DEV Community

Sreedeep
Sreedeep

Posted on

2 2 2 2 2

🔍 3 Hidden Linux Logs You’ve Never Heard About! 🐧 (Uncover the Secrets!)

Log files can provide great insights into operations, user activity, and potential threats. Understanding these log files, wtmp, utmp, btmp, and auth.log, was a game-changer for me.

In this article, we’ll explore these logs, their practical applications, and how you can use them to diagnose issues.


1. wtmp: Login and Logout Records

The wtmp log tracks historical login and logout events on a Linux system. This binary log, stored in /var/log/wtmp, helps administrators review access patterns and pinpoint login anomalies. To analyse its contents, you can use the last command.

$ last
Enter fullscreen mode Exit fullscreen mode

This command reveals the history of user sessions, including start and end times, terminal IDs, and host information.

2. utmp: Active Users

Its stored in /var/run/utmp, this log tracks currently logged-in users and their active sessions. Use the who command to display this information in real-time

$ who
Enter fullscreen mode Exit fullscreen mode

Its essential for administrators to monitor active sessions and ensure system integrity.

3. btmp: Invalid Login Attempts

The btmp log records failed login attempts, providing critical insights into potential brute force attacks or unauthorized access attempts. Analyze it with the lastb command:

$ sudo lastb
Enter fullscreen mode Exit fullscreen mode

This helps identify the source and frequency of failed login attempts, enabling quick response to possible threats.

Bonus 1: boot.log

The boot.log file contains messages from the boot process. It’s a valuable resource for diagnosing slow boot times or identifying failing services.

Here is what I found in my system which helped me debug slow boot time.

Image description


Bonus 2: utmpdump

For binary logs like wtmp or btmp, tools such as utmpdump convert the contents into readable text. Example:

$ utmpdump /var/log/wtmp
Enter fullscreen mode Exit fullscreen mode

This output reveals detailed session information, including event types, user IDs, and timestamps.

Hello, I forgot to introduce myself. I am Sreedeep, I am building LiveAPI. Its a Super Convenient API Documentation solution for startups.

In LiveAPI we added a new feature in which you can see high level back-end logs which will help you debug the issues while generating API documentation. Tryout our free trial.

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more

Top comments (0)

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up