lastlog Command: Tutorial & Examples
lastlog command displays the last login of all users in the system. For beginners, it may seem a little daunting,
but understanding how it works and what it can do will make server management much easier.
What does it do?
lastlog command provides a list of all users on the system and the last time they logged in. If a user has never
logged in, it will show "Never logged in". The information displayed includes the username, port, and the last login
How does it work?
lastlog command works by reading the
/var/log/lastlog file. This file is a database which contains all the login
history. Each time a user logs in, an entry is made in this file. The
lastlog command is then used to read and display
What is it used for?
Knowing when a user last logged into a system can be very useful. For example, if you are troubleshooting
a network issue or a high load on your server, you might
want to know who was logged in at the time.
lastlog can help you with this. Additionally, it can be used to ensure
that there are no unauthorized users on your server.
Why is it important?
Understanding the last login times of users can be crucial for security and auditing purposes. If there is suspicious activity on your server, checking the login history is often the first step in investigating. Furthermore, it can be used to track and monitor user activity on a server.
How to use it and common command line parameters?
lastlog command is simple. Just open your shell and type
lastlog. Here are some
common parameters you might use with it:
-u, --user LOGIN: This will display the last login record for the specified user.
-t, --time DAYS: This will show the records of users who have not logged in for the past DAYS.
-b, --before DAYS: This will show the records of users who have logged in within the past DAYS.
Here's an example of how to use it:
lastlog -u john
This will display the last login record for the user "john".
Potential problems and pitfalls
lastlog is a very useful command, there are a few things to be aware of. First, the
/var/log/lastlog file can
become very large on systems with many users, which may lead to performance issues. Second,
lastlog does not show
failed login attempts, for that you will need to use the
Here are a few more examples of how to use the
To display the last login record for the user "john", you would use:
lastlog -u john
To display the records of users who have not logged in for the past 7 days, you would use:
lastlog -t 7
And finally, to display the records of users who have logged in within the past 7 days, you would use:
lastlog -b 7
The typical output would look like this:
Username Port From Latest
john pts/1 192.168.0.102 Wed Jul 28 17:11:34 -0700 2021
lastlog command is a powerful tool for monitoring and auditing user activity on your server. It's easy to use and
provides valuable information that can help you maintain a secure and efficient server environment.