When last catches a SIGINT signal (generated by the interrupt key, usually control-C) or a SIGQUIT signal (generated by the quit key, usually control-\), last will show how far it has searched through the file; in the case of the SIGINT signal last will then terminate.
The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was created.
Lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
Tag | Description |
---|---|
-num | This is a count telling last how many lines to show. |
-n num | The same. |
-t YYYYMMDDHHMMSS | Display the state of logins as of the specified time. This is useful, e.g., to determine easily who was logged in at a particular time -- specify that time with -t and look for "still logged in". |
-f file | Specifies a file to search other than /var/log/wtmp. |
-R | Suppresses the display of the hostname field. |
-a | Display the hostname in the last column. Useful in combination with the next flag. |
-d | For non-local logins, Linux stores not only the host name of the remote host but its IP number as well. This option translates the IP number back into a hostname. |
-i | This option is like -d in that it displays the IP number of the remote host, but it displays the IP number in numbers-and-dots notation. |
-o | Read an old-type wtmp file (written by linux-libc5 applications). |
-x | Display the system shutdown entries and run level changes. |
Advertisements |