1.命令作用
两者都是显示上次登录用户的列表(show listing of last logged in users);
Last搜索文件/var/log/wtmp(或由-f标志指定的文件),并显示自该文件创建以来登录(和退出)的所有用户的列表。可以给出用户和tty的名称,在这种情况下,最后将只显示与参数匹配的条目。ttys的名称可以缩写,因此最后一个0与最后一个tty0相同。每次系统重启时,伪用户reboot都会登录。因此,上次重新引导将显示自创建日志文件以来所有重新引导的日志。
Lastb与last相同,但默认情况下它显示文件/var/log/btmp的日志,其中包含所有错误的登录尝试。
2.命令语法
Usage:
last [-R] [-num] [ -n num ] [-adFiowx] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...] [tty...]
lastb [-R] [-num] [ -n num ] [ -f file ] [-adFiowx] [name...] [tty...]
3.参数详解
OPTION:
- -f file,告诉最后使用一个特定的文件而不是/var/log/wtmp
- -num,这是一个计数,告诉最后显示多少行
- -n num,与-num一样
- -t YYYYMMDDHHMMSS,显示指定时间的登录状态
- -R,禁止显示IP/主机名字段信息
- -a,在最后一列显示IP/主机名。与下一个标志结合使用时非常有用
- -d,对于非本地登录,Linux不仅存储远程主机的主机名,还存储其IP号。该选项将IP号码转换回主机名
- -F,打印完整的登录和注销时间和日期
- -i,这个选项类似于-d,因为它显示远程主机的IP号,但是它以数字和点的形式显示IP号
- -o,读取旧类型的wtmp文件(由linux-libc5应用程序编写)
- -w,在输出中显示完整的用户名和域名
- -x,显示系统关机条目和运行级别更改
注意: 文件wtmp和btmp可能无法找到。只有当这些文件存在时,系统才会在它们中记录信息。这是一个本地配置问题。如果您希望使用这些文件,可以使用简单的touch(1)命令创建它们(例如,touch /var/log/wtmp;touch /var/log/btmp)
4.常用用例
4.1.指定wtmp文件输出10行
[root@node1 ~]# last -10 -f /var/log/wtmp
root pts/2 192.168.118.1 Mon Jun 9 06:11 still logged in
root pts/1 192.168.118.1 Mon Jun 9 06:11 still logged in
root pts/0 192.168.118.1 Mon Jun 9 06:07 still logged in
root pts/0 192.168.118.1 Mon Jun 9 06:04 - 06:07 (00:02)
root :0 :0 Mon Jun 9 06:03 still logged in
root pts/1 192.168.118.1 Mon Jun 9 06:00 - 06:00 (00:00)
root pts/1 192.168.118.1 Mon Jun 9 05:59 - 06:00 (00:00)
root pts/0 192.168.118.1 Mon Jun 9 05:59 - 06:04 (00:05)
reboot system boot 3.10.0-957.el7.x Mon Jun 9 05:58 - 07:47 (01:49)
root pts/0 192.168.118.1 Sat Dec 21 22:29 - crash (169+07:28)
wtmp begins Fri Dec 13 01:06:04 2024
[root@node1 ~]#4.2.禁止显示IP/主机名字段信息
[root@node1 ~]# last -3
root pts/2 192.168.118.1 Mon Jun 9 06:11 still logged in
root pts/1 192.168.118.1 Mon Jun 9 06:11 still logged in
root pts/0 192.168.118.1 Mon Jun 9 06:07 still logged in
wtmp begins Fri Dec 13 01:06:04 2024
[root@node1 ~]# last -3 -R
root pts/2 Mon Jun 9 06:11 still logged in
root pts/1 Mon Jun 9 06:11 still logged in
root pts/0 Mon Jun 9 06:07 still logged in
wtmp begins Fri Dec 13 01:06:04 2024
[root@node1 ~]# 4.3.IP/主机名字段信息显示在最后
[root@node1 ~]# last -3
root pts/2 192.168.118.1 Mon Jun 9 06:11 still logged in
root pts/1 192.168.118.1 Mon Jun 9 06:11 still logged in
root pts/0 192.168.118.1 Mon Jun 9 06:07 still logged in
wtmp begins Fri Dec 13 01:06:04 2024
[root@node1 ~]# last -3 -a
root pts/2 Mon Jun 9 06:11 still logged in 192.168.118.1
root pts/1 Mon Jun 9 06:11 still logged in 192.168.118.1
root pts/0 Mon Jun 9 06:07 still logged in 192.168.118.14.4.显示远程主机的IP号
[root@node1 ~]# last -3 -ad
