Unix - User Session Monitoring in UNIX/Linux
(who, w, last)
1. What Is User Session Monitoring?
User session monitoring means tracking:
-
Who is logged into the system
-
From where they logged in
-
What they are doing
-
When they logged in or logged out
It is important for:
-
System administration
-
Security monitoring
-
Intrusion detection
-
Auditing and troubleshooting
2. who Command
Purpose
Displays currently logged-in users.
Syntax
who
Sample Output
user1 pts/0 2025-12-16 09:10 (192.168.1.20)
Output Fields Explained
| Field | Meaning |
|---|---|
| user1 | Username |
| pts/0 | Terminal |
| Date & Time | Login time |
| IP address | Remote login source |
Important Options
who -u
Shows idle time and PID.
who -a
Shows all details (boot time, run level, users).