sources/tech/20190815 Keeping track of Linux users- When do they log in and for how long.md
7.8 KiB
Keeping track of Linux users: When do they log in and for how long?
Getting an idea how often your users are logging in and how much time they spend on a Linux server is pretty easy with a couple commands and maybe a script or two.
The Linux command line provides some excellent tools for determining how frequently users log in and how much time they spend on a system. Pulling information from the /var/log/wtmp file that maintains details on user logins can be time-consuming, but with a couple easy commands, you can extract a lot of useful information on user logins.
One of the commands that helps with this is the last command. It provides a list of user logins that can go quite far back. The output looks like this:
$ last | head -5 | tr -s " "
shs pts/0 192.168.0.14 Wed Aug 14 09:44 still logged in
shs pts/0 192.168.0.14 Wed Aug 14 09:41 - 09:41 (00:00)
shs pts/0 192.168.0.14 Wed Aug 14 09:40 - 09:41 (00:00)
nemo pts/1 192.168.0.18 Wed Aug 14 09:38 still logged in
shs pts/0 192.168.0.14 Tue Aug 13 06:15 - 18:18 (00:24)
Note that the tr -s " " portion of the command above reduces strings of blanks to single blanks, and in this case, it keeps the output shown from being so wide that it would be wrapped around on this web page. Without the tr command, that output would look like this:
$ last | head -5
shs pts/0 192.168.0.14 Wed Aug 14 09:44 still logged in
shs pts/0 192.168.0.14 Wed Aug 14 09:41 - 09:41 (00:00)
shs pts/0 192.168.0.14 Wed Aug 14 09:40 - 09:41 (00:00)
nemo pts/1 192.168.0.18 Wed Aug 14 09:38 still logged in
shs pts/0 192.168.0.14 Wed Aug 14 09:15 - 09:40 (00:24)
[ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ]
While it’s easy to generate and review login activity records like these for all users with the last command or for some particular user with a last username command, without the pipe to head, these commands will generally result in a lot of data. In this case, a listing for all users would have 908 lines.
$ last | wc -l
908
Counting logins with last
If you don't need all of the login detail, you can view user login sessions as a simple count of logins for all users on the system with a command like this:
$ for user in `ls /home`; do echo -ne "$user\t"; last $user | wc -l; done
dorothy 21
dory 13
eel 29
jadep 124
jdoe 27
jimp 42
nemo 9
shark 17
shs 423
test 2
waynek 201
The list above shows how many times each user has logged since the current /var/log/wtmp file was initiated. Notice, however, that the command to generate it does depend on user accounts being set up in the default /home directory.
Depending on how much data has been accumulated in your current wtmp file, you may see a lot of logins or relatively few. To get a little more insight into how relevant the number of logins are, you could turn this command into a script, adding a command that shows when the first login in the current file occurred to provide a little perspective.
#!/bin/bash
echo -n "Logins since "
who /var/log/wtmp | head -1 | awk '{print $3}'
echo "======================="
for user in `ls /home`
do
echo -ne "$user\t"
last $user | wc -l
done
When you run the script, the "Logins since" line will let you know how to interpret the stats shown.
$ ./show_user_logins
Logins since 2018-10-05
=======================
dorothy 21
dory 13
eel 29
jadep 124
jdoe 27
jimp 42
nemo 9
shark 17
shs 423
test 2
waynek 201
Looking at accumulated login time with ac
The ac command provides a report on user login time — hours spent logged in. As with the last command, ac reports on user logins since the last rollover of the wtmp file since ac, like last, gets its details from /var/log/wtmp. The ac command, however, provides a much different view of user activity than the number of logins. For a single user, we might use a command like this one:
$ ac nemo
total 31.61
This tells us that nemo has spent nearly 32 hours logged in. To use the command to generate a listing of the login times for all users, you might use a command like this:
$ for user in `ls /home`; do ac $user | sed "s/total/$user\t/" ; done
dorothy 9.12
dory 1.67
eel 4.32
…
In this command, we are replacing the word “total” in each line with the relevant username. And, as long as usernames are fewer than 8 characters, the output will line up nicely. To left justify the output, you can modify that command to this:
$ for user in `ls /home`; do ac $user | sed "s/^\t//" | sed "s/total/$user\t/" ; done
dorothy 9.12
dory 1.67
eel 4.32
...
The first used of sed in that string of commands strips off the initial tabs.
To turn this command into a script and display the initial date for the wtmp file to add more relevance to the hour counts, you could use a script like this:
#!/bin/bash
echo -n "hours online since "
who /var/log/wtmp | head -1 | awk '{print $3}'
echo "============================="
for user in `ls /home`
do
ac $user | sed "s/^\t//" | sed "s/total/$user\t/"
done
If you run the script, you'll see the hours spent by each user over the lifespan of the wtmp file:
$ ./show_user_hours
hours online since 2018-10-05
=============================
dorothy 70.34
dory 4.67
eel 17.05
jadep 186.04
jdoe 28.20
jimp 11.49
nemo 11.61
shark 13.04
shs 3563.60
test 1.00
waynek 312.00
The difference between the user activity levels in this example is pretty obvious with one user spending only one hour on the system since October and another dominating the system.
Wrap-up
Reviewing how often users log into a system and how many hours they spend online can both give you an overview of how a system is being used and who are likely the heaviest users. Of course, login time does not necessarily correspond to how much work each user is getting done, but it's likely close and commands such as last and **ac **can help you identify the most active users.
More Linux advice: Sandra Henry-Stocker explains how to use the rev command in this 2-Minute Linux Tip video
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
作者:Sandra Henry-Stocker 选题:lujun9972 译者:译者ID 校对:校对者ID