Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Finding login times in Linux

Tags:

python

linux

unix

boot

I am trying to figure out times of logins into my systems (basically systems boot).

I am making use of last Unix command. However, it does not let me pull more than a certain number of entries. I assume that the log file from which it pulls, which is /var/log/wtmp, gets overwritten after a certain size.

I see that i have a wtmp.1 file also, so using -f parameter i can go back a month further back the logs using this parameter. Wondering if logs further back are archived somewhere.

So, my question is: Is there a way to get older entries.

The following is the last call that i am making:

last -n 10000|grep "system"

Here are last few lines of the output

reboot   system boot  3.5.0-36-generic Sun Jul  7 07:07 - 22:08  (15:01)    
reboot   system boot  3.5.0-36-generic Sat Jul  6 23:23 - 23:23  (00:00)    
reboot   system boot  3.5.0-34-generic Sat Jul  6 09:40 - 23:22  (13:42)    
reboot   system boot  3.5.0-34-generic Sat Jul  6 09:38 - 09:39  (00:00)    
reboot   system boot  3.5.0-34-generic Sat Jul  6 06:40 - 09:39  (02:58)    
reboot   system boot  3.5.0-34-generic Sat Jul  6 06:15 - 06:17  (00:02)    
reboot   system boot  3.5.0-34-generic Sat Jul  6 06:13 - 06:17  (00:03)    
reboot   system boot  3.5.0-34-generic Fri Jul  5 19:30 - 22:34  (03:03)

I am not able to get logs further back in time.

  1. Is this the correct approach?
  2. How do we see older logs? For instance if i pass -n 10000 or -n 1000000, i get the same output.

Eventually i will write a quick Python script to parse this o/p from subprocess module.

EDIT : Most of the answers below are correct. Unfortunately could accept only one answer. The logs once gone are gone!

like image 453
Nipun Batra Avatar asked Feb 16 '23 21:02

Nipun Batra

2 Answers

you don't say what type of unix / linux you are running but on my Ubuntu hosts this works good for last boot times

for f in /var/log/wtmp*; do last -f $f reboot;done

All it does is find all the wtmp files in /var/log and then filter out the reboot user

like image 123
Vorsprung Avatar answered Feb 18 '23 14:02

Vorsprung

last searches back through the file /var/log/wtmp. So regarding 2) it can only list those entries contained in wtmp. (use parameter f to specify any other file) E.g. if you rotate that file with a log rotator, it won't see those entries per default. 1) depends ;-)

You can only list those logins for which the log (resp. the rotate log are still present)

like image 36
Robert Caspary Avatar answered Feb 18 '23 14:02

Robert Caspary
Sign in to Comment

Related questions

Create file of single instances of account number
Python MySQL OperationalError: 1045, "Access denied for user root@'localhost'
How to understand the python function description?
Building a bidimensional array in Python [duplicate]
Win 64bit GetThreadContext returns zeroe'd out registers, or 0x57 errorcode
Scientific Reporting in Python
Need help vectorizing code or optimizing
Where does stuff "print" to when not running application from terminal?
Python parse int from django url parameter
How do you call a class' method in __init__?
Asserting an object passed into a mocked method in the python mock
__str__ outputs "instance at 0x00E4F558"
IE and Chrome not working with Selenium2 Python
Set max number of messages in the queue
Change Django Template Inheritance Dynamically?
NLTK words lemmatizing
Python Excel date/time read in issue
Apply non-linear regression for multi dimension data samples in Python

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!