Differences

This shows you the differences between two versions of the page.

--- linux:users_logs [2022/11/21 14:05]
manu created
+++ linux:users_logs [2022/11/21 15:28] (current)
manu
@@ Line 1: / Line 1: @@
 ====== User logs ======
+===== Lastlog =====
+lastlog command prints the last login times for system accounts. Login information is read from the file /var/log/lastlog.
+To print the last login of all the users:
+<cli prompt='#'>
+# lastlog
+</cli>
+To print the records of specified days older:
+<cli prompt='#'>
+# lastlog -b 10
+# lastlog --before 10
+</cli>
+To print the logs more recent that specified days:
+<cli prompt='#'>
+# lastlog -t 20
+# lastlog --time 20
+</cli>
+To print the last login records of specified login:
+<cli prompt='#'>
+# lastlog -u mike
+# lastlog --user mike
+</cli>
+**Why is the /var/log/lastlog file so large?**
+The lastlog file is reporting to be ~1.2TB in size. This file is large since it contains information regarding the last login for all users. The UID of nfsnobody on 64 bit systems is 4294967294 or 2^32-2, with 256kB per UID.
+**This file is what we call a sparse file**. A sparse file is a file that contains **unallocated blocks** or "empty space", as it implies, it does not actually take up filesystem space.
+<cli prompt='#'>
+[root@LIN-HREL8 ~]# du -sh /var/log/lastlog
+K     /var/log/lastlog
+[root@LIN-HREL8 ~]# ls -lh /var/log/lastlog
+-rw-rw-r--. 1 root utmp 327G Nov 21 14:06 /var/log/lastlog
+[root@LIN-HREL8 ~]# df -h /var
+Filesystem            Size  Used Avail Use% Mounted on
+/dev/mapper/rhel-var  5.0G  2.4G  2.7G  47% /var
+</cli>
+This file can potential give problems during backup, so ignore it.

wiki

User Tools

Site Tools

Differences

Page Tools