Btmp
什麼會導致 /var/log/btmp 中的會話長度時間非零?
/var/log/btmp,命令預設讀取的日誌lastb,儲存有關登錄嘗試失敗的資訊。我正在查看一個文件的片段,並看到我理解為幾分鐘的登錄時間:[#]> last -f /var/log/btmp.1 -10 test ssh:notty 210.212.249.228 Tue Oct 1 06:04 gone - no logout current ssh:notty 115.133.236.49 Tue Oct 1 05:59 - 06:04 (00:05) dudley ssh:notty host208.sub-63-4 Tue Oct 1 05:48 - 05:59 (00:10) www ssh:notty net-5-88-155-130 Tue Oct 1 05:13 - 05:48 (00:34) admin ssh:notty h106.205.186.173 Tue Oct 1 04:38 - 05:13 (00:35) postmast ssh:notty 138.197.72.48 Tue Oct 1 04:27 - 04:38 (00:11) ethos ssh:notty 45.55.157.147 Tue Oct 1 03:53 - 04:27 (00:33) usuario ssh:notty v133-130-107-88. Tue Oct 1 03:35 - 03:53 (00:17) ftp ssh:notty 36.66.156.125 Tue Oct 1 03:23 - 03:35 (00:12) oracle5 ssh:notty 112.140.185.64 Tue Oct 1 03:02 - 03:23 (00:20)如果此日誌僅包含失敗的登錄,使用者如何登錄幾分鐘?
除了.
lastb_ _ _last這是在同一系統上顯示的它們之間的區別:
last:% sudo last -f /var/log/btmp -F games games ssh:notty ::1 Tue Nov 12 00:02:08 2019 - Tue Nov 12 00:10:02 2019 (00:07) games ssh:notty ::1 Tue Nov 12 00:01:58 2019 - Tue Nov 12 00:02:08 2019 (00:00)
lastb:% sudo lastb -F games games ssh:notty ::1 Tue Nov 12 00:02:08 2019 - Tue Nov 12 00:02:08 2019 (00:00) games ssh:notty ::1 Tue Nov 12 00:01:58 2019 - Tue Nov 12 00:01:58 2019 (00:00)您可能已經註意到,
last您自己的範例並沒有真正解決問題 -last告訴您最後一個使用者沒有註銷:“gone - no logout”。另一個需要注意的奇怪事情是連結註銷和登錄時間:oracle5顯示為已註銷,03:23並且03:23是登錄的時間戳ftp。所以簡短的回答是:
last不是為了處理失敗的登錄而設計的。改為使用lastb。