LabEx
Log In Join For Free

Linux last Command with Practical Examples

LinuxLinuxBeginner
Practice Now

Introduction

In this lab, you will learn about the last command in Linux, which is used to display information about the last users who have logged into the system. The lab covers understanding the purpose of the last command, exploring its output, and analyzing specific entries. You will learn how to use various options to customize the output and gain insights into user login and system reboot activities.

The lab provides practical examples and step-by-step instructions to help you become proficient in using the last command for user and permission management tasks in a Linux environment.

Linux Commands Cheat Sheet

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("`Linux`")) -.-> linux/BasicFileOperationsGroup(["`Basic File Operations`"]) linux(("`Linux`")) -.-> linux/TextProcessingGroup(["`Text Processing`"]) linux(("`Linux`")) -.-> linux/SystemInformationandMonitoringGroup(["`System Information and Monitoring`"]) linux/BasicFileOperationsGroup -.-> linux/head("`File Beginning Display`") linux/BasicFileOperationsGroup -.-> linux/tail("`File End Display`") linux/TextProcessingGroup -.-> linux/grep("`Pattern Searching`") linux/SystemInformationandMonitoringGroup -.-> linux/ps("`Process Displaying`") subgraph Lab Skills linux/head -.-> lab-422755{{"`Linux last Command with Practical Examples`"}} linux/tail -.-> lab-422755{{"`Linux last Command with Practical Examples`"}} linux/grep -.-> lab-422755{{"`Linux last Command with Practical Examples`"}} linux/ps -.-> lab-422755{{"`Linux last Command with Practical Examples`"}} end

Understand the Purpose of the last Command

In this step, you will learn about the purpose of the last command in Linux. The last command is used to display information about the last users who have logged into the system, including their username, the terminal they used, the time they logged in, and the time they logged out.

To use the last command, simply run the following in your terminal:

last

Example output:

labex   pts/0        172.17.0.1     Fri Mar 31 10:23   still logged in
labex   pts/0        172.17.0.1     Fri Mar 31 10:22 - 10:23  (00:00)
labex   pts/0        172.17.0.1     Fri Mar 31 10:21 - 10:22  (00:01)
labex   pts/0        172.17.0.1     Fri Mar 31 10:20 - 10:21  (00:01)
reboot  system boot  4.15.0-162-generic Fri Mar 31 10:20 - 10:23  (00:03)

The output shows the last users who have logged into the system, along with the terminal they used, their IP address, the time they logged in, and the time they logged out. The reboot line indicates the last time the system was rebooted.

You can also use the last command to display information about specific users or terminals by passing their names as arguments. For example:

last labex

This will show only the login/logout information for the user labex.

Explore the last Command Output

In this step, you will explore the different options and output formats of the last command.

The last command has several options that you can use to customize the output. Some of the commonly used options include:

  • -n <number>: Displays the last <number> of entries.
  • -x: Includes additional information such as the system shutdown and reboot entries.
  • -i: Displays the IP address of the user's login.
  • -R: Omits the hostname field from the output.

Let's try some of these options:

last -n 3

Example output:

labex   pts/0        172.17.0.1     Fri Mar 31 10:23   still logged in
labex   pts/0        172.17.0.1     Fri Mar 31 10:22 - 10:23  (00:00)
labex   pts/0        172.17.0.1     Fri Mar 31 10:21 - 10:22  (00:01)

This shows the last 3 login entries.

last -x

Example output:

labex   pts/0        172.17.0.1     Fri Mar 31 10:23   still logged in
labex   pts/0        172.17.0.1     Fri Mar 31 10:22 - 10:23  (00:00)
labex   pts/0        172.17.0.1     Fri Mar 31 10:21 - 10:22  (00:01)
reboot  system boot  4.15.0-162-generic Fri Mar 31 10:20 - 10:23  (00:03)

The -x option includes the system reboot entry.

last -i

Example output:

labex   pts/0        172.17.0.1     Fri Mar 31 10:23   still logged in
labex   pts/0        172.17.0.1     Fri Mar 31 10:22 - 10:23  (00:00)
labex   pts/0        172.17.0.1     Fri Mar 31 10:21 - 10:22  (00:01)
reboot  system boot  4.15.0-162-generic Fri Mar 31 10:20 - 10:23  (00:03)

The -i option includes the IP address of the user's login.

Try experimenting with different options to see how the output changes.

Analyze Specific last Command Entries

In this step, you will learn how to analyze specific entries in the output of the last command.

The last command can provide detailed information about each login session, including the username, terminal, IP address, login time, and logout time. You can use this information to investigate specific user activities or system events.

For example, let's say you want to analyze the login session of the user labex:

last labex

Example output:

labex   pts/0        172.17.0.1     Fri Mar 31 10:23   still logged in
labex   pts/0        172.17.0.1     Fri Mar 31 10:22 - 10:23  (00:00)
labex   pts/0        172.17.0.1     Fri Mar 31 10:21 - 10:22  (00:01)
labex   pts/0        172.17.0.1     Fri Mar 31 10:20 - 10:21  (00:01)

From this output, you can see that the user labex has logged in four times on the current day. The first three sessions were short, lasting less than a minute each. The user is still logged in for the fourth session, which started at 10:23.

You can also use the last command to investigate specific login sessions by providing the username and the terminal. For example:

last labex pts/0

Example output:

labex   pts/0        172.17.0.1     Fri Mar 31 10:23   still logged in
labex   pts/0        172.17.0.1     Fri Mar 31 10:22 - 10:23  (00:00)
labex   pts/0        172.17.0.1     Fri Mar 31 10:21 - 10:22  (00:01)
labex   pts/0        172.17.0.1     Fri Mar 31 10:20 - 10:21  (00:01)

This command will show only the login sessions for the user labex on the terminal pts/0.

By analyzing the last command output, you can gain valuable insights into user activities and system events, which can be useful for troubleshooting, security monitoring, and system administration.

Summary

In this lab, you learned about the purpose of the last command in Linux, which is used to display information about the last users who have logged into the system, including their username, the terminal they used, the time they logged in, and the time they logged out. You also explored the different options and output formats of the last command, such as displaying the last n entries, including additional information like system shutdown and reboot entries, displaying the IP address of the user's login, and omitting the hostname field from the output.

The last command is a useful tool for system administrators and users to monitor user login and logout activities, as well as system events like reboots. By understanding and using the last command, you can gain valuable insights into the usage and history of your Linux system.

Linux Commands Cheat Sheet

Other Linux Tutorials you may like

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

LinuxShell
Beginner
Linux for Noobs

Linux for Noobs

LinuxShell
Intermediate
Practice Linux Commands

Practice Linux Commands

LinuxShell
Beginner

We use cookies for a number of reasons, such as keeping the website reliable and secure, to improve your experience on our website and to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy