Monitoring user activity with utmpdump

Keeping track of user activity is one of the most essential skills associated with any Linux administrator. In situations where user management may be the cause of a troubleshooting session, we can make use of utmpdump.

User histories are typically stored in the following locations:

/var/run/utmp: The purpose of this binary is to record open sessions. You can review the contents of this file with utmpdump /var/run/utmp.
/var/run/wtmp: The purpose of this binary is to record connection histories. You can review the contents of this file with utmpdump /var/log/wtmp.
/var/log/btmp. The purpose of this binary is to record failed login attempts. You can review the contents of this file with utmpdump /var/log/btmp ...

Get Troubleshooting CentOS now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Troubleshooting CentOS by Jonathan Hobson

Monitoring user activity with utmpdump

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly