查看用户登录系统的日志
有两类日志记录用户登录的行为,一是记录登录者的数据,一个是记录用户的登录时间
一,记录用户登录数据
/var/log/wtmp日志文件记录用户登录的数据。但这个文件是被编码的文件,不能直接用vi、cat等命令查看,可以用last命令读取。每一次登录就会产生一条记录,包括用户名、登录端、时间跨度等信息,如下:
www.2cto.com
[html]
[[email protected] ~]# last
root pts/1 :0.0 Wed Oct 24 03:03 still logged in
root :0 Wed Oct 24 03:02 still logged in
root :0 Wed Oct 24 03:02 - 03:02 (00:00)
reboot system boot 2.6.18-194.el5 Wed Oct 24 03:01 (00:01)
root pts/1 :0.0 Mon Oct 22 01:00 - 03:09 (02:08)
root :0 Mon Oct 22 01:00 - 03:09 (02:09)
root :0 Mon Oct 22 01:00 - 01:00 (00:00)
reboot system boot 2.6.18-194.el5 Mon Oct 22 00:58 (02:10)
root pts/3 :0.0 Sat Oct 13 18:59 - 00:41 (05:41)
root pts/2 :0.0 Sat Oct 13 18:34 - 00:41 (06:06)
root pts/1 :0.0 Sat Oct 13 18:33 - 00:41 (06:08)
root :0 Sat Oct 13 18:32 - 00:41 (06:08)
root :0 Sat Oct 13 18:32 - 18:32 (00:00)
reboot system boot 2.6.18-194.el5 Sat Oct 13 18:31 (06:09)
root pts/1 :0.0 Thu Oct 11 20:12 - 03:17 (07:04)
root :0 Thu Oct 11 20:12 - 03:17 (07:05)
root :0 Thu Oct 11 20:12 - 20:12 (00:00)
www.2cto.com
二,查看具体用户登录
/var/log/lastlog日志文件记录了每个用户最近的登录时间 。每个用户只有一条记录
[html]
[[email protected] ~]# lastlog
Username Port From Latest
root :0 Wed Oct 24 03:02:36 -0700 2012
bin **Never logged in**
daemon **Never logged in**
adm **Never logged in**
lp **Never logged in**
sync **Never logged in**
shutdown **Never logged in**
halt **Never logged in**
mail **Never logged in**
news **Never logged in**
uucp **Never logged in**
operator **Never logged in**
games **Never logged in**
gopher **Never logged in**
ftp **Never logged in**
nobody **Never logged in**
nscd **Never logged in**
vcsa **Never logged in**
oprofile **Never logged in**
pcap **Never logged in**
ntp **Never logged in**
dbus **Never logged in**
avahi **Never logged in**
rpc **Never logged in**
apache **Never logged in**
mailnull **Never logged in**
smmsp **Never logged in**
sshd **Never logged in**
xfs **Never logged in**
rpcuser **Never logged in**
haldaemon **Never logged in**
avahi-autoipd **Never logged in**
gdm **Never logged in**