Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Commands for Linux to view system logs

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "Linux command to view system logs". Many people will encounter such a dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

There are many important log files in the Linux system, which can save a lot of log records of accessing Linux. Most of these logs are stored in the / var/log directory and / run directory, but some of these logs can not be opened with commands such as cat,vi,more, but need some special commands, which are briefly introduced here.

Linux log file description

/ var/log/message system information and error log after startup is one of the most commonly used logs in Red Hat Linux

/ var/log/secure security-related log information

/ var/log/maillog Mail-related log information

/ var/log/cron log information related to scheduled tasks

/ var/log/spooler log information related to UUCP and news devices

Log messages related to / var/log/boot.log daemon start and stop

/ var/log/wtmp this log file permanently records the events of each user logging in, logging out, and system startup and downtime

1. W command

The w command is used to display user information that is currently logged in to the system.

Execute this instruction to know who are currently logged in to the system and the programs they are executing.

Executing the w instruction alone displays all users, or you can specify a user name to display only information about a user.

Syntax: W [- fhlsuV] [user name]

Parameter description:

-f turns on or off showing where the user logs in to the system.

-h does not display the title information column of each field.

-l uses a detailed format list, which is the default value.

-s uses a concise format list and does not show the login time of the user, the CPU time spent by the terminal phase jobs and programs.

-u ignores the name of the executing program and the information that the program takes CPU time.

-V displays version information.

Example:

1. Display all the user information currently logged in to the system without any parameters

The first line of information output is the same as the output using the uptime command, and the column information is described as follows:

12-30-08-current system time.

Up 2:14-how long the system has been running.

3 users-number of logged-in users.

Load average: 0.00,0.01,0.05-the average load information of the system in the past 15 minutes. The average system load is a measure of the number of jobs currently running or waiting for disk Iripple O. It basically tells you how busy the system is in a given interval.

The second line of information includes the following field descriptions:

USER-Login user name.

TTY-the terminal name used by the logged-in user.

FROM-the hostname or IP address of the logged-in user's source.

LOGIN@-the length of time the user is logged in.

IDLE-Idle time since the user last interacted with the terminal.

JCPU-the time used by all processes attached to the tty.

PCPU-time spent by the user on the current process. The one shown in the WHAT field.

WHAT-the user's current process and options / parameters.

2. Display the information of a user who is currently logged in to the system, then the output will be limited to a given user.

II. Who command

The who command is used to show which users are on the system, including the user ID, the terminal used, which side is connected, the online time, the sluggish time, the CPU usage, the action, and so on.

Permissions: available to all users.

Syntax: who-[husfV] [user]

Parameter description:

-H or-- heading: displays the header information column of each field

-I or-u or-- idle: displays the idle time, which will be marked "." if the user takes any action within the previous minute. If the user has not taken any action for more than 24 hours, the string "old" is marked.

-m: this parameter has the same effect as the specified "am I" string

-Q or-- count: only the account name and total number of people logged in to the system are displayed.

-s: this parameter will be ignored and will not be processed, and will only solve the compatibility problem of other versions of the who directive.

-w or-T or-- mesg or-- message or-- writable: displays the user's information status bar

Example:

1. Display the users who are currently logged in to the system

[root@centos7 ~] # who

Root tty1 2020-01-11 10:15

Root pts/0 2020-01-11 10:16 (192.168.198.1)

Lisi pts/1 2020-01-11 12:30 (192.168.198.1)

2. Show only the current user

[root@centos7] # who-m-H

Name line time remarks

Root pts/0 2020-01-11 10:16 (192.168.198.1)

[root@centos7 ~] # whoami

Root

Enter whoami to display your login user name.

3. Last command

The last command is used to display the recent login of a user or terminal. By viewing the program's log through the last command, the administrator can know who has connected or attempted to connect to the system.

When the last command is executed, it reads the file named wtmp in the / var/log directory and displays the list of users logged in to the system or terminal recorded by the file. Wtmp records are displayed by default, btmp can display more details, and remote logins can be displayed, such as ssh logins.

Syntax: last [- num |-n num] [- f file] [- t YYYYMMDDHHMMSS] [- R] [- adioxFw] [username..] [tty..]

-num |-n num specifies the number of output records

-f file specifies the record file as the log file for the query

-t YYYYMMDDHHMMSS displays logins before the specified time

Username account name

Tty terminal number

Options:

-R does not display the host name or IP of the logged in system or terminal

-a display the hostname of the login system or terminal over the IP address on the last line

-d convert IP address to host name

-I displays specific IP logins.

-o read old types of wtmp files written by linux-libc5 applications

-x displays the history of system shutdown, user login, and logout

-F displays the full time of login

-w displays the full user name or domain name in the output

Example:

First column: user name

The second column: terminal location (pts/0 pseudo terminal, which means users who connect remotely from tools such as SSH or telnet, and graphical interface terminals fall into this category. Tty0 is directly connected to a computer or a locally connected user. The following number represents the connection number)

The third column: log in to the IP or kernel (if it is: 0. 0 or nothing, which means that the user connects through the local terminal. In addition to the restart activity, the kernel version is displayed in the state)

Column 4: start time

Fifth column: end time (still login in has not exited, down until normal shutdown, crash until forced shutdown)

Column 6: duration

1. Specify the number of records displayed (show the number of last logins in the record)

[root@centos7] # last-n 10

Lisi pts/1 192.168.198.1 Sat Jan 11 12:30 still logged in

Root pts/0 192.168.198.1 Sat Jan 11 10:16 still logged in

Root tty1 Sat Jan 11 10:15 still logged in

Reboot system boot 3.10.0-957.el7.x Sat Jan 11 10:15-12:53 (02:37)

Root pts/1 192.168.198.1 Fri Jan 10 22:08-23:24 (01:15)

Root pts/0 192.168.198.1 Fri Jan 10 14:07-crash (20:07)

Root tty1 Fri Jan 10 14:07-23:24 (09:17)

Reboot system boot 3.10.0-957.el7.x Fri Jan 10 14:07-12:53 (22:46)

Root pts/0 192.168.198.1 Tue Jan 7 20:33-down (02:38)

Root pts/1 192.168.198.1 Tue Jan 7 18:44-20:56 (02:11)

Wtmp begins Sun Dec 1 20:35:35 2019

2. Specify the file to be queried. The default is wtmp.

[root@centos7] # last-10-f / var/log/btmp

Root tty1 Sat Jan 4 10:06 gone-no logout

Root tty1 Fri Jan 3 15:35-10:06 (18:30)

Root tty1 Fri Jan 3 15:18-15:35 (00:17)

Root tty1 Fri Jan 3 15:18-15:18 (00:00)

Root ssh:notty 192.168.198.1 Fri Jan 3 15:18 gone-no logout

Btmp begins Fri Jan 3 15:18:01 2020

3. Display records before the specified time

[root@centos7] # last-5-t 20200111000000

Root pts/1 192.168.198.1 Fri Jan 10 22:08-23:24 (01:15)

Root pts/0 192.168.198.1 Fri Jan 10 14:07 gone-no logout

Root tty1 Fri Jan 10 14:07-23:24 (09:17)

Reboot system boot 3.10.0-957.el7.x Fri Jan 10 14:07-12:56 (22:49)

Root pts/0 192.168.198.1 Tue Jan 7 20:33-down (02:38)

Wtmp begins Sun Dec 1 20:35:35 2019

4. Lastlog command

The lastlog command is used to display the last login information for all users in the system.

The lastlog file is queried every time a user logs in. You can use the lastlog command to check when a particular user last logged in and format the contents of the last login log / var/log/lastlog output. It displays the login name, port number (tty), and last login time, sorted by UID. If a user has never logged in, lastlog displays * * Never logged**.

Note: this command needs to be run as root.

Syntax: lastlog (option)

Common parameters:

-b displays login information before the specified number of days

-t displays login information since the specified number of days

-u displays the most recent login information for the specified user

-h displays help information for the summoning order

Example:

1. Display the last login information of all users in the system

[root@centos7 ~] # lastlog

User name port from the last login time

Root pts/0 192.168.198.1 June 11 10:16:19 + 0800 2020

Bin * * never logged in * *

Daemon * * never logged in * *

Adm * * never logged in * *

Lp * * never logged in * *

Sync * * never logged in * *

Shutdown * * never logged in * *

Halt * * never logged in * *

Mail * * never logged in * *

Operator * * never logged in * *

Games * * never logged in * *

Ftp * * never logged in * *

Nobody * * never logged in * *

Systemd-network * * never logged in * *

Dbus * * never logged in * *

Polkitd * * never logged in * *

Abrt * * never logged in * *

Sshd * * never logged in * *

Postfix * * never logged in * *

Chrony * * never logged in * *

Apache * * never logged in * *

Lisi pts/1 192.168.198.1 June 11 12:30:01 + 0800 2020

2. Display login information since the specified number of days

[root@centos7 ~] # lastlog-t 3

User name port from the last login time

Root pts/0 192.168.198.1 June 11 10:16:19 + 0800 2020

Lisi pts/1 192.168.198.1 June 11 12:30:01 + 0800 2020

3. Display the most recent login information of the specified user

[root@centos7] # lastlog-u lisi

User name port from the last login time

Lisi pts/1 192.168.198.1 June 11 12:30:01 + 0800 2020

5. Lastb command

The lastb command is used to list information about users who failed to login to the system.

Execute the lastb instruction alone, which reads the file named btmp located in the / var/log directory and displays the list of failed login users recorded in the file contents.

Syntax: lastb [- adRx] [- f] [- n] [account name.] [terminal number.]

Parameter description:

-a displays the host name or IP address from where to log in to the system on the last line.

-d translates the IP address to the host name.

-f specifies the record file.

-n or-sets the number of display columns for the list.

-R does not display the host name or IP address logged in to the system.

-x displays information such as system shutdown, reboot, and change of execution level.

Example:

1. Show users who failed to log in

[root@centos7 ~] # lastb

Root tty1 Sat Jan 4 10:06-10:06 (00:00)

Root tty1 Fri Jan 3 15:35-15:35 (00:00)

Root tty1 Fri Jan 3 15:18-15:18 (00:00)

Root tty1 Fri Jan 3 15:18-15:18 (00:00)

Root ssh:notty 192.168.198.1 Fri Jan 3 15:18-15:18 (00:00)

Btmp begins Fri Jan 3 15:18:01 2020

Stand on the shoulders of seniors and make a little progress every day

Ends~

This is the end of the "Linux command to view system logs". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report