lastlog
Report the most recent login of all users or a specified user
TLDR
Display most recent login of all users
$ lastlog
Display lastlog for a specific user$ lastlog --user [username]
Display records older than N days$ lastlog --before [7]
Display records more recent than N days$ lastlog --time [3]
SYNOPSIS
lastlog [options]
DESCRIPTION
lastlog reports the most recent login of all users or a specified user by reading /var/log/lastlog. Unlike last, it shows only one record per user representing their most recent login.The lastlog file is a sparse file indexed by UID, so it can appear large but doesn't consume much disk space. Users who have never logged in show "Never logged in".
PARAMETERS
-u, --user LOGIN|RANGE
Show lastlog record for specified user(s). Can be a login name, numeric UID, or a UID range (UIDMIN-UIDMAX)-b, --before DAYS
Show records older than DAYS-t, --time DAYS
Show records more recent than DAYS-C, --clear
Clear lastlog record for a user (requires -u)-S, --set
Set lastlog record for a user to the current time (requires -u)-R, --root CHROOT\DIR_
Apply changes in the CHROOT_DIR directory and use its configuration files-h, --help
Display help message and exit
CAVEATS
The lastlog file is indexed by UID; very high UIDs can make the file appear large. Some systems may not maintain lastlog. System accounts typically show as never logged in.
HISTORY
lastlog has been part of Unix-like systems for decades, providing a quick way to audit which users have logged in recently and identify dormant accounts.
