lastb

List information about users who failed to log in to the system

Supplementary instructions

lastb command is used to display the user error login list. This command can detect system login exceptions. Execute the lastb command alone, it will read the file named btmp located in the /var/log directory, and display all the failed login users recorded in the file.

grammar

lastb(option)(parameter)

Options

-a: Display the host name or IP address from where to log in to the system on the last line;
-d: Convert IP address to host name;
-f<record file>: specify the record file;
-n<Number of display columns> or -<Number of display columns>: Set the number of display columns for the list;
-R: Do not display the host name or IP address logged into the system;
-x: Display system shutdown, restart, and execution level changes and other information.

Parameters

• Username: the login list of the user being displayed;
• Terminal: Displays the login list from the specified terminal.

Example

The following error will be reported when running the lastb command for the first time:

lastb: /var/log/btmp: No such file or directory
Perhaps this file was removed by the operator to prevent logging lastb info.

Just create this file that doesn't exist.

touch /var/log/btmp

Login failures using ssh are not logged in the btmp file.

lastb | head
root ssh:notty 110.84.129.3 Tue Dec 17 06:19 - 06:19 (00:00)
root ssh:notty 110.84.129.3 Tue Dec 17 04:05 - 04:05 (00:00)
root ssh:notty 110.84.129.3 Tue Dec 17 01:52 - 01:52 (00:00)
root ssh:notty 110.84.129.3 Mon Dec 16 23:38 - 23:38 (00:00)
leonob ssh:notty 222.211.85.18 Mon Dec 16 22:18 - 22:18 (00:00)
leonob ssh:notty 222.211.85.18 Mon Dec 16 22:18 - 22:18 (00:00)
root ssh:notty 110.84.129.3 Mon Dec 16 21:25 - 21:25 (00:00)
root ssh:notty 110.84.129.3 Mon Dec 16 19:12 - 19:12 (00:00)
root ssh:notty 110.84.129.3 Mon Dec 16 17:00 - 17:00 (00:00)
admin ssh:notty 129.171.193.99 Mon Dec 16 16:52 - 16:52 (00:00)