Keeping track of user activity is one of the most essential skills associated with any Linux administrator. In situations where user management may be the cause of a troubleshooting session, we can make use of
utmpdump
.
User histories are typically stored in the following locations:
/var/run/utmp
: The purpose of this binary is to record open sessions. You can review the contents of this file withutmpdump /var/run/utmp
./var/run/wtmp
: The purpose of this binary is to record connection histories. You can review the contents of this file withutmpdump /var/log/wtmp
./var/log/btmp
. The purpose of this binary is to record failed login attempts. You can review the contents of this file withutmpdump /var/log/btmp
.
Taking this one step further, you can also review the current history of logged sessions contained within /var/run/wtmp
by typing:
# last
You can review the current history of logged sessions contained within /var/run/btmp
by typing:
# lastb
However...