aulast Command in Linux
aulast is a Linux command-line tool that helps you see a list of users who have logged in and out of the system. This command works similar to the last command but uses audit logs to gather information. This means that it can provide you with a detailed history of the user activity, including login times and duration.
The aulast command displays events from oldest to newest, while last shows them from newest to oldest. Another good thing about this command is that it also filters the results by specific users or terminal.
Table of Contents
Here is a comprehensive guide to the options available with the aulast command in linux −
Syntax for aulast Command
The syntax for the aulast command in Linux is as follows −
aulast [options] [user] [tty]
Here,
- [options] are additional flags you can use to modify the commands behavior. For example, --bad to report failed login attempts or --extract to write raw audit records to a file.
- [user] specifies the username you want to filter the report by. If you leave this out, aulast will show information for all users.
- [tty] specifies the terminal (TTY) you want to filter the report by. If you leave this out, aulast will show information for all terminals.
aulast Command Options
Given below are the different options available for the aulast command, along with their descriptions −
| Option | Description |
|---|---|
| --bad | Reports failed login attempts. |
| --debug | Enables debugging mode to provide more detailed output for troubleshooting. |
| --extract | Writes the underlying audit records into aulast.log for further analysis. |
| -f file | Uses the specified file instead of the default audit logs for input. |
| --proof | Lists the serial numbers of the audit records used to create the report." |
| --stbin | Takes audit records from standard input. |
| --tty | Limits the report to a specific terminal (TTY). |
| --username | Filters the report to include only events related to a particular user. |
Examples of aulast Command in Linux
Lets discuss a few examples of aulast commands in Linux systems. This will help you in learning how to get started with the command.
- Displaying All Logins and Logouts
- Reporting Failed Login Attempts
- Filtering by Specific User
- Filtering by Specific Terminal
- Extracting Raw Audit Records
- Debugging Mode
Displaying All Logins and Logouts
One of the basic uses of aulast is to display a list of all users who have logged in and out of the system. To do this, simply execute the below-given command as a root user −
aulast
This command will show all login and logout events.
Reporting Failed Login Attempts
You can also report failed login attempts, which is useful for security monitoring. To do this, you can use the --bad option −
aulast --bad
This command will list all failed login attempts.
Filtering by Specific User
If you want to see login and logout events for a specific user, you can filter the report using the --user option followed by the username, as given below −
aulast --user username
Replace username with the actual username to get the desired information.
Filtering by Specific Terminal (TTY)
You can also filter the report by a specific terminal (TTY), which is useful for tracking activity on particular terminals. To do this, you can use the --tty option followed by the terminal name, as provided below −
aulast --tty tty1
This command will show login and logout events for the specified terminal (e.g., tty1).
Extracting Raw Audit Records
To write the raw audit records used to create the displayed report into a file named aulast.log, you can use the --extract option with the aulast command. −
aulast --extract
This command will save the raw audit records to aulast.log in the current working directory.
Debugging Mode
To enable debugging mode for a more detailed output, you can use the below-given command −
aulast --debug
This command will provide more detailed output, which is useful for troubleshooting.
These examples will help you get a better understanding of how to use the aulast command in your Linux system.
Conclusion
The aulast is a powerful Linux command for tracking user logins and logouts activities using audit logs. It provides a detailed history of what the user has done, including login times and durations.
In this tutorial, we explained the basic syntax of aulast command, along with different options and examples for better understanding. By following these examples, you can learn to effectively monitor and audit user activities on your Linux system.