last -i command output

praveenv · 08-17-2004, 03:42 AM

last -i : Command displays all users login details including <host ip-addr > from which they logged into the current system .
My system is not a Server but connected to inet.
output:

praveenv 144.186.17.0 some other details......

here < praveenv > is user name who logged in( it is mysely local....)
144.186.17.0 is host <ip-addr> from which he logged in , the <remote host ip-addr> is neither local in my network nor my <ip-series>

Why it is displaying like that ?

kindly help............

peter_robb · 08-17-2004, 06:18 AM

From man last ...
Last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays
a list of all users logged in (and out) since that file was created. Names of users and tty's can be
given, in which case last will show only those entries matching the arguments. Names of ttys can be
abbreviated, thus last 0 is the same as last tty0.
...
Lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains
all the bad login attempts.

So also do lastb and see if there are any bad attempts to login, which would indicate someone tried and finally succeeded in finding a password for that user..

praveenv · 08-18-2004, 12:43 AM

I know this file , but I want to know which process is writing to it ( name of process and where it resides.........)

Any help ?..................