When last catches a SIGINT signal (generated by the interrupt key, usually control-C) or a SIGQUIT signal (generated by the quit key, usually control-\), last will show how far it has searched through the file; in the case of the SIGINT signal last will then terminate.
The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was created.
Lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
|-num||This is a count telling last how many lines to show.|
|-n num||The same.|
|-t YYYYMMDDHHMMSS||Display the state of logins as of the specified time. This is useful, e.g., to determine easily who was logged in at a particular time -- specify that time with -t and look for "still logged in".|
|-f file||Specifies a file to search other than /var/log/wtmp.|
|-R||Suppresses the display of the hostname field.|
|-a||Display the hostname in the last column. Useful in combination with the next flag.|
|-d||For non-local logins, Linux stores not only the host name of the remote host but its IP number as well. This option translates the IP number back into a hostname.|
|-i||This option is like -d in that it displays the IP number of the remote host, but it displays the IP number in numbers-and-dots notation.|
|-o||Read an old-type wtmp file (written by linux-libc5 applications).|
|-x||Display the system shutdown entries and run level changes.|