last [-num | -n num] [-f file] [-t YYYYMMDDHHMMSS] [-R] [-adioxFw] [username..] [tty..]
last作用是显示近期用户或终端的登录情况。通过last命令查看该程序的log,管理员可以获知谁曾经或者企图连接系统。
执行last命令时,它会读取/var/log目录下名称为wtmp的文件,并把该文件记录的登录系统或终端的用户名单全部显示出来。默认显示wtmp的记录,btmp能显示的更详细,可以显示远程登录,例如ssh登录。
| 1 2 3 4 | -num |-n num指定输出记录的条数
-f file 指定记录文件作为查询的log文件
-t YYYYMMDDHHMMSS 显示指定时间之前的登录情况
username 账户名称<br>tty 终端机编号
|
(1).选项
| 1 2 3 4 5 6 7 8 | -R 不显示登录系统或终端的主机名称或IP
-a 将登录系统或终端的主机名过IP地址显示在最后一行
-d 将IP地址转成主机名称
-I 显示特定IP登录情况。
-o 读取有linux-libc5应用编写的旧类型wtmp文件
-x 显示系统关闭、用户登录和退出的历史
-F 显示登录的完整时间
-w 在输出中显示完整的用户名或域名
|
(2).实例
第一列:用户名
第二列:终端位置(pts/0伪终端,意味着从SSH或telnet等工具远程连接的用户,图形界面终端归于此类。tty0直接连接到计算机或本地连接的用户。后面的数字代表连接编号)
第三列:登录IP或内核(如果是:0.0或者什么都没有,意味着用户通过本地终端连接。除了重启活动,内核版本会显示在状态中)
第四列:开始时间
第五列:结束时间(still login in尚未退出,down直到正常关机,crash直到强制关机)
第六列:持续时间
指定显示记录的数量(显示记录中最后登录的数量)
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@CentOS6 桌面]# last -n 10
root pts/0 :0.0 Wed Apr 25 10:12 still logged in
root pts/1 :0.0 Wed Apr 25 10:06 - 10:10 (00:03)
root pts/0 :0.0 Wed Apr 25 10:06 - 10:10 (00:03)
root pts/0 :0.0 Wed Apr 25 10:02 - 10:06 (00:04)
root pts/0 :0.0 Wed Apr 25 09:51 - 09:51 (00:00)
root pts/0 :0.0 Wed Apr 25 09:45 - 09:51 (00:05)
root pts/1 :0.0 Wed Apr 25 09:38 - 09:41 (00:02)
root pts/0 :0.0 Wed Apr 25 09:34 - 09:45 (00:11)
root pts/0 :0.0 Tue Apr 17 10:46 - 10:48 (00:02)
root pts/0 :0.0 Tue Apr 17 10:33 - 10:46 (00:13)
wtmp begins Tue Mar 13 18:31:47 2018
[root@CentOS6 桌面]# last -10
root pts/0 :0.0 Wed Apr 25 10:12 still logged in
root pts/1 :0.0 Wed Apr 25 10:06 - 10:10 (00:03)
root pts/0 :0.0 Wed Apr 25 10:06 - 10:10 (00:03)
root pts/0 :0.0 Wed Apr 25 10:02 - 10:06 (00:04)
root pts/0 :0.0 Wed Apr 25 09:51 - 09:51 (00:00)
root pts/0 :0.0 Wed Apr 25 09:45 - 09:51 (00:05)
root pts/1 :0.0 Wed Apr 25 09:38 - 09:41 (00:02)
root pts/0 :0.0 Wed Apr 25 09:34 - 09:45 (00:11)
root pts/0 :0.0 Tue Apr 17 10:46 - 10:48 (00:02)
root pts/0 :0.0 Tue Apr 17 10:33 - 10:46 (00:13)
wtmp begins Tue Mar 13 18:31:47 2018
|
指定查询的文件,原本默认的是wtmp
?
| 1 2 3 | [root@CentOS6 桌面]# last -10 -f /var/log/btmp
root tty1 :0 Mon Apr 16 09:07 gone - no logout
btmp begins Mon Apr 16 09:07:03 2018
|
将IP 地址转换为主机地址
| 1 2 3 4 5 6 7 8 9 10 11 12 | [root@CentOS6 桌面]# last -10 -d
root pts/0 0.0.0.0 Wed Apr 25 10:12 still logged in
root pts/1 0.0.0.0 Wed Apr 25 10:06 - 10:10 (00:03)
root pts/0 0.0.0.0 Wed Apr 25 10:06 - 10:10 (00:03)
root pts/0 0.0.0.0 Wed Apr 25 10:02 - 10:06 (00:04)
root pts/0 0.0.0.0 Wed Apr 25 09:51 - 09:51 (00:00)
root pts/0 0.0.0.0 Wed Apr 25 09:45 - 09:51 (00:05)
root pts/1 0.0.0.0 Wed Apr 25 09:38 - 09:41 (00:02)
root pts/0 0.0.0.0 Wed Apr 25 09:34 - 09:45 (00:11)
root pts/0 0.0.0.0 Tue Apr 17 10:46 - 10:48 (00:02)
root pts/0 0.0.0.0 Tue Apr 17 10:33 - 10:46 (00:13)
wtmp begins Tue Mar 13 18:31:47 2018
|
显示指定时间之前的记录
| 1 2 3 4 5 6 7 8 9 10 11 12 | [root@CentOS6 桌面]# last -10 -t 20180425000000 //之所以展示出来是为了提醒下-t后面的时间写法
root pts/0 :0.0 Tue Apr 17 10:46 - 10:48 (00:02)
root pts/0 :0.0 Tue Apr 17 10:33 - 10:46 (00:13)
root pts/0 :0.0 Tue Apr 17 10:26 - 10:26 (00:00)
root tty2 Tue Apr 17 10:23 - 10:23 (00:00)
root pts/0 :0.0 Tue Apr 17 10:22 - 10:22 (00:00)
root pts/0 :0.0 Tue Apr 17 10:22 - 10:22 (00:00)
root tty1 :0 Tue Apr 17 09:49 still logged in
reboot system boot 2.6.32-642.el6.x Tue Apr 17 09:48 - 10:21 (8+00:32)
root pts/0 :0.0 Mon Apr 16 16:13 - 16:20 (00:07)
root pts/0 :0.0 Mon Apr 16 15:39 - 16:13 (00:33)
wtmp begins Tue Mar 13 18:31:47 2018
|
扫一扫
252
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
