Linux查看登录日志

入门小站

lastlog

打印系统账号最近一次的登录记录情况,解析的是/var/log/lastlog文件,它是一个data file类型的文件,文本模式打开无法正常显示。
Username         Port     From             Latest
root             pts/0    171.83.37.215    Sat Jan  9 17:23:53 +0800 2021
bin                                        **Never logged in**
daemon                                     **Never logged in**
adm                                        **Never logged in**
lp                                         **Never logged in**
sync                                       **Never logged in**
shutdown                                   **Never logged in**
halt                                       **Never logged in**
mail                                       **Never logged in**
operator                                   **Never logged in**
games                                      **Never logged in**
ftp                                        **Never logged in**
nobody                                     **Never logged in**
systemd-network                            **Never logged in**
dbus                                       **Never logged in**
polkitd                                    **Never logged in**
sshd                                       **Never logged in**
postfix                                    **Never logged in**
chrony                                     **Never logged in**
nscd                                       **Never logged in**
ntp                                        **Never logged in**
tss                                        **Never logged in**
mysql                                      **Never logged in**
nginx                                      **Never logged in**
cpt              pts/0    117.172.39.12    Fri Jan  8 15:08:00 +0800 2021
zhangsan           pts/2                     Mon Aug  3 15:46:00 +0800 2020
xiaoming        pts/6    218.207.144.248  Thu May 21 17:51:43 +0800 2020
gluster                                    **Never logged in**
grafana                                    **Never logged in**
xiaowu                                     **Never logged in**
saslauth                                   **Never logged in**
deploy           pts/1                     Tue Nov  3 00:02:34 +0800 2020
clamupdate                                 **Never logged in**
clamscan                                   **Never logged in**

last

它默认读取的是 / var/log/wtmp 文件的信息。输出的内容包括:用户名、终端位置、登录源信息、开始时间、结束时间、持续时间。注意最后一行输出的是 wtmp 文件起始记录的时间。当然也可以通过 last -f 参数指定读取文件,可以是 / var/log/btmp、/var/run/utmp
root     pts/0        171.83.37.115    Thu Jan 14 14:38   still logged in   
root     pts/0        171.43.177.33    Wed Jan 13 13:01 - 13:34  (00:31)    
root     pts/1        171.83.37.115    Wed Jan 13 15:14 - 18:44  (03:19)    
root     pts/0        171.83.37.115    Wed Jan 13 15:14 - 18:44  (03:19)    
root     pts/0        118.107.144.111  Tue Jan 11 13:39 - 00:43  (01:03)    
root     pts/0        118.107.144.111  Mon Jan 11 10:05 - 10:05  (00:00)    
root     pts/0        118.107.144.111  Mon Jan 11 18:18 - 10:05  (01:37)    
root     pts/0        118.107.144.111  Mon Jan 11 13:11 - 14:13  (01:01)    
root     pts/0        171.83.37.115    Mon Jan 11 11:05 - 11:10  (01:05)    
root     pts/0        118.107.144.111  Mon Jan 11 09:18 - 10:39  (01:10)    
root     pts/0        171.83.37.115    Fri Jan  8 17:16 - 17:46  (00:10)    
root     pts/0        17.17.111.9      Fri Jan  8 16:38 - 16:49  (00:10)    
root     pts/0        17.17.111.9      Thu Jan  7 15:46 - 18:08  (01:11)    
root     pts/0        118.107.144.111  Wed Jan  6 13:39 - 13:51  (00:13)    
root     pts/1        113.14.171.143   Mon Jan  4 18:47 - 18:51  (00:05)    
root     pts/0        113.14.171.143   Mon Jan  4 15:13 - 18:51  (03:19)    
root     pts/0        113.14.171.143   Sun Jan  3 17:14 - 17:16  (00:11)    
root     pts/0        115.41.156.70    Sat Jan  1 10:11 - 10:39  (00:16)    
root     pts/0        115.41.156.70    Fri Jan  1 13:00 - 13:40  (00:40)    
root     pts/0        115.41.106.6     Thu Dec 31 18:17 - 18:45  (00:18)    
root     pts/0        115.41.106.6     Thu Dec 31 18:00 - 18:16  (00:15)    
root     pts/0        115.41.106.6     Wed Dec 30 11:38 - 13:58  (01:10)    
root     pts/0        171.83.37.146    Wed Dec 30 11:15 - 11:01  (00:35)    
root     pts/0        171.83.37.146    Wed Dec 30 11:10 - 11:15  (00:14)    
root     pts/0        118.107.144.111  Tue Dec 19 15:14 - 15:36  (00:11)    
root     pts/0        171.83.37.146    Tue Dec 19 11:56 - 11:01  (00:05)    
root     pts/0        171.83.37.146    Mon Dec 18 14:33 - 18:16  (03:43)    
root     pts/1        118.107.144.111  Mon Dec 18 11:11 - 11:07  (00:44)    
root     pts/0        171.83.37.146    Mon Dec 18 10:31 - 11:59  (01:17)

