How to Use the Command 'lastcomm' (with examples)
The lastcomm
command is part of the GNU accounting utilities and is primarily used to display information about commands that were previously executed on a Linux system. It extracts and displays data from the accounting records file, which logs the execution records. This command is particularly useful for analyzing user activities, monitoring executed commands, and identifying system usage patterns.
Use Case 1: Print Information About All Commands
Code:
lastcomm
Motivation:
This basic use case is suitable for users who want a quick overview of all the commands executed on the system. It provides a comprehensive list that can be useful for auditing or understanding what activities have taken place without focusing on a specific user or terminal.
Explanation:
lastcomm
: This command, with no additional arguments, reads from the accounting records and outputs all recorded executed commands. It does not filter or limit the data, ensuring that you see the full scope of system activities logged in the accounting file.
Example Output:
echo F root pts/1 Thu Oct 5 12:22 0.00 secs
vim S alice tty2 Thu Oct 5 12:20 1.46 secs
gcc SXX bob pts/3 Thu Oct 5 10:14 3.00 secs
Use Case 2: Display Commands Executed by a Given User
Code:
lastcomm --user alice
Motivation:
This particular use case is valuable when you want to track or audit the commands executed by a specific user. For instance, if there’s a need to verify the activities of a user for security or resource management purposes, this command will pinpoint the user’s actions.
Explanation:
--user alice
: The--user
flag specifies that we are interested in commands executed by a specific user. In this case,alice
is the username we’re targeting, allowing us to filter the output to show only the commands initiated by her.
Example Output:
vim S alice tty2 Thu Oct 5 12:20 1.46 secs
python F alice pts/4 Thu Oct 5 11:20 0.50 secs
Use Case 3: Display Information About a Given Command Executed on the System
Code:
lastcomm --command gcc
Motivation:
There are scenarios where you might be interested in understanding the frequency and context of a specific command’s usage. For example, analyzing how often and where the gcc
compiler is used can provide insights into development activities on a system.
Explanation:
--command gcc
: This flag indicates that the command is set to filter results to show all executions of a specified command within the accounting records. Thegcc
is the command in question, retrieving every instance of its execution.
Example Output:
gcc SXX bob pts/3 Thu Oct 5 10:14 3.00 secs
gcc F alice pts/2 Thu Oct 5 09:30 1.20 secs
Use Case 4: Display Information About Commands Executed on a Given Terminal
Code:
lastcomm --tty pts/1
Motivation:
Monitoring command execution on a specific terminal can be particularly useful in multi-user environments where numerous terminals are in use simultaneously. This helps in narrowing down activities to a particular session or user interface, making it easier to track user behavior associated with that terminal.
Explanation:
--tty pts/1
: The--tty
option is used to limit the output to commands executed from a specific terminal. Here,pts/1
signifies a pseudo-terminal on Unix systems, allowing you to focus on the set of commands run through that particular terminal interface.
Example Output:
echo F root pts/1 Thu Oct 5 12:22 0.00 secs
ls F john pts/1 Thu Oct 5 11:15 0.05 secs
Conclusion:
The lastcomm
command is a robust tool for retrieving and analyzing historical command execution data on a Unix-like system. With its versatile filtering options, it can be tailored to provide insights into user activities, specific command usage, or terminal-specific actions. This utility plays a crucial role in system administration, security auditing, and performance monitoring.