lastcomm Command Monitor User Activity Previously Executed Commands
Lastcomm command is used to monitor user activity on Linux. What does it mean.? Everything in Linux which done by running commands so using lastcomm command monitor user activity previously executed commands.
Personally we used this utility in my organization to find. A few times users run some commands which is dangerous to the environment after running they will not accept, we have to find the proof to say they run. In this article we are going to see how to do user activity monitoring.
Syntax:
lastcomm [Command Name] lastcomm [User Name] lastcomm [Terminal]
How to install psacct in RHEL / Centos and Ubuntu
# yum install psacct -y # sudo apt-get install acct
Lastcomm Command Monitor User Activity Previously Executed Commands
By default psacct service status will be on stopped status, we have to start service so that user activity can be monitored
# systemctl status psacct # systemctl enable psacct # systemctl start psacct
[root@ArkitServer ~]# lastcomm
lastcomm command without any arguments will give all the commands which run on system.
How to understand command output
For each entry the following information is printed:
- Command name of the process
- Flags, as recorded by the system accounting routines:
- S – Command executed by super-user
- F – Command executed after a fork but without a following exec
- C – Command run in PDP-11 compatibility mode
- D – Command terminated with the generation of a core file
- X – Command was terminated with the signal SIGTERM
- The name of the user who ran the process
- Time the process started
To Fetch the details by user name lastcomm command and provide user name will automatically gives only commands which are run by particular user
# lastcomm arkit
Know particular command in detailed when it run and run by whom, run terminal details and its duration
# lastcomm ls
Commands / User run commands from particular terminal can also be identified using below
# lastcomm pts/0
Combining all together, in single command also works with lastcomm command. Simple way to get required details
# lastcomm pts/0 arkit ls
Instead of getting the data from direct console output simple look out from file using below command options
# lastcomm -f /var/log/lastlog # lacomm -f /var/log/lastlog arkit
That’s it about lastcomm command monitor user activity previously executed commands by users. wiki
Related Articles
Add user without using useradd command in Linux
Thanks for your wonderful Support and Encouragement