lastb列出失败尝试的登录信息

和 last 命令功能完全相同,只不过它默认读取的是 / var/log/btmp 文件的信息。当然也可以通过 last -f 参数指定读取文件,可以是 / var/log/btmp、/var/run/utmp
root     ssh:notty    120.132.112.75   Thu Jan 14 17:14 - 17:14  (00:00)    
abc      ssh:notty    89.250.148.154   Thu Jan 14 17:14 - 17:14  (00:00)    
abc      ssh:notty    89.250.148.154   Thu Jan 14 17:14 - 17:14  (00:00)    
lenovo   ssh:notty    122.114.37.11    Thu Jan 14 17:14 - 17:14  (00:00)    
lenovo   ssh:notty    122.114.37.11    Thu Jan 14 17:14 - 17:14  (00:00)    
simone   ssh:notty    203.ip-51-83-74. Thu Jan 14 17:14 - 17:14  (00:00)    
simone   ssh:notty    203.ip-51-83-74. Thu Jan 14 17:14 - 17:14  (00:00)    
benjamin ssh:notty    49.234.62.38     Thu Jan 14 17:13 - 17:13  (00:00)    
basesyst ssh:notty    152.89.239.120   Thu Jan 14 17:13 - 17:13  (00:00)    
benjamin ssh:notty    49.234.62.38     Thu Jan 14 17:13 - 17:13  (00:00)    
basesyst ssh:notty    152.89.239.120   Thu Jan 14 17:13 - 17:13  (00:00)    
root     ssh:notty    195.24.129.234   Thu Jan 14 17:13 - 17:13  (00:00)    
chris    ssh:notty    195.19.102.173   Thu Jan 14 17:12 - 17:12  (00:00)    
chris    ssh:notty    195.19.102.173   Thu Jan 14 17:12 - 17:12  (00:00)    
ftptest  ssh:notty    broadband-188-25 Thu Jan 14 17:12 - 17:12  (00:00)    
ftptest  ssh:notty    broadband-188-25 Thu Jan 14 17:12 - 17:12  (00:00)    
support  ssh:notty    182.61.51.141    Thu Jan 14 17:12 - 17:12  (00:00)    
support  ssh:notty    182.61.51.141    Thu Jan 14 17:12 - 17:12  (00:00)    
julio    ssh:notty    159.89.114.40    Thu Jan 14 17:11 - 17:11  (00:00)    
julio    ssh:notty    159.89.114.40    Thu Jan 14 17:11 - 17:11  (00:00)    
root     ssh:notty    120.132.112.75   Thu Jan 14 17:11 - 17:11  (00:00) 

关注微信公众号:【入门小站】,解锁更多知识点

阅读 162

rumenz.com

53 声望
3 粉丝
0 条评论

rumenz.com

53 声望
3 粉丝
宣传栏