Linux and Unix last command
Quick links
About last
Syntax
Examples
Related commands
Linux and Unix main page
Show listing of last logged in users.
last [-R] [-num] [ -n num ] [-adiox] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...] [tty...]
lastb [-R] [-num] [ -n num ] [ -f file ] [-adiox] [name...] [tty...]
| -num | This is a count telling last how many lines to show. |
| -n num | The same. |
| -t YYYYMMDDHHMMSS | Display the state of logins as of the specified time. This is useful, e.g., to determine easily who was logged in at a particular time -- specify that time with -t and look for "still logged in". |
| -f file | Specifies a file to search other than /var/log/wtmp. |
| -R | Suppresses the display of the hostname field. |
| -a | Display the hostname in the last column. Useful in combination with the next flag. |
| -d | For non-local logins, Linux stores not only the host name of the remote host but its IP number as well. This option translates the IP number back into a hostname. |
| -i | This option is like -d in that it displays the IP number of the remote host, but it displays the IP number in numbers-and-dots notation. |
| -o | Read an old-type wtmp file (written by linux-libc5 applications). |
| -x | Display the system shutdown entries and run level changes. |
last
typing in last into the system would display results similar to the below example. Each line first starts with the account in this case "root" and "mrhope", how each user logged in (pts/tty)
root pts/1 55.98.0.130 Fri Nov 14 18:52 - 22:16 (03:23)
root pts/0 c-57-161-249-108 Fri Nov 14 05:45 - 03:09 (1+21:23)
mrhope pts/0 c-57-161-249-109 Wed Nov 12 06:51 - 03:14 (1+20:22)
root pts/1 c-57-161-249-108 Tue Nov 11 19:53 - 05:03 (09:09)
root pts/1 55.98.0.130 Wed Nov 5 07:35 - 11:14 (03:39)
root pts/0 c-57-161-249-108 Wed Nov 5 06:20 - 21:10 (6+14:49)
root pts/0 55.98.0.130 Tue Nov 4 13:32 - 14:02 (00:30)
root tty7 Tue Nov 4 12:24 - down (31+12:37)
reboot system boot 2.6.24.2.dn.p4 Tue Nov 4 05:39 (31+19:22)