 23:49 still logged in reboot system boot 0.0.0.0 Wed Oct 5 22:25 - 09:37 (17+11:12) vagrant pts/2 10.0.2.2 Tue Oct 4 00:59 - 22:36 (21:37) vagrant pts/1 10.0.2.2 Sun Oct 2 17:51 - 22:36 (2+04:45) vagrant pts/0 10.0.2.2 Sun Oct 2 17:47 - 22:36 (2+04:49) $ last -i vagrant pts/1 10.0.2.2 Sun Oct 23 06:46 still logged in vagrant pts/0 10.0.2.2 Sat Oct 8 23:49 still logged in reboot system boot 0.0.0.0 Wed Oct 5 22:25 - 09:38 (17+11:13) vagrant pts/2 10.0.2.2 Tue Oct 4 00:59 - 22:36 (21:37) vagrant pts/1 10.0.2.2 Sun Oct 2 17:51 - 22:36 (2+04:45) vagrant pts/0 10.0.2.2 Sun Oct 2 17:47 - 22:36 (2+04:49)

Discription

$ man last NAME last, lastb - show listing of last logged in users SYNOPSIS last [-R] [-num] [ -n num ] [-adFiowx] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...] [tty...] lastb [-R] [-num] [ -n num ] [ -f file ] [-adFiowx] [name...] [tty...] DESCRIPTION Last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was cre- ated. Names of users and tty's can be given, in which case last will show only those entries matching the arguments. Names of ttys can be abbreviated, thus last 0 is the same as last tty0. When last catches a SIGINT signal (generated by the interrupt key, usually control- C) or a SIGQUIT signal (generated by the quit key, usually control-\), last will show how far it has searched through the file; in the case of the SIGINT signal last will then terminate. The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was created. Lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts. OPTIONS -f file Tells last to use a specific file instead of /var/log/wtmp. -num This is a count telling last how many lines to show. -n num The same. -t YYYYMMDDHHMMSS Display the state of logins as of the specified time. This is useful, e.g., to determine easily who was logged in at a particular time -- specify that time with -t and look for "still logged in". -R Suppresses the display of the hostname field. -a Display the hostname in the last column. Useful in combination with the next flag. -d For non-local logins, Linux stores not only the host name of the remote host but its IP number as well. This option translates the IP number back into a hostname. -F Print full login and logout times and dates. -i This option is like -d in that it displays the IP number of the remote host, but it displays the IP number in numbers-and-dots notation. -o Read an old-type wtmp file (written by linux-libc5 applications). -w Display full user and domain names in the output. -x Display the system shutdown entries and run level changes. NOTES The files wtmp and btmp might not be found. The system only logs information in these files if they are present. This is a local configuration issue. If you want the files to be used, they can be created with a simple touch(1) command (for exam- ple, touch /var/log/wtmp). FILES /var/log/wtmp /var/log/btmp AUTHOR Miquel van Smoorenburg, miquels@cistron.nl SEE ALSO shutdown(8), login(1), init(8)

人気の投稿

このブログを検索

ごあいさつ

このWebサイトは、独自思考で我が道を行くユゲタの少し尖った思考のTechブログです。 毎日興味がどんどん切り替わるので、テーマはマルチになっています。 もしかしたらアイデアに困っている人の助けになるかもしれません。

ブログ アーカイブ