How to view login history on Linux Server

To see login history on a Linux system, you can use the “last” command.

Linux Last Command

On the screenshot above, it shows “admin.serverok.i” for some of the logins. This is because DNS resolve is enabled in SSH configuration, so IP get converted to hostname and it get truncated. To see the full hostname, run

If you don’t want IP converted to hostname, run

To list only the last 10 logins, run

last command

-n 10 limit result to last 10 logins.

Login history is stored in the file

This file can grow and get rotated over time. If the file gets rotated, when you use the “last” command, it won’t report login history from older files.

To see login history from an older file, you need to specify the location of the file using -f argument.

You can also use the command

To view the last 10 logins with full hostname from the old login file wtmp-20170603, use

The file name may differ in your server, check the /var/log folder for actual file names.

How to check old login history with last command

Need help with Linux Server or WordPress? We can help!

Leave a Reply

Your email address will not be published. Required fields are marked *