NAME
lastcomm —
show last commands executed
in reverse order
SYNOPSIS
lastcomm |
[-w]
[-f file]
[command ...]
[user ...]
[terminal ...] |
DESCRIPTION
lastcomm gives information on previously executed commands.
With no arguments,
lastcomm prints information about all the
commands recorded during the current accounting file's lifetime.
Option:
-
-
- -f
file
- Read from file rather than the
default accounting file.
-
-
- -w
- Use as many columns as needed to print the output instead
of limiting it to 80.
If called with arguments, only accounting entries with a matching
command name,
user name, or
terminal name are printed. So, for example:
lastcomm a.out root ttyd0
would produce a listing of all the executions of commands named
a.out by user
root on the terminal
ttyd0.
For each process entry, the following are printed.
- The name of the user who ran
the process.
- Flags, as accumulated by the
accounting facilities in the system.
- The command name under which
the process was called.
- The amount of cpu time used
by the process (in seconds).
- The time the process
started.
- The elapsed time of the
process.
The flags are encoded as follows: “S” indicates the command was
executed by the super-user, “F” indicates the command ran after a
fork, but without a following
exec(3), “C” indicates
the command was run in PDP-11 compatibility mode (VAX only), “D”
indicates the command terminated with the generation of a
core file, and “X” indicates the command was
terminated with a signal.
The “S” and “C” flags are no longer recorded by the
system, but will be reported by
lastcomm when reading from
an accounting file generated by an older version of the system.
FILES
- /var/account/acct
- Default accounting file.
SEE ALSO
last(1),
sigaction(2),
acct(5),
core(5)
HISTORY
The
lastcomm command appeared in
3.0BSD.