The last
command may show too few lines of user login info, truncated by when the “wtmp begins”.
If I want to get as much as possible last
info (e.g., to see if my system was accessed from any unknown/suspicious IP using my username), how can I output the older “last” info?
If I use last -2000
, intending to see 2000 lines of output, but the command may only return just a few lines, anything that happened before the “wtmp begins” would be truncated.)
Just wondering somehow if it is possible to output as many lines of login info as possible.