root pts/3 Mon Jun 9 07:56 still logged in 0.0.0.0
root pts/2 Mon Jun 9 06:11 still logged in gateway
root pts/1 Mon Jun 9 06:11 still logged in gateway
wtmp begins Fri Dec 13 01:06:04 2024
[root@node1 ~]#
[root@node1 ~]# last -3 -ai
root pts/3 Mon Jun 9 07:56 still logged in 0.0.0.0
root pts/2 Mon Jun 9 06:11 still logged in 192.168.118.1
root pts/1 Mon Jun 9 06:11 still logged in 192.168.118.1
wtmp begins Fri Dec 13 01:06:04 2024
[root@node1 ~]# 4.5.打印完整的时间
[root@node1 ~]# last -3
root pts/3 :0 Mon Jun 9 07:56 still logged in
root pts/2 192.168.118.1 Mon Jun 9 06:11 still logged in
root pts/1 192.168.118.1 Mon Jun 9 06:11 still logged in
wtmp begins Fri Dec 13 01:06:04 2024
[root@node1 ~]# last -3 -F
root pts/3 :0 Mon Jun 9 07:56:33 2025 still logged in
root pts/2 192.168.118.1 Mon Jun 9 06:11:41 2025 still logged in
root pts/1 192.168.118.1 Mon Jun 9 06:11:38 2025 still logged in
wtmp begins Fri Dec 13 01:06:04 2024
[root@node1 ~]# 4.6.读取旧类型的wtmp文件
[root@node1 ~]# last -3 -o
system boot ~~ Thu Jan 1 08:00 - 08:03 (20248+00:03
system boot ~~ Thu Jan 1 08:00 - 08:03 (20248+00:03
system boot ~~ Thu Jan 1 08:00 - 08:03 (20248+00:03
wtmp begins Thu Jan 1 08:00:00 1970
[root@node1 ~]# 4.7.显示完整的用户名和域名
[root@node1 ~]# last -10 -w
root pts/3 :0 Mon Jun 9 07:56 still logged in
root pts/2 192.168.118.1 Mon Jun 9 06:11 still logged in
root pts/1 192.168.118.1 Mon Jun 9 06:11 still logged in
root pts/0 192.168.118.1 Mon Jun 9 06:07 still logged in
root pts/0 192.168.118.1 Mon Jun 9 06:04 - 06:07 (00:02)
root :0 :0 Mon Jun 9 06:03 still logged in
root pts/1 192.168.118.1 Mon Jun 9 06:00 - 06:00 (00:00)
root pts/1 192.168.118.1 Mon Jun 9 05:59 - 06:00 (00:00)
root pts/0 192.168.118.1 Mon Jun 9 05:59 - 06:04 (00:05)
reboot system boot 3.10.0-957.el7.x86_64 Mon Jun 9 05:58 - 08:08 (02:10)
wtmp begins Fri Dec 13 01:06:04 2024
[root@node1 ~]# 4.8.显示系统关机条目和运行级别
[root@node1 ~]# last -10 -x
root pts/3 :0 Mon Jun 9 07:56 still logged in
root pts/2 192.168.118.1 Mon Jun 9 06:11 still logged in
root pts/1 192.168.118.1 Mon Jun 9 06:11 still logged in
root pts/0 192.168.118.1 Mon Jun 9 06:07 still logged in
root pts/0 192.168.118.1 Mon Jun 9 06:04 - 06:07 (00:02)
root :0 :0 Mon Jun 9 06:03 still logged in
root pts/1 192.168.118.1 Mon Jun 9 06:00 - 06:00 (00:00)
root pts/1 192.168.118.1 Mon Jun 9 05:59 - 06:00 (00:00)
root pts/0 192.168.118.1 Mon Jun 9 05:59 - 06:04 (00:05)
runlevel (to lvl 5) 3.10.0-957.el7.x Mon Jun 9 05:58 - 08:08 (02:09)
wtmp begins Fri Dec 13 01:06:04 2024
[root@node1 ~]# 4.9.lastb仅打印错误登录信息
[root@node1 ~]# lastb
btmp begins Mon Jun 9 06:15:01 2025
[root@node1 ~]# 
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
