Many times we have to check the server logs for the security reason who is trying to access the server or when something went wrong. Admin have to check the logs using “eventvwr” to identify that who changed or from where the server last accessed. to check last user’s login time we can perform the following commands:
For windows Users: Open Command Promt and type “last” command without quote.
last # Last command will display current user logged in time detail.
Administ tty0 client01 Tue May 24 18:15 still logged in
Administ tty0 client01 Tue May 24 18:11 – 18:15 (00:03)
Administ tty0 client01 Tue May 24 18:11 – 18:11 (00:00)
Administ tty0 client01 Tue May 24 18:10 – 18:11 (00:00)
last username # It will display specified user log in time.
wtmp begins Tue Mar 10 18:49:11 2015
net user administrator | findstr /B /C:”Last logon”
C:\Users\Administrator>net user administrator | findstr /B /C:”Last logon”
Last logon 5/24/2016 6:11:45 PM
The command will show you the user last login time.
For more details using event log you can go through the link
For Linux Users:
svn_user pts/0 192.168.1.7 Mon May 23 19:42 still logged in
svn_user pts/0 cl040 Mon May 23 17:01 – 19:08 (02:07)
svn_user pts/0 192.168.1.7 Tue May 17 15:59 – 19:16 (3+03:16)
$lastlog -u svn_user
Username Port From Latest
svn_user pts/0 192.168.1.7 Mon May 23 19:42:27 +0530 2016
$last reboot # It will show you when your system last rebooted
reboot system boot 3.16.0-30-generi Tue May 17 12:43 – 18:37 (7+05:54)
$last shutdown #It will display when you have shutdown the system.
wtmp begins Mon May 2 15:30:26 2016