RHEL User Login History
Hi,
We are using RHEL 6.5 and we have created more then 20 user account in that server, now i want to find out which user are not login the server more then 30 to 60 days, in this case any command or script to find out login history ?
Responses
A quick script like:
for USER in `getent passwd | awk -F ":" '{print $1}'`
do
last -1 $USER | sed -e '/wtmp/d' -e '/^$/d'
done
Will do it. There's also some legacy commands that will give similar results.
Note 1: this will only gather interactive logins.
Note 2: this will only work since the last time the wtmp logs were updated.
'lastlog' should be able to provide what you need.
lastlog -b 30
The same essential argument can be used for any command.. if the input is corrupted the output is potentially inaccurate.
There is probably be an argument to be made that /var/log is a poor choice of location for both wtmp and lastlog based on the FHS descriptions of /var directories... but it explicitly states that these files (or symlinks) must exist in /var/log.
I personally think /var/lib is possibly a better location for both files given their nature.
Hi guys,
In my case i have integrate Linux Server with AD, so domain users only login to the system.
using "lastlog" command and mentoned script, i have only notice local user login history.
Is there any we way to find the domain user login history.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
