Differences

This shows you the differences between two versions of the page.

--- ubuntu:logging:read_or_view_utmp_wtmp_and_btmp_files [2020/03/20 11:28] – created peter
+++ ubuntu:logging:read_or_view_utmp_wtmp_and_btmp_files [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Ubuntu - Logging - Read or view utmp, wtmp and btmp files ======
+In Linux everything is logged.
+Most of the system logs are logged in /var/log.
+This folder contains logs related to different services and applications.
+In this folder we have some files such as utmp, wtmp and btmp.  These files contains all the details about logins and logouts which are from local as well as from remote systems and system status such as uptime etc.
+**utmp** will give you complete picture of user's logins and at which terminals, logouts, system events and current status of the system, system boot time (used by uptime) etc.
+To see users still logged view the utmp file:
+<code bash>
+last -f /var/run/utmp
+</code>
+**wtmp** gives historical data of utmp.
+To open wtmp file and view its content:
+<code bash>
+last -f /var/log/wtmp
+</code>
+**btmp** records only failed login attempts.
+To view btmp file use same command:
+<code bash>
+last -f /var/log/btmp
+</code>
+----
+Provide details who logged in, when they logged in and when they logged out:
+<code bash>
+last
+</code>