-
-
查看用户登录系统的日志有两类日志记录用户登录的行为,一是记录登录者的数据,一个是记录用户的登录时间一,记录用户登录数据/var/log/wtmp日志文件记录用户登录的数据。但这个文件是被编码的文件,不能直接用vi、cat等命令查看,可以用last命令读取。每一次登录就会产生一条记录,包括用户名、登录端、时间跨度等信息,如下:www.2cto.com[html][root@bogon ~]# lastroot pts/1 :0.0 Wed Oct 24 03:03 still logged inroot :0 Wed Oct 24 03:02 still logged inroot :0 Wed Oct 24 03:02 - 03:02 (00:00)reboot system boot 2.6.18-194.el5 Wed Oct 24 03:01 (00:01)root pts/1 :0.0 Mon Oct 22 01:00 - 03:09 (02:08)root :0 Mon Oct 22 01:00 - 03:09 (02:09)root :0 Mon Oct 22 01:00 - 01:00 (00:00)reboot system boot 2.6.18-194.el5 Mon Oct 22 00:58 (02:10)root pts/3 :0.0 Sat Oct 13 18:59 - 00:41 (05:41)root pts/2 :0.0 Sat Oct 13 18:34 - 00:41 (06:06)root pts/1 :0.0 Sat Oct 13 18:33 - 00:41 (06:08)root :0 Sat Oct 13 18:32 - 00:41 (06:08)root :0 Sat Oct 13 18:32 - 18:32 (00:00)reboot system boot 2.6.18-194.el5 Sat Oct 13 18:31 (06:09)root pts/1 :0.0 Thu Oct 11 20:12 - 03:17 (07:04)root :0 Thu Oct 11 20:12 - 03:17 (07:05)root :0 Thu Oct 11 20:12 - 20:12 (00:00)www.2cto.com二,查看具体用户登录/var/log/lastlog日志文件记录了每个用户最近的登录时间 。每个用户只有一条记录[html][root@bogon ~]# lastlogUsername Port From Latestroot :0 Wed Oct 24 03:02:36 -0700 2012bin **Never logged in**daemon **Never logged in**adm **Never logged in**lp **Never logged in**sync **Never logged in**shutdown **Never logged in**halt **Never logged in**mail **Never logged in**news **Never logged in**uucp **Never logged in**operator **Never logged in**games **Never logged in**gopher **Never logged in**ftp **Never logged in**nobody **Never logged in**nscd **Never logged in**vcsa **Never logged in**oprofile **Never logged in**pcap **Never logged in**ntp **Never logged in**dbus **Never logged in**avahi **Never logged in**rpc **Never logged in**apache **Never logged in**mailnull **Never logged in**smmsp **Never logged in**sshd **Never logged in**xfs **Never logged in**rpcuser **Never logged in**haldaemon **Never logged in**avahi-autoipd **Never logged in**gdm **Never logged in**
三, 如何列出当前有多少用户登录
使用command w.