How to Check Who Logged in to Linux? Learn the Methods and Tools


In the world of Linux administration, ensuring the security of your system is paramount. One crucial aspect is keeping track of who logs in to your Linux system. Whether you’re an IT professional or an avid Linux enthusiast, understanding how to monitor user logins is essential for maintaining the integrity of your system. In this article, we will delve into various methods and tools that allow you to effectively check who logged in to your Linux environment.

How to Check Who Logged in in Linux?

When it comes to monitoring user logins in Linux, you have several options at your disposal. Whether you prefer using command-line utilities or graphical tools, the following methods will help you keep track of user activity on your system.

Using the last Command

The last command is a versatile tool that provides a chronological list of user logins and logouts. To utilize this command, open your terminal and simply type:


The output will display a list of users, along with their login times, durations, and originating IP addresses. This information is invaluable for identifying any unauthorized access attempts or suspicious activities.

Analyzing the /var/log/auth.log File

The /var/log/auth.log file contains a wealth of information related to user authentication and login attempts. By analyzing this log file, you can gain insights into successful and failed login attempts. To view the contents of this file, use the following command:

cat /var/log/auth.log | grep "session opened"

This command will filter out lines that indicate a successful login session. Similarly, you can search for failed login attempts by replacing "session opened" with "Failed password".

Using Graphical Utilities

For users who prefer a more user-friendly approach, graphical utilities provide an intuitive way to monitor user logins. Tools like “System Monitor” or “GNOME Logs” offer visual representations of user activities, making it easier to spot any anomalies.

To open “System Monitor,” simply search for it in your application launcher. Within the application, navigate to the “Resources” tab to view a list of currently logged-in users.


How can I check who recently logged in to my Linux system?

To check recent logins, use the last command in your terminal. It will display a list of users along with their login times and IP addresses.

Are there any graphical tools for monitoring user logins?

Yes, there are graphical utilities like “System Monitor” and “GNOME Logs” that provide visual representations of user activities.

Can I identify failed login attempts using the auth.log file?

Absolutely. The /var/log/auth.log file contains information about both successful and failed login attempts. You can use the grep command to filter out relevant entries.

Is it important to monitor user logins on a Linux system?

Yes, monitoring user logins is crucial for identifying any unauthorized access attempts or security breaches on your Linux system.

How do I view active user sessions using the w command?

The w command provides information about active user sessions, including login times, terminal locations, and more. Simply type w in your terminal to see the details.

Can I log out users remotely from a Linux system?

Yes, as an administrator, you can use the pkill or pkillall command to log out specific users or all users from a remote terminal.

Who is on Linux server?

You can identify the users currently logged into a Linux server by employing the ‘who’ command.

How to check who logged in to Linux?

You can use the ‘who’ command to see the currently logged-in users on a Linux system.

How do I see who is on Linux?

To view the active users on a Linux system, utilize the ‘who’ command in the terminal.

Who was logged in Linux?

You can determine the past and present logins on a Linux system using various commands such as ‘last’ or ‘w’.


Securing your Linux system involves various strategies, and monitoring user logins is a fundamental aspect of that process. By utilizing tools like the last command and analyzing the /var/log/auth.log file, you can stay informed about who accesses your system and when. Additionally, graphical utilities offer a user-friendly approach to tracking user activities. Remember, vigilance in monitoring logins contributes to the overall security and integrity of your Linux environment.

Leave a comment