1./var/log/wtmp文件的作用

/var/log/wtmp也是一个二进制文件,记录每个用户的登录次数和持续时间等信息!

2.查看方法:可以用last命令输出当中内容

[root@localhost ~]# lastroot     pts/0        192.168.1.106    Fri Jul  5 04:31   still logged in root     pts/1        192.168.1.106    Fri Jul  5 02:41 - 02:41  (00:00)  root     pts/0        192.168.1.106    Fri Jul  5 02:01 - 03:39  (01:37)  root     pts/0        192.168.1.106    Fri Jul  5 02:01 - 02:01  (00:00)  root     tty1                          Fri Jul  5 02:00   still logged in root     pts/0        192.168.18.138   Fri Jul  5 01:59 - 01:59  (00:00)  reboot   system boot  2.6.28l7         Fri Jul  5 01:54          (02:37)  root     pts/1        192.168.18.138   Fri Jul  5 01:06 - down   (00:47)  root     pts/1        192.168.18.138   Fri Jul  5 00:45 - 00:45  (00:00)  root     pts/0        192.168.18.138   Fri Jul  5 00:45 - 01:23  (00:37)  reboot   system boot  2.6.18-194.el5   Fri Jul  5 00:45          (01:07)  root     pts/1        192.168.18.138   Fri Jul  5 00:38 - crash  (00:06)  root     pts/0        192.168.18.138   Fri Jul  5 00:35 - crash  (00:09)  reboot   system boot  2.6.18-194.el5   Fri Jul  5 00:35          (01:18)  root     pts/1        192.168.18.138   Thu Jun 27 12:00 - down   (03:37)  root     pts/0        192.168.18.138   Thu Jun 27 09:06 - down   (06:30)  root     pts/1        192.168.18.138   Thu Jun 27 05:06 - 09:06  (04:00)  root     pts/0        192.168.1.105    Thu Jun 27 04:25 - 06:39  (02:14)  root     tty1                          Thu Jun 27 04:24 - down   (11:12)  reboot   system boot  2.6.18-194.el5   Thu Jun 27 04:24          (11:13)  root     pts/2        192.168.18.138   Fri Jun 14 17:16 - crash (12+11:07)root     pts/1        192.168.18.138   Fri Jun 14 17:15 - crash (12+11:08)root     pts/0        192.168.18.138   Fri Jun 14 17:14 - crash (12+11:09)root     pts/0        192.168.18.138   Fri Jun 14 17:14 - 17:14  (00:00)  root     tty1                          Fri Jun 14 17:10 - crash (12+11:13)reboot   system boot  2.6.18-194.el5   Fri Jun 14 17:10         (12+22:27)root     pts/1        192.168.1.105    Mon May 27 13:09 - 19:51  (06:41)  root     pts/1        192.168.1.105    Mon May 27 13:08 - 13:09  (00:01)  root     pts/0        192.168.1.105    Mon May 27 12:33 - 14:44  (02:11)  root     pts/0        192.168.1.105    Mon May 27 08:30 - 10:41  (02:11)  root     pts/2        192.168.1.105    Mon May 27 05:27 - 07:43  (02:15)  root     pts/0        192.168.1.105    Mon May 27 03:33 - 06:15  (02:42)  root     pts/1        192.168.1.105    Mon May 27 02:12 - 05:43  (03:30)  root     pts/0        192.168.1.105    Sun May 26 21:58 - 03:24  (05:25)  root     pts/1        192.168.1.105    Sun May 26 19:55 - 22:29  (02:34)  root     pts/0        192.168.1.105    Sun May 26 17:07 - 21:28  (04:21)  root     pts/2        192.168.1.105    Sun May 26 13:59 - 18:38  (04:39)  root     pts/1        192.168.1.105    Sun May 26 12:11 - 15:53  (03:41)  root     pts/1        192.168.1.105    Sun May 26 12:11 - 12:11  (00:00)  root     pts/0        192.168.1.105    Sun May 26 10:50 - 14:12  (03:22)  root     tty1                          Sun May 26 03:30 - crash (19+13:39)reboot   system boot  2.6.18-194.el5   Sun May 26 03:30         (32+12:07)root     tty1                          Wed May 22 21:06 - crash (3+06:23) reboot   system boot  2.6.18-194.el5   Wed May 22 21:05         (35+18:32)wtmp begins Wed May 22 21:05:29 2013[root@localhost ~]#

或者用 

last -f /var/log/wtmp

who -u /var/log/wtmp