Linux 的 /var/log 下面有 btmp 和 wtmp,分别是作什么用途?要怎么读取呢?
Linux btmp wtmp 如何读取
btmp、wtmp 都是登入的 Log 纪录,都可以使用 last、lastb 来读取,那这两个档案有何差异呢?
wtmp、btmp 读取方式
- sudo last -f /var/log/btmp
- sudo last -f /var/log/wtmp
- sudo lastb -f /var/log/btmp
- sudo lastb -f /var/log/wtmp
- 或者直接输入
- last 默认读取 wtmp
- sudo lastb # 默认读取 btmp,lastb 需要 sudo或者
last、lastb 的差异
- last
- 读取 /var/log/wtmp
- Lists successful login/logout history (显示成功登入系统的使用者纪录)
- last searches back through the /var/log/wtmp file (or the file desig‐nated by the -f option) and displays a list of all users logged in (and out) since that file was created.
- 内容:登入时间、来源 IP、登入时长、登出时间。例如:
- user1 pts/0 192.168.0.10 Mon Nov 13 10:20 still logged in
- user2 tty1 Mon Nov 13 08:15 - 09:00 (00:45)
- lastb
- 读取 /var/log/btmp
- History of failed login attempts (记录无效的登入尝试(例如:密码输入错误))
- lastb is the same as last, except that by default it shows a log of the /var/log/btmp file, which contains all the bad login attempts.
- 内容:尝试的使用者名称、来源 IP、尝试时间。例如:
- unknown tty1 Mon Nov 13 12:15 - 12:15 (00:00)
- root ssh:notty 192.168.0.20 Mon Nov 13 10:05 - 10:05 (00:00)
- lastlog
- 读取 /var/log/lastlog。 lastlog -t 3000 # 3000天内有登入成功的纪录在秀出来
- List of the last connected users
