How to use the command lastcomm (with examples)
- Linux
- December 25, 2023
The lastcomm
command is used to display information about the last commands executed on the system. It allows users to view details such as the user who executed the command, the command itself, and the time it was executed. This command is helpful for system administrators and users who want to keep track of the commands executed on a system or analyze command usage patterns.
Use case 1: Print information about all the commands in the acct (record file)
Code:
lastcomm
Motivation: This use case is useful for system administrators or users who want to get an overview of all the commands executed on the system. It provides a comprehensive list of all commands along with their execution details.
Explanation: When executed without any arguments, the lastcomm
command displays information about all the commands in the acct (record file). It prints details such as the user, command, time of execution, and the amount of CPU time used.
Example output:
/sbin/init root __ 1.25 secs Tue Mar 2 09:06
/var/log/kern.log.persist syslog __ 50.69 secs Tue Mar 2 09:07
/usr/bin/systemd-udevd root __ 2.67 secs Tue Mar 2 09:07
/sbin/hwclock root *J 0.00 secs Tue Mar 2 09:07
Use case 2: Display commands executed by a given user
Code:
lastcomm --user user
Motivation: This use case is helpful for system administrators who want to track the commands executed by a specific user. It allows them to monitor the activities of individual users and identify any potentially malicious or abnormal command executions.
Explanation: By specifying the --user
option followed by the username, the lastcomm
command displays information about the commands executed by that particular user. It prints details such as the command, time of execution, and the amount of CPU time used.
Example output:
/var/log/kern.log.persist syslog __ 50.69 secs Tue Mar 2 09:07
/usr/bin/systemd-udevd root __ 2.67 secs Tue Mar 2 09:07
Use case 3: Display information about a given command executed on the system
Code:
lastcomm --command command
Motivation: This use case is useful for users who want to investigate the details of a specific command executed on the system. It helps in understanding the command’s execution pattern, resource utilization, and other related information.
Explanation: By specifying the --command
option followed by the command name, the lastcomm
command displays information about the specified command executed on the system. It prints details such as the user, time of execution, and the amount of CPU time used.
Example output:
/sbin/hwclock root *J 0.00 secs Tue Mar 2 09:07
Use case 4: Display information about commands executed on a given terminal
Code:
lastcomm --tty terminal_name
Motivation: This use case is helpful for users who want to track the commands executed on a specific terminal. It can be useful in a multi-user environment where multiple terminal sessions are active, and users need to monitor the commands executed on a particular terminal.
Explanation: By specifying the --tty
option followed by the terminal name, the lastcomm
command displays information about the commands executed on the specified terminal. It prints details such as the user, command, time of execution, and the amount of CPU time used.
Example output:
/sbin/init root __ 1.25 secs Tue Mar 2 09:06
Conclusion:
The lastcomm
command is a powerful tool for monitoring and analyzing command execution on a Linux system. It provides various options to view detailed information about commands executed by users, on specific terminals, or system-wide. By utilizing these options, users can gain insights into command usage patterns, track user activities, and investigate specific command executions.