generate list of hostnames who logged in to ubuntu server

Question

When I login to my server it displays the last login:

Last login: Mon Dec 16 12:28:10 2013 from host.name.nl

This made me wonder that there should be a list or something containing this information. Can I retrieve a list of all users who once logged in to my server, via either SSH with their corresponding hostname or physical (hard because its a VPS)? It would be really cool if this also displayed passed logins instead of only the last.

Does anyone know a script or starting point where I can find this information?

`man last` is a good starting point. – Jenny D Dec 17 '13 at 07:33 — Jenny D, Dec 17 '13 at 07:33

score 1 · Answer 1 · answered Dec 16 '13 at 17:39

1

You can use lastlog and save output on a file

lastlog > list_lastlog_users

You will see last IP or domain logged from.

answered Dec 16 '13 at 17:39

Erick

19
2

score 1 · Accepted Answer · answered Dec 16 '13 at 17:54

Login information is stored in /var/log/wtmp, so the availability of this information depends on your rotation policy for this file.

For example:

[michael@challenger:~]$ ls -al /var/log/wtmp*
-rw-rw-r-- 1 root utmp 306816 Dec 16 12:49 /var/log/wtmp
-rw-rw-r-- 1 root utmp 539904 Dec  2 09:58 /var/log/wtmp.1

So I can check to see if anyone other than me logged in going as far back as:

[michael@challenger:~]$ last -f /var/log/wtmp.1 | grep -v michael
reboot   system boot  3.8.0-33-generic Mon Dec  2 09:57 - 12:50 (14+02:53)  
reboot   system boot  3.8.0-33-generic Tue Nov 26 09:57 - 15:54 (4+05:57)   
reboot   system boot  3.8.0-33-generic Mon Nov 18 22:57 - 00:48 (7+01:50)   
reboot   system boot  3.8.0-33-generic Mon Nov 18 22:46 - 22:57  (00:10)    
reboot   system boot  3.8.0-33-generic Wed Nov 13 12:23 - 22:37 (5+10:14)   
reboot   system boot  3.8.0-32-generic Sun Nov  3 20:41 - 12:19 (9+15:38)   

wtmp.1 begins Sun Nov  3 09:18:50 2013

It may be more interesting to look at a server:

michael@ragnarok:~> last -a root
root     pts/0        Fri Dec  6 11:36 - 15:57  (04:20)     raven.brazzers.com
root     pts/0        Mon Oct 21 16:34 - 16:59  (00:25)     challengerbrazzers.com
root     pts/1        Thu Oct 10 12:01 - 12:09  (00:08)     192.168.0.31
root     pts/0        Wed Aug 21 17:43 - 18:16  (00:33)     challenger.brazzers.com

wtmp begins Fri Aug 16 16:21:12 2013

generate list of hostnames who logged in to ubuntu server

2 Answers2