![](https://dedirock.com/wp-content/uploads/2024/10/23202b7fa021ca0e6a1c48ad1dbd5874-3-848x440.webp)
This article explores various commands useful for checking user logins and monitoring the duration of user activity on your Linux servers.
The who command is straightforward and shows who is currently logged onto your server. Additionally, it reveals the login time and the originating IP address of each session. Below is an example where two different users are logged in from separate locations.
The last command provides a retrospective view of logins, showing both present and past user sessions, starting from the most recent ones.
The following command condenses multiple spaces into a single space.
To monitor login activities, one could utilize a command designed to tally the number of log entries in the existing /var/log/wtmp file, which serves as a storage for such records. It’s crucial to remember that this file is binary, rendering it unreadable via typical text processing commands like grep, more, or cat.
This particular command focuses on non-system (regular) users – typically those with their own directories under /home – and aggregates the number of times they’ve logged in.
To ascertain the age of the wtmp file, one could employ another command that outputs the earliest (therefore oldest) record in the log.
Another command can be executed to show the initiation date of the wtmp file, which is appended at the conclusion of its output.
The ac command provides information about user connection times and includes several other helpful features.
Apply the -d option to see the total daily logins, as demonstrated here:
To get totals for each user, select the -p option:
The lslogins command presents information on both system and user accounts. Typically, many system accounts do not log in, resulting in numerous empty entries in the LAST-LOGIN column.
To display user logins while excluding system accounts, employ a command using the -u option:
You can obtain detailed information about a particular user with the command shown below. Here, the lslogins command pulls in data from additional sources (such as the /etc/passwd file) to provide more insights about the user including the user’s shell and UID.
If specific dates are not mentioned (e.g., Sep11/12:13), the date referenced is the present date.
The lastlog command provides information on the most recent login activity of all users or a specific user.
To see recent commands that a user has run, you need to have superuser access and take a look at their command history file. For bash users, this will be .bash_history.
Linux systems provide many ways to view user activity – when they log in, how long they stay logged in, and even what commands they run.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.