Log files can provide great insights into operations, user activity, and potential threats. Understanding these log files, wtmp
, utmp
, btmp
, and auth.log
, was a game-changer for me.
In this article, we’ll explore these logs, their practical applications, and how you can use them to diagnose issues.
1. wtmp
: Login and Logout Records
The wtmp
log tracks historical login and logout events on a Linux system. This binary log, stored in /var/log/wtmp
, helps administrators review access patterns and pinpoint login anomalies. To analyse its contents, you can use the last
command.
$ last
This command reveals the history of user sessions, including start and end times, terminal IDs, and host information.
2. utmp
: Active Users
Its stored in /var/run/utmp
, this log tracks currently logged-in users and their active sessions. Use the who
command to display this information in real-time
$ who
Its essential for administrators to monitor active sessions and ensure system integrity.
3. btmp
: Invalid Login Attempts
The btmp
log records failed login attempts, providing critical insights into potential brute force attacks or unauthorized access attempts. Analyze it with the lastb
command:
$ sudo lastb
This helps identify the source and frequency of failed login attempts, enabling quick response to possible threats.
Bonus 1: boot.log
The boot.log
file contains messages from the boot process. It’s a valuable resource for diagnosing slow boot times or identifying failing services.
Here is what I found in my system which helped me debug slow boot time.
Bonus 2: utmpdump
For binary logs like wtmp
or btmp
, tools such as utmpdump
convert the contents into readable text. Example:
$ utmpdump /var/log/wtmp
This output reveals detailed session information, including event types, user IDs, and timestamps.
Hello, I forgot to introduce myself. I am Sreedeep, I am building LiveAPI. Its a Super Convenient API Documentation solution for startups.
In LiveAPI we added a new feature in which you can see high level back-end logs which will help you debug the issues while generating API documentation. Tryout our free trial.
Top comments (0)