Linux 操作系统日志管理全攻略(2) chyang pts/0 Aug 18 15:06 ynguo pts/2 Aug 18 15:32 ynguo pts/3 Aug 18 13:55 lewis pts/4 Aug 18 13:35 ynguo pts/7 Aug 18 14:12 ylou pts/8 Aug 18 14:15 如果指明了wtmp文件名,则who命令查询所有以前的纪录。命令who /var/log/wtmp将报告自从wtmp文件创建或删改以来的每一次登录。 w:w命令查询utmp文件并显示当前系统中每个用户和它所运行的进程信息。例如:w(回车)显示:3:36pm up 1 day, 22:34, 6 users, load average: 0.23, 0.29, 0.27. USER TTYFROM LOGIN@ IDLE JCPU PCPUWHAT chyang pts/0 202.38.68.2423:06pm 2:04 0.08s 0.04s -bash ynguo pts/2 202.38.79.47 3:32pm 0.00s 0.14s 0.05 w lewis pts/3 202.38.64.2331:55pm 30:39 0.27s 0.22s -bash lewis pts/4 202.38.64.2331:35pm 6.00s 4.03s 0.01s sh /home/users/ ynguo pts/7 simba.nic.ustc.e 2:12pm 0.00s 0.47s 0.24s telnet mail yloupts/8 202.38.64.2352:15pm 1:09m 0.10s 0.04s-bash users:users用单独的一行打印出当前登录的用户,每个显示的用户名对应一个登录会话。如果一个用户有不止一个登录会话,那他的用户名将显示相同的次数。例如:users(回车)显示:chyang lewis lewis ylou ynguo ynguo last:last命令往回搜索wtmp来显示自从文件第一次创建以来登录过的用户。例如: chyang pts/9202.38.68.242 Tue Aug 1 08:34 - 11:23 (02:49) cfanpts/6202.38.64.224 Tue Aug 1 08:33 - 08:48 (00:14) chyang pts/4202.38.68.242 Tue Aug 1 08:32 - 12:13 (03:40) lewis pts/3202.38.64.233 Tue Aug 1 08:06 - 11:09 (03:03) lewis pts/2202.38.64.233 Tue Aug 1 07:56 - 11:09 (03:12) 如果指明了用户,那么last只报告该用户的近期活动,例如:last ynguo(回车)显示: ynguopts/4 simba.nic.ustc.e Fri Aug 4 16:50 - 08:20 (15:30) ynguopts/4 simba.nic.ustc.e Thu Aug 3 23:55 - 04:40 (04:44) ynguopts/11 simba.nic.ustc.e Thu Aug 3 20:45 - 22:02 (01:16) ynguopts/0 simba.nic.ustc.e Thu Aug 3 03:17 - 05:42 (02:25) ynguopts/0 simba.nic.ustc.e Wed Aug 2 01:04 - 03:16 1+02:12) ynguopts/0 simba.nic.ustc.e Wed Aug 2 00:43 - 00:54 (00:11) ynguopts/9 simba.nic.ustc.e Thu Aug 1 20:30 - 21:26 (00:55) ac:ac命令根据当前的/var/log/wtmp文件中的登录进入和退出来报告用户连结的时间(小时),如果不使用标志,则报告总的时间。例如:ac(回车)显示:total 5177.47
