lastlog is a program available on most Linux distributions. It formats and prints the contents of the last login log file, /var/log/lastlog (which is a usually a very sparse file), including the login name, port, and last login date and time. It is similar in functionality to the BSD program last, also included in Linux distributions; however, last parses a different binary database file (/var/log/wtmp and /var/log/btmp).
The file is updated by the pam_lastlog.so Pluggable Authentication Module.[1] The module has been deprecated since 2023, and is announced to be removed in future releases of the pam-linux framework, due to the data structures inherently being affected by the Year 2038 problem.[2]
Usage
edit
Lastlog prints its output in column format with login-name, port, and last-login-time of each and every user on the system mentioned in that order. The users are sorted by default according to the order in /etc/passwd However, it can also be used to modify the records kept in /var/log/lastlog.
$ lastlog
Username Port From Latest
root **Never logged in**
user tty3 Sun Jan 14 16:29:24 +0130 2019
References
edit- ^ "linux-pam source code". Github. Retrieved 2025-04-21.
- ^ "linux-pam NEWS document". github. Retrieved 2025-04-21.
