1
1
Is it possible (and how) to tell which user and when was last logged in before the current user, via the command line interface? The ultimate goal is to write a script that writes this information to file.
valeryan
Posted 2018-06-04T08:33:01.480
Reputation: 11
2
Not a Windows User, Thus would like to answer for Linux platform, where in you have already a built-in command known as last. You can write a .sh script If you want as an exercise, but I think using command would be a better idea. However,
It gives you a listing of last user logged in and other important details as to time of login, system run-levels, etc.Just issue command to know what you want :
last
It should show something like this :
john pts/0 :0 Mon Jun 4 09:20 still logged in
reboot system boot 4.4.0-127-generi Mon Jun 4 09:18 still running
john pts/1 :0 Sun Jun 3 09:41 - 10:30 (00:48)
john pts/1 :0 Sun Jun 3 09:41 - 09:41 (00:00)
Follow this post to know what values in each columns stands for. To get more details, you can use parameters :
last -aFwx
where
hostname in the last column, just makes the formatting better.It would show something like this :
john pts/1 Mon Jun 4 14:10:25 2018 still logged in :0
john pts/0 Mon Jun 4 09:20:21 2018 still logged in :0
runlevel (to lvl 5) Mon Jun 4 09:19:37 2018 still running 4.4.0-127-generic
reboot system boot Mon Jun 4 09:18:24 2018 still running 4.4.0-127-generic
john pts/1 Sun Jun 3 09:41:37 2018 - Sun Jun 3 10:30:29 2018 (00:48) :0
To write information to a file, just redirect output of command to a file, say last_users.log by typing this :
last > last_user.log
OR
last -aFwx > last_user.log
Feel free to add-in more details.
C0deDaedalus
Posted 2018-06-04T08:33:01.480
Reputation: 1 375
Your answer is very good! However the command "last" without filtering gives too much information. Is it possible to filter it for showing not all, but only the last logging in or out events for each user at least for 5 (or less) users (if Linux)? – valeryan – 2018-06-04T09:43:11.200
1Yes, that is certainly possible using grep and awk commands. But that would be an answer to another question like How to filter xyz column from "last" command output ? or something similar to that. – C0deDaedalus – 2018-06-04T09:48:48.733
Therefore question was not about single command, but about a script. – valeryan – 2018-06-04T10:11:08.883
1
But you can do all that in a single line command that can be put in a cronjob for the purpose. Then Why write the script ?
– C0deDaedalus – 2018-06-04T10:17:09.010Ditto, e.g. last | head -n 1 | cut -f 1 -d ' '. – Kamil Maciorowski – 2018-06-04T10:29:52.620
In Linux just type
last. No need for a.sh– C0deDaedalus – 2018-06-04T08:53:23.717Yes, @C0deDaedalus, Your comment is important. I've edited my question (added second sentence), to explain why script is needed. – valeryan – 2018-06-04T09:03:11.577
In Windows, You may look in system logs for success 4624 event. To obtain that info from command line You may use any external command-line event viewer. PS. Formally the info about previos user logged in without sufficient rights is a security leak... – Akina – 2018-06-04T09:04:59.533
@ValerjansVinogradovs, updated my answer to concern the information writing to file. Also, Using Cron Scheduling for the task would be a better idea.
– C0deDaedalus – 2018-06-04T09:27:37.827Not Sure, but In windows you could write a powershell script using Get-Winevent commands.
– C0deDaedalus – 2018-06-04T09:44:58.050