lastlog
reports the most recent login of all users or of a given user
TLDR
Display the most recent login of all users
Display lastlog record of the specified user
Display records before than 7 days
Display records more recent than 3 days
SYNOPSIS
' lastlog 'u lastlog [ options ]
DESCRIPTION
lastlog formats and prints the contents of the last login log /var/log/lastlog file . The login-name , port ,and lastlogin time will be printed . The default (no flags) causes lastlog entries to be printed, sorted by their order in /etc/passwd .
OPTIONS
The options which apply to the lastlog command are:
-b , --before DAYS Print only lastlog records older than DAYS .
-C , --clear Clear lastlog record of a user . This option can be used only together with -u ( --user )).
-h , --help Display help message and exit .
-R , --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory .
-S , --set Set lastlog record of a user to the current time . This option can be used only together with -u ( --user )).
-t , --time DAYS Print the lastlog records more recent than DAYS .
-u , --user LOGIN | RANGE Print the lastlog record of the specified user(s) .
If the user has never logged in the message **Never logged in** will be displayed instead of the port and time .
Only the entries for the current users of the system will be displayed . Other entries may exist for users that were deleted previously .
NOTE
The lastlog file is a database which contains info on the last login of each user . You should not rotate it . It is a sparse file, so its size on the disk is usually much smaller than the one shown by " ls-l "(which can indicate a really big file if you have in passwd users with a high UID) . You can display its real size with " ls-s ".
CONFIGURATION
The following configuration variables in /etc/login .defs change the behavior of this tool:
LASTLOG_UID_MAX (number) Highest user ID number for which the lastlog entries should be updated . As higher user IDs are usually tracked by remote user identity and authentication services there is no need to create a huge sparse lastlog file for them .
FILES
/var/log/lastlog Database times of previous user logins .
CAVEATS
Large gaps in UID numbers will cause the lastlog program to run longer with no output to the screen (i .e . if in lastlog database there is no entries for users with UID between 170 and 800 lastlog will appear to hang as it processes entries with UIDs 171 -799) .