Linux 的 /var/log 下面有 btmp 和 wtmp,分別是作什麼用途?要怎麼讀取呢?
Linux btmp wtmp 如何讀取
btmp、wtmp 都是登入的 Log 紀錄,都可以使用 last、lastb 來讀取,那這兩個檔案有何差異呢?
wtmp、btmp 讀取方式
- sudo last -f /var/log/btmp
- sudo last -f /var/log/wtmp
- sudo lastb -f /var/log/btmp
- sudo lastb -f /var/log/wtmp
- 或者直接輸入
- last 預設讀取 wtmp
- sudo lastb # 預設讀取 btmp,lastb 需要 sudo或者
last、lastb 的差異
- last
- 讀取 /var/log/wtmp
- Lists successful login/logout history (顯示成功登入系統的使用者紀錄)
- last searches back through the /var/log/wtmp file (or the file desig‐nated by the -f option) and displays a list of all users logged in (and out) since that file was created.
- 內容:登入時間、來源 IP、登入時長、登出時間。例如:
- user1 pts/0 192.168.0.10 Mon Nov 13 10:20 still logged in
- user2 tty1 Mon Nov 13 08:15 - 09:00 (00:45)
- lastb
- 讀取 /var/log/btmp
- History of failed login attempts (記錄無效的登入嘗試(例如:密碼輸入錯誤))
- lastb is the same as last, except that by default it shows a log of the /var/log/btmp file, which contains all the bad login attempts.
- 內容:嘗試的使用者名稱、來源 IP、嘗試時間。例如:
- unknown tty1 Mon Nov 13 12:15 - 12:15 (00:00)
- root ssh:notty 192.168.0.20 Mon Nov 13 10:05 - 10:05 (00:00)
- lastlog
- 讀取 /var/log/lastlog。 lastlog -t 3000 # 3000天內有登入成功的紀錄在秀出來
- List of the last connected users