Crunching numbers, so you don’t have to ..your data may look like this once processed. 

DIY — Prerequisite: SHELL access

We’ll do this in two easy steps, requiring minimum effort on your part: execute a shell command , upload the log file and the rest is taken care of. The uploaded file contains no personally identifiable information, so you won’t disclose any sensitive data.

The variables we’re going to extract are: date, time, session type (shell, ftp) and the duration of the session.

Hokay.. sleeves rolled up, let’s begin.

1) Run command

Copy and paste the following into your terminal (assuming Bash)
last -Ran 2000 $USER | tee >(gzip --stdout > sessions.log.zip)
For performance reasons, 2,000 sessions are introduced as limit. The R flag suppresses the hostname (IP adress) of the machine used to access the server.

You should see some output resembling the following lines:

username    pts/2        Mon Aug  3 16:36   still logged in
username    pts/3        Sun Aug  2 09:22 - 23:01  (13:39)
username    pts/3        Sat Aug  1 19:26 - 20:29  (01:02)
username    ftpd16031    Sat Aug  1 18:56 - 20:45  (01:48)
username    ftpd21363    Sat Aug  1 11:59 - 13:30  (01:30)
username    ftpd8151     Sat Aug  1 09:25 - 12:26  (03:00)

If so, proceed to the upload section below, otherwise go and troubleshoot.

2) Upload file

After running the above command, your current directory contains a file named sessions.log.zip. Locate that file and use the form below to upload it.

The sunset/sunrise times as well as the time offset relative to the server, if it’s a remote host, should reflect your local time.




Timezone offset (server vs. local):




A quick tip:
The logfile contaning the login data is usually rotated at the beginning of each month, though the file for the previous month is in most cases conveniently renamed /var/log/wtmp.1, which you can use with the F flag, as an example: last -an 2000 -f /var/log/wtmp.1 $USER….

Troubleshooting

Encountered an error running the commands above?

bash: last: command not found

This the worst case scenario. Strange as it sounds, your system doesn’t keep record of logged in users or it is deactivated on purpose. There’s nothing you can do to remedy this.

usage: last [-n number] [-f filename] [-a ] [name | tty] ...

This means you’re running an older LAST binary which doesn’t support the R flag, so you need to ommit that, i.e run the command given in (2) without the R flag: last -an 2000 $USER….

Memento mori ˴.-˴.♥---   © Copyright Small labs Inc. 2009. All rights reserved.