lastlog Command: Tutorial & Examples

The lastlog command displays the last login of all users in the system. For beginners, it may seem a little daunting, but understanding how it works and what it can do will make server management much easier.

What does it do?

The lastlog command provides a list of all users on the system and the last time they logged in. If a user has never logged in, it will show "Never logged in". The information displayed includes the username, port, and the last login time.

How does it work?

The lastlog command works by reading the /var/log/lastlog file. This file is a database which contains all the login history. Each time a user logs in, an entry is made in this file. The lastlog command is then used to read and display this data.

What is it used for?

Knowing when a user last logged into a system can be very useful. For example, if you are troubleshooting a network issue or a high load on your server, you might want to know who was logged in at the time. lastlog can help you with this. Additionally, it can be used to ensure that there are no unauthorized users on your server.

Why is it important?

Understanding the last login times of users can be crucial for security and auditing purposes. If there is suspicious activity on your server, checking the login history is often the first step in investigating. Furthermore, it can be used to track and monitor user activity on a server.

How to use it and common command line parameters?

Using the lastlog command is simple. Just open your shell and type lastlog. Here are some common parameters you might use with it:

  • -u, --user LOGIN : This will display the last login record for the specified user.
  • -t, --time DAYS : This will show the records of users who have not logged in for the past DAYS.
  • -b, --before DAYS : This will show the records of users who have logged in within the past DAYS.

Here's an example of how to use it:

lastlog -u john

This will display the last login record for the user "john".

Potential problems and pitfalls

While lastlog is a very useful command, there are a few things to be aware of. First, the /var/log/lastlog file can become very large on systems with many users, which may lead to performance issues. Second, lastlog does not show failed login attempts, for that you will need to use the faillog command.

Practical examples

Here are a few more examples of how to use the lastlog command:

To display the last login record for the user "john", you would use:

lastlog -u john

To display the records of users who have not logged in for the past 7 days, you would use:

lastlog -t 7

And finally, to display the records of users who have logged in within the past 7 days, you would use:

lastlog -b 7

The typical output would look like this:

Username         Port     From             Latest
john             pts/1    192.168.0.102    Wed Jul 28 17:11:34 -0700 2021

Final thoughts

The lastlog command is a powerful tool for monitoring and auditing user activity on your server. It's easy to use and provides valuable information that can help you maintain a secure and efficient server environment.

Except where otherwise noted, content on this site is licensed under a CC BY-SA 4.0 license CC BY SA