查看用户登录系统的日志
有两类日志记录用户登录的行为,一是记录登录者的数据,一个是记录用户的登录时间
一,记录用户登录数据
/var/log/wtmp日志文件记录用户登录的数据。但这个文件是被编码的文件,不能直接用vi、cat等命令查看,可以用last命令读取。每一次登录就会产生一条记录,包括用户名、登录端、时间跨度等信息,如下:
[root@bogon ~]# last
root pts/1 :0.0 Wed Oct 24 03:03 still logged in
root :0 Wed Oct 24 03:02 still logged in
root :0 Wed Oct 24 03:02 - 03:02 (00:00)
reboot system boot 2.6.18-194.el5 Wed Oct 24 03:01 (00:01)
root pts/1 :0.0 Mon Oct 22 01:00 - 03:09 (02:08)
root :0 Mon Oct 22 01:00 - 03:09 (02:09)
root :0 Mon Oct 22 01:00 - 01:00 (00:00)
reboot system boot 2.6.18-194.el5 Mon Oct 22 00:58 (02:10)
root pts/3 :0.0 Sat Oct 13 18:59 - 00:41 (05:41)
root pts/2 :0.0 Sat Oct 13 18:34 - 00:41 (06:06)
root pts/1 :0.0 Sat Oct 13 18:33 - 00:41 (06:08)
root :0 Sat Oct 13 18:32 - 00:41 (06:08)
root :0 Sat Oct 13 18:32 - 18:32 (00:00)
reboot system boot 2.6.18-194.el5 Sat Oct 13 18:31 (06:09)
root pts/1 :0.0 Thu Oct 11 20:12 - 03:17 (07:04)
root :0 Thu Oct 11 20:12 - 03:17 (07:05)
root :0 Thu Oct 11 20:12 - 20:12 (00:00)
www.2cto.com
二,查看具体用户登录
/var/log/lastlog日志文件记录了每个用户最近的登录时间 。每个用户只有一条记录
[html]
[root@bogon ~]# lastlog
Username Port From Latest
root :0 Wed Oct 24 03:02:36 -0700 2012
bin Never logged in
daemon Never logged in
adm Never logged in
lp Never logged in
sync Never logged in
shutdown Never logged in
halt Never logged in
mail Never logged in
news Never logged in
uucp Never logged in
operator Never logged in
games Never logged in
gopher Never logged in
ftp Never logged in
nobody Never logged in
nscd Never logged in
vcsa Never logged in
oprofile Never logged in
pcap Never logged in
ntp Never logged in
dbus Never logged in
avahi Never logged in
rpc Never logged in
apache Never logged in
mailnull Never logged in
smmsp Never logged in
sshd Never logged in
xfs Never logged in
rpcuser Never logged in
haldaemon Never logged in
avahi-autoipd Never logged in
gdm Never logged in
才发现有这么多默认用户
Featured Collection
Popular Ranking
Popular Events
中文 
deepin deepin 
Deepin 25.1.0 fresh install problem 
查看用户登录系统的日志
有两类日志记录用户登录的行为,一是记录登录者的数据,一个是记录用户的登录时间
一,记录用户登录数据
[root@bogon ~]# last
root pts/1 :0.0 Wed Oct 24 03:03 still logged in
root :0 Wed Oct 24 03:02 still logged in
root :0 Wed Oct 24 03:02 - 03:02 (00:00)
reboot system boot 2.6.18-194.el5 Wed Oct 24 03:01 (00:01)
root pts/1 :0.0 Mon Oct 22 01:00 - 03:09 (02:08)
root :0 Mon Oct 22 01:00 - 03:09 (02:09)
root :0 Mon Oct 22 01:00 - 01:00 (00:00)
reboot system boot 2.6.18-194.el5 Mon Oct 22 00:58 (02:10)
root pts/3 :0.0 Sat Oct 13 18:59 - 00:41 (05:41)
root pts/2 :0.0 Sat Oct 13 18:34 - 00:41 (06:06)
root pts/1 :0.0 Sat Oct 13 18:33 - 00:41 (06:08)
root :0 Sat Oct 13 18:32 - 00:41 (06:08)
root :0 Sat Oct 13 18:32 - 18:32 (00:00)
reboot system boot 2.6.18-194.el5 Sat Oct 13 18:31 (06:09)
root pts/1 :0.0 Thu Oct 11 20:12 - 03:17 (07:04)
root :0 Thu Oct 11 20:12 - 03:17 (07:05)
root :0 Thu Oct 11 20:12 - 20:12 (00:00)
www.2cto.com
二,查看具体用户登录
[html]
[root@bogon ~]# lastlog
Username Port From Latest
root :0 Wed Oct 24 03:02:36 -0700 2012
bin Never logged in
daemon Never logged in
adm Never logged in
lp Never logged in
sync Never logged in
shutdown Never logged in
halt Never logged in
mail Never logged in
news Never logged in
uucp Never logged in
operator Never logged in
games Never logged in
gopher Never logged in
ftp Never logged in
nobody Never logged in
nscd Never logged in
vcsa Never logged in
oprofile Never logged in
pcap Never logged in
ntp Never logged in
dbus Never logged in
avahi Never logged in
rpc Never logged in
apache Never logged in
mailnull Never logged in
smmsp Never logged in
sshd Never logged in
xfs Never logged in
rpcuser Never logged in
haldaemon Never logged in
avahi-autoipd Never logged in
gdm Never logged in