show a listing of last logged in users
View last logins, their duration and other information as read from /var/log/wtmp
Specify how many of the last logins to show
Print the full date and time for entries and then display the hostname column last to prevent truncation
View all logins by a specific user and show the IP address instead of the hostname
View all recorded reboots (i.e., the last logins of the pseudo user "reboot")
View all recorded shutdowns (i.e., the last logins of the pseudo user "shutdown")
last [options] [username...] [tty...]
lastb [options] [username...] [tty...]
last searches back through the /var/log/wtmp file (or the file designated by the -f option) and displays a list of all users logged in (and out) since that file was created. One or more usernames and/or ttys can be given, in which case last will show only the entries matching those arguments. Names of ttys can be abbreviated, thus last 0 is the same as last tty0.
When catching a SIGINT signal (generated by the interrupt key, usually control-C) or a SIGQUIT signal, last will show how far it has searched through the file; in the case of the SIGINT signal last will then terminate.
The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all the reboots since the log file was created.
lastb is the same as last, except that by default it shows a log of the /var/log/btmp file, which contains all the bad login attempts.
Display the hostname in the last column. Useful in combination with the --dns option.
For non-local logins, Linux stores not only the host name of the remote host, but its IP number as well. This option translates the IP number back into a hostname.
-f, --file file
Tell last to use a specific file instead of /var/log/wtmp. The --file option can be given multiple times, and all of the specified files will be processed.
Print full login and logout times and dates.
Like --dns , but displays the host’s IP number instead of the name.
-number; -n, --limit number
Tell last how many lines to show.
-p, --present time
Display the users who were present at the specified time. This is like using the options --since and --until together with the same time.
Suppresses the display of the hostname field.
-s, --since time
Display the state of logins since the specified time. This is useful, e.g., to easily determine who was logged in at a particular time. The option is often combined with --until.
-t, --until time
Display the state of logins until the specified time.
Define the output timestamp format to be one of notime, short, full, or iso. The notime variant will not print any timestamps at all, short is the default, and full is the same as the --fulltimes option. The iso variant will display the timestamp in ISO-8601 format. The ISO format contains timezone information, making it preferable when printouts are investigated outside of the system.
Display full user names and domain names in the output.
Display the system shutdown entries and run level changes.
Display help text and exit.
Print version and exit.
The options that take the time argument understand the following formats:
|YYYY-MM-DD hh:mm||(seconds will be set to 00)|
|YYYY-MM-DD||(time will be set to 00:00:00)|
|hh:mm:ss||(date will be set to today)|
|hh:mm||(date will be set to today, seconds to 00)|
|yesterday||(time is set to 00:00:00)|
|today||(time is set to 00:00:00)|
|tomorrow||(time is set to 00:00:00)|
The files wtmp and btmp might not be found. The system only logs information in these files if they are present. This is a local configuration issue. If you want the files to be used, they can be created with a simple touch(1) command (for example, touch /var/log/wtmp).
An empty entry is a valid type of wtmp entry. It means that an empty file or file with zeros is not interpreted as an error.
For bug reports, use the issue tracker at <https://github.com/util-linux/util-linux/issues>.
The last command is part of the util-linux package which can be downloaded from Linux Kernel Archive <https://www.kernel.org/pub/linux/utils/util-linux/>.