Linux has many ways to help an administrator to view the logs, both through graphical and command-line methods:
- If we want to check the incorrect login attempts for a particular user, like root for instance, we can do so by using this command:
lastb root
- To see the log using the Terminal, we use the dmesg command. This command displays the buffer of the Linux kernel's message stored in memory, as shown here:
- If we wish to filter the preceding output to show only the logs related to USB devices, we can do so by using grep:
- Instead of viewing all the logs, if we wish to view only the 10 most recent logs in a particular log file, the command will be as follows:
In the preceding command, the -n option is used to specify the number of lines to be shown.
- If we wish to see the most recent login attempts for a user account, use last:
The last command displays var/log/wtmp in a formatted way.
- If we want to see the last time each user logged in to the system, we can use the lastlog command: