If you experience any difficulty in accessing content on our website, please contact us at 1-866-333-8917 or email us at support@chicagovps.net and we will make every effort to assist you.

By
September 17, 2024

How to Monitor and Track User Logins on Linux Systems

 

This article explores various commands that aid in viewing and comprehending user logins and the duration of time users are active on your Linux servers.

The who command is an essential tool that displays current login sessions on your server. It provides details not only about who is currently logged in, but also their login timestamp and originating IP address. Here’s an example where two users are logged in from distinct locations.

The last command provides a retrospective insight into user logins. It starts by showing the most recent logins and then moves backwards to show older sessions.

The command presented next is used to reduce all excess white space down to single spaces.

To monitor login activities, you can utilize a specific command that retrieves the number of logins from the /var/log/wtmp file, which logs user logins. It’s important to note that this file is in binary format, hence it can’t be directly viewed using grep, more, or cat commands.

This particular command focuses on analyzing logins of regular users (not system users), specifically those with home directories located in /home, and summing up their login counts.

To check how long the wtmp file has been logging data, you can use a command that outputs the earliest entry in the log file.

An additional command can reveal the start date of the wtmp file, which is appended at the end of its output.

The ac command provides details on user connect times along with several other beneficial features.

Applying the -d option allows you to see the total logins per day, as demonstrated in this example:

To check the total logins per user, the -p option is useful:

Utilizing the lslogins command, you can access information about both system and user accounts. Typically, since most system accounts do not log in, many entries will show the LAST-LOGIN column as empty.

To display user logins while omitting system accounts, utilize a command incorporating the -u option:

A substantial amount of data about a single user can be retrieved by executing a command as depicted below. Here, the lslogins command leverages additional files (such as the /etc/passwd file) to procure further details about the user, including the user’s shell and UID.

Unless specific dates are mentioned (e.g., Sep 11/12:13), the assumed date is the current date.

The lastlog command provides information on the most recent login session of all users or for a defined user.

To view the recent commands executed by a user, it is necessary to possess superuser privileges to access their command history file, typically named .bash_history for users of the bash shell.

Linux systems offer multiple methods to monitor user activities, including tracking their login times, duration of sessions, and the specific commands they execute.


ChicagoVPS is your gateway to unparalleled hosting solutions. Our state-of-the-art datacenters and powerful network ensures lightning-fast speeds and uninterrupted connectivity for your websites and applications. Whether you’re a startup looking for scalable resources or an enterprise in need of enterprise-grade hosting, our range of plans and customizable solutions guarantee a perfect fit. Trust in ChicagoVPS to deliver excellence, combining unmatched reliability and top-tier support.

For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@chicagovps.net.

Subscribe Email

Top