https://ubuntushell.com/check-the-user-login-shutdown-and-reboot-logs

 

Check the User Login, Shutdown, and Reboot Logs on Linux

May 18, 2024 3 Mins Read

2. 
   

Check Salesforce Reports and Dashboards Subscriptions for an User

Watch on

All the popular Linux distributions, such as Ubuntu, Debian, Linux Mint, Fedora, and Red Hat, keep track of user logins, shutdowns, restarts, and how long the system is running.

This information can be very helpful for system administrators when investigating an incident, troubleshooting problems, or creating a report of user activity.

In Linux, system and application logs typically reside in the "/var/log/" directory, which can be accessed via the cat or journalctl command. However, there are other commands that use special files managed by the kernel to monitor user activity.

In this article, you will learn about those different commands that can help you check user login, shutdown, reboot logs, and the system's uptime.

• Listing All Users in a Linux System

Table of Contents

• Using Who Command
• Using Last Command
• Using Uptime Command
• Using Journalctl COmmand
• Find out Who/What Caused a Shutdown/Reboot
• Wrap Up

Using Who Command

The who command in Linux can display user login-related information such as user account name, user terminal, time when the user logged in, host name, or IP address from where the user logged in.

$ who

Output:

You can use the -b flag to check the current user login (or last reboot) date and time.

$ who -b

Output:

Using Last Command

The last command in Linux can display the list of user last logins, their duration, and other information as read from the "/var/log/wtmp" file.

$ last <username>

Output:

Instead of specifying the username, you can substitute it with the reboot parameter to get the time and date of the last reboot in Linux.

$ last reboot

Output:

• List All Open Ports and Stop the Services Behind Them

Using Uptime Command

The uptime command in Linux tells how long the system has been running by displaying the current time, uptime, number of logged-in users, and average CPU load for the past 1, 5, and 15 minutes.

$ uptime

Output:

Additionally, you can use the -p flag to show only the amount of time the system has been booted for and the -s flag to print the date and time the system booted up at:

$ uptime -p
$ uptime -s

Output:

Using Journalctl COmmand

The journalctl command in Linux is used to query the system journal, which you can use to display the system logs for more information, such as the number of times the system has been booted.

$ journalctl --list-boot

Output:

To get more detailed information from the above list of BOOT IDs, you can specify them with the -b flag.

$ journalctl -b <boot_id>

Output:

• Check Your Local Network Speed in Linux, Windows, and macOS

Find out Who/What Caused a Shutdown/Reboot

On a server, it might occur that the desired instance has been shut down or rebooted unexpectedly. In such cases, you may need to investigate the cause and find out if anyone is responsible. You can do this using the following command:

📝 Note

To achieve the same outcome, you can use the last -x command, but I favor this approach as it offers more information.

$ sudo journalctl | grep shutdown

Output:

The first entry in the output above indicates that someone initiated the shutdown; now you can use the other method explained in this article to pinpoint the culprit.

Wrap Up

In this article, you've learned how to check user login, when the system has been shutdown and rebooted, and who or what is behind it.

If you have any questions regarding the topic, feel free to ask them in the comments.

 

 https://linuxstans.com/linux-restart-command

 

How to Restart Linux with a Command

by Linux Stans|Updated April 16, 2024

In this tutorial, we’re going to show you how to use the restart command on Linux and how to restart (reboot) your system via the command-line interface (CLI).

We previously learned how to shut down Linux using a command. Now we’ll learn how to restart it. These commands will work on most Linux distros, including Ubuntu, Linux Mint, Fedora, Debian, Arch Linux, etc.

You might intuitively think that the command would be “sudo restart” but, it’s not.

How to restart Linux using the “reboot” command

First, open up Terminal (CTRL + ALT + T), or whatever else you’re using to access the CLI on your Linux distro.

The most simple way to do it is to use the “reboot” command, like so:

sudo reboot

This will restart your system. That’s the most simple and basic usage of the reboot command. For more advanced options, read below.

If you’re using a systemctl-based distro, you might need to use this command instead:

sudo systemctl reboot

How to force restart Linux with the reboot command

You can use the “-f” option with the reboot command to force restart your Linux system. By using the -f option, the system won’t sync and unmount filesystems.

sudo reboot -f

How to restart Linux with the shutdown command (with or without a delay)

Aside from shutting your system down, you can also reboot it with the “shutdown” command by using the -r option:

sudo shutdown -r now

This is useful if you want to restart your system after a given amount of time (instead of now), you can specify a delay. For example, if you want to reboot the system after 10 minutes, you can run:

sudo shutdown -r +10

And if you want to cancel an already scheduled reboot, you can run:

sudo shutdown -c

How to restart then halt Linux with a command

If you first want to restart your system and then halt it (stops all CPU functions) you can use the “-p” option:

sudo reboot -p

And that’s it! This was a pretty simple and straightforward tutorial. You can also restart Linux using the “init 6” command, but the reboot and shutdown commands are enough for most cases.

You can learn more about the commands we featured in our tutorial with:

man reboot
man shutdown