I want to retrieve the information of a particular users in last 24 hours on my linux box in following format:
User Terminal LoggedInTime LoggedOutTime Date
I know the usage of 'last' command and search many examples in the forum but couldnt found since last command is not taking year into consideration.Thats why I am getting duplicate data. Please help me in this.
Hi Cero.Thanks for the reply.
-t option takes YYYYMMDDHHSS as argument which will output the user details who have logged in at this particular time and day of the year. I want the user login details in last 24 hours.
The -F option on the last command will generate a full date, but then it's still a bit of work to show just who has logged in during the last 24 hours:
# print all users who have logged in in the last 24 hours
# time is computed from the time that the script is executed.
# ouput records are complete records from last.
last -F -R | awk -v now="$( date "+%Y %m %d %H %M %S" )" '
BEGIN {
soup = "JanFebMarAprMayJunJulAugSepOctNovDec";
dim = "030101001010";
split( now, a, " " ); # compute timestamp for yesterday
if( (a[3] = a[3] - 1) <= 0 ) # roll to prev month?
{
if( (a[2] = a[2] - 1) <= 0 ) # roll to prev year?
{
a[1]--;
a[2] = 12;
a[3] = 31;
}
else
{
a[3] = 31 - substr( dim, a[2], 1 );
if( a[2] == 2 )
a[3] += a[1] % 4 == 0 ? ( a[1] % 100 != 0 ? 1 : (a[1]/400 == 0 ? 1 : 0)) : 0; # adjust for leap year
}
}
old_date = sprintf( "%4d%02d%02d%02d%02d%02d", a[1], a[2], a[3], a[4], a[5], a[6] ) +0; # finally, yesterday at this time
}
NF < 6 || /reboot/ || /begins/ || /still logged/ { next; } # ignore undesired records
{
gsub( ":", "", $6 ); # build timestamp from last fields
m = int(index( soup, $4 ) / 3) + 1;
d = sprintf( "%4d%02d%02d%s", $7, m, $5, $6 ) + 0;
if( d > old_date ) # if time newer than yesterday, print
print;
}'
What O/S are you running? I tested this on both FreeBSD and OpenSUSE Linux. I did just check a Solaris system, and the last there doesn't support -F, so I'm guessing you're running on Solaris. Other than writing something that can read and interpret /var/adm/wtmpx I'm not sure what your options are.