Server Administration & Management

How to read or view utmp, wtmp and btmp files in Linux

In Linux operating systems everything is logged some where. Most of the system logs are logged in to /var/log folder. This folder contains logs related to different services and applications. In this folder we have some files such as utmp, wtmp and btmp. These files contains all the details about login’s and logout’s which are from local as well as from remote systems and system status such as uptime etc.

utmp will give you complete picture of users logins at which terminals, logouts, system events and current status of the system, system boot time (used by uptime) etc.

wtmp gives historical data of utmp.

btmp records only failed login attempts.

# last ( Provide how logged in, when they logged in and when they logged out etc info on the screen.)

# last -f /var/log/wtmp (To open wtmp file and view its content use blow command)

# last -f /var/run/utmp (To see still logged in users view utmp file use last command)

# last -f /var/log/btmp (To view btmp file use same command)

August 10, 2014 - Posted by | Tips & Tricks, Unix/Linux | , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: