Information about users who logged in last 24 hours

saket18 · February 10, 2012, 6:24am

Hi,

I want to retrieve the information of a particular users in last 24 hours on my linux box in following format:

User Terminal LoggedInTime LoggedOutTime Date

I know the usage of 'last' command and search many examples in the forum but couldnt found since last command is not taking year into consideration.Thats why I am getting duplicate data. Please help me in this.

cero · February 10, 2012, 6:40am

Does your last command support the -t option? That one takes the year into consideration.

saket18 · February 12, 2012, 12:25pm

Hi Cero.Thanks for the reply.
-t option takes YYYYMMDDHHSS as argument which will output the user details who have logged in at this particular time and day of the year. I want the user login details in last 24 hours.

agama · February 12, 2012, 1:32pm

The -F option on the last command will generate a full date, but then it's still a bit of work to show just who has logged in during the last 24 hours:

# print all users who have logged in in the last 24 hours
# time is computed from the time that the script is executed.
 
# ouput records are complete records from last. 
last -F -R | awk -v now="$( date "+%Y %m %d %H %M %S" )" '

     BEGIN {
        soup = "JanFebMarAprMayJunJulAugSepOctNovDec";
        dim = "030101001010";
        split( now, a, " " );           # compute timestamp for yesterday
        if( (a[3] = a[3] - 1) <= 0 )    # roll to prev month?
        {
            if( (a[2] = a[2] - 1) <= 0 )    # roll to prev year?
            {
                a[1]--;
                a[2] = 12;
                a[3] = 31;
            }
            else
            {
                a[3] = 31 - substr( dim, a[2], 1 );
                if( a[2] == 2 )
                    a[3] += a[1] % 4 == 0  ? ( a[1] % 100 != 0 ? 1 : (a[1]/400 == 0 ? 1 : 0)) : 0;  # adjust for leap year
            }
        }
        old_date = sprintf( "%4d%02d%02d%02d%02d%02d", a[1], a[2], a[3], a[4], a[5], a[6] ) +0;   # finally, yesterday at this time
    }

      NF < 6 || /reboot/ || /begins/ || /still logged/ { next; }   # ignore undesired records

    {
        gsub( ":", "", $6 );                                # build timestamp from last fields
        m = int(index( soup, $4 ) / 3) + 1;
        d = sprintf( "%4d%02d%02d%s", $7, m, $5, $6 ) + 0;
        if( d > old_date )                                  # if time newer than yesterday, print
            print;
    }'

saket18 · February 13, 2012, 6:10am

@agama
It seems -F option is invalid for last command.I am getting following error message:

last: invalid option -- F
Usage: last [-num | -n num] [-f file] [-t YYYYMMDDHHMMSS] [-R] [-x] [-o] [username..] [tty..]

agama · February 13, 2012, 9:00pm

What O/S are you running? I tested this on both FreeBSD and OpenSUSE Linux. I did just check a Solaris system, and the last there doesn't support -F, so I'm guessing you're running on Solaris. Other than writing something that can read and interpret /var/adm/wtmpx I'm not sure what your options are.

saket18 · February 14, 2012, 12:39am

I am using Red Hat Enterprise Linux Client release 5.4 (Tikanga).