How to use the command 'lastlog' (with examples)

The ’lastlog’ command is used to view the most recent login of all users or a specific user in a system. It provides information about the last login time, the user’s terminal, and the IP address they logged in from. This command can be helpful for system administrators to track user login activities and identify any potential security issues.

Use case 1: Display the most recent login of all users

Code:

lastlog

Motivation: This use case is useful when you want to quickly check the most recent login activity for all users in the system. By running this command, you can obtain a list of users along with the timestamp of their last login, the terminal used, and the IP address they logged in from.

Explanation: The ’lastlog’ command without any options will display the last login record of all users. It retrieves the information from the ‘/var/log/lastlog’ file.

Example output:

Username         Port     From             Latest
root                                       Tue Apr 20 09:10:05 +00:00 2021
john                                       Mon Apr 19 17:25:31 +00:00 2021
alice                                      Sun Apr 18 10:58:14 +00:00 2021

Use case 2: Display the lastlog record of the specified user

Code:

lastlog --user username

Motivation: This use case is helpful when you want to view the last login information of a specific user. By specifying the username, you can easily retrieve the details of their last login, including the timestamp, terminal, and IP address.

Explanation: The ‘–user’ option followed by the username allows you to filter the output to display only the last login record of the specified user.

Example output:

Username         Port     From             Latest
john                                       Mon Apr 19 17:25:31 +00:00 2021

Use case 3: Display records older than 7 days

Code:

lastlog --before 7

Motivation: This use case is useful when you want to find out the login activity that occurred before a specific number of days. By specifying the number of days using the ‘–before’ option, you can filter the output to display login records that are older than the specified time.

Explanation: The ‘–before’ option followed by a number specifies the threshold in days. Running the command with this option will show the last login records that occurred before the specified number of days ago.

Example output:

Username         Port     From             Latest
alice                                      Sun Apr 18 10:58:14 +00:00 2021

Use case 4: Display records more recent than 3 days

Code:

lastlog -time 3

Motivation: This use case is helpful when you want to view the login activity that occurred within a specific number of days. By specifying the number of days using the ‘-time’ option, you can filter the output to display login records that are more recent than the specified time.

Explanation: The ‘-time’ option followed by a number indicates the threshold in days. Running the command with this option will display the last login records that occurred within the specified number of days ago.

Example output:

Username         Port     From             Latest
root                                       Tue Apr 20 09:10:05 +00:00 2021
john                                       Mon Apr 19 17:25:31 +00:00 2021
alice                                      Sun Apr 18 10:58:14 +00:00 2021

Conclusion:

The ’lastlog’ command is a useful tool for system administrators to monitor users’ login activities. By using various options provided by the command, you can filter and retrieve specific login records based on time or user, allowing you to track users’ logins efficiently.