How to use the command 'last' (with examples)

How to use the command 'last' (with examples)

The last command is an essential utility in Unix-based systems used to track user access and activity through listings of recent logins. It parses information from the /var/log/wtmp file, which records various system logs including user logins, logouts, system boots, and shutdowns. This command proves invaluable for system administrators and IT security professionals who want to monitor user activities, track downtime, or simply audit access to the system.

Use case 1: Viewing the Last Logins with Duration and Additional Information

Code:

last

Motivation:

The primary motivation for using this example is to quickly ascertain which users have accessed the system recently, along with the duration of their sessions. This knowledge is vital for ensuring that no unauthorized access has occurred while providing data analytics for user activity tracking.

Explanation:

  • last: Invoking the last command without any additional options displays a comprehensive list of all users who have logged into the system. This list includes user names, terminal names, IP addresses or hostnames, login times and duration, and more. The command utilizes the /var/log/wtmp file to compile this information.

Example Output:

username  pts/0        192.168.1.10    Mon Oct 10 14:00   still logged in
username  pts/1        192.168.1.15    Mon Oct 10 13:50 - 14:10  (00:20)

Use case 2: Specifying the Number of Last Logins to Show

Code:

last -n 5

Motivation:

System administrators often need a succinct overview of user access without being overwhelmed by too much information. Limiting output to a specified number of entries focuses on the most recent activities, facilitating a manageable data set for quick review.

Explanation:

  • -n: This option is followed by a numeric value, specifying how many lines of login records should be displayed.
  • 5: This numeric argument tells last to output only the five most recent entries, making it easier to view recent activities without sifting through excessive data.

Example Output:

username  pts/0        192.168.1.10    Mon Oct 10 14:00   still logged in
username  pts/1        192.168.1.15    Mon Oct 10 13:50 - 14:10  (00:20)
...
(3 more entries follow with recent login detail)

Use case 3: Printing Full Date and Time with Hostname Last

Code:

last -F -a

Motivation:

In scenarios requiring precise temporal information for audits or analyses, it’s vital to have the full date and time represented rather than abbreviations. Simultaneously, moving the hostname column to the end prevents visual truncation, ensuring all information is visible.

Explanation:

  • -F: This argument ensures the full date and time is shown for each record, providing detailed temporal data for each login.
  • -a: This option appends the hostname at the end of each record to prevent it from being cut off in the console view.

Example Output:

username  pts/0        Fri Oct 13 2023 13:00 - 14:20  (01:20)  192.168.1.10
username  pts/1        Fri Oct 13 2023 12:30   still logged in  192.168.1.15

Use case 4: Viewing Logins by Specific User with IP Address

Code:

last username -i

Motivation:

System administrators may need to track activities attributed to specific users to ensure compliance with security protocols or to investigate suspicious behaviors. Displaying the IP addresses instead of hostnames offers more precise network identification, which is critical when enforcing audit trails.

Explanation:

  • username: Replace this placeholder with the actual username to filter the login records only for this particular user.
  • -i: This option replaces hostnames with IP addresses, providing more specific details about the connection source.

Example Output:

username  pts/0        192.168.1.10    Mon Oct 10 14:00   still logged in
username  pts/1        192.168.1.15    Mon Oct 10 12:00 - 13:00  (01:00)

Use case 5: Viewing All Recorded Reboots

Code:

last reboot

Motivation:

Tracking system reboots is crucial for maintaining insights into system availability and diagnosing potential hardware or software issues. Frequent reboots might indicate underlying problems requiring attention.

Explanation:

  • reboot: Specifying “reboot” as the argument makes the command list all instances when the system was rebooted, drawing from the pseudo user record for “reboot.”

Example Output:

reboot   system boot  5.4.0-42-generic Mon Oct 10 10:00   still running
reboot   system boot  5.4.0-42-generic Sun Oct 09 22:30 - 23:50  (01:20)

Use case 6: Viewing All Recorded Shutdowns

Code:

last shutdown

Motivation:

This use case is beneficial for understanding the planned or unintentional shutdown events that could impact service availability. Analyzing shutdown logs can assist in correlating with crash reports or user complaints about downtime.

Explanation:

  • shutdown: By using “shutdown” as the argument, last will output logs of every system shutdown event, referencing the pseudo user “shutdown.”

Example Output:

shutdown system down  5.4.0-42-generic Sun Oct 09 23:50 - 10:00  (10:10)  
shutdown system down  5.4.0-42-generic Mon Oct 08 18:00 - 19:00  (01:00)

Conclusion:

The last command is a versatile tool crucial for auditing and maintenance within Unix-based environments. Through various arguments, it provides comprehensive insights into user activities, system reboots, and shutdowns. By tailoring outputs to individual needs, system administrators effectively manage and secure system environments, maintaining optimal operational efficiency.

Related Posts

How to use the command 'foreman' (with examples)

How to use the command 'foreman' (with examples)

Foreman is a command-line tool that eases the task of managing Procfile-based applications.

Read More
How to Use the Command 'accelerate' (with examples)

How to Use the Command 'accelerate' (with examples)

Accelerate is a powerful library that enables developers to run the same PyTorch code across various distributed configurations, simplifying the process of scaling up machine learning experiments.

Read More
How to Use the Command 'reflex' (with examples)

How to Use the Command 'reflex' (with examples)

Reflex is a powerful and flexible command-line tool that unobtrusively watches a directory for file changes and reruns a specified command whenever those changes occur.

Read More