Home / server / Questions / 375091
Accepted
Andrew Case
Asked: 2012-03-30 15:40:12 +0800 CST

Getting login year data with the 'last' command on linux

  • 772

On Solaris, there the command 'fwtmp' provide the year information from the wtmp logs. For example:

host # /usr/lib/acct/fwtmp < /var/adm/wtmpx > tmp_wtmpx_file
host # head -1 tmp_wtmpx_file
user123 sshd 1258 7 0000 0000 1226072918 230489 0 29 host123.desktop.ourhost.com Fri Nov  7 09:48:38 2008

On Linux, the 'last' outputs the data without the year information, and I don't seem to be able to find a utility similar to 'fwtmp' on Linux to add the year data. The 'lastlog' command includes year in the output, but only looks up the users that are in the passwd file (not against ldap or other user databases by default). Is there a utility on Linux that will output the year along with the other data from 'last'?

linux logging last

2 Answers

  1. Best Answer
    man last
...
       -F     Print full login and logout times and dates.
...

    So, use last -F

    • 15

  2. On RHEL5, last -F isn't available.

    If you want to have only the last informations from a specific year, you need to use last -t.

    ex:

    • last -t 20140101000000 show everything before 2014.
    • last -t 20130101000000 show everything before 2013.

    if you run a diff between the 2 commands, you can have only informations for 2013.

    See Getting "year" with last command on Red Hat 5 for more informations if needed.

    • 4