linux-security-logs-auditing

lastlog //shows you when each user last logged in

//if you want to "reset" the last log

mv lastlog lastlog.bak cat > /var/log/lastlog

last //shows you last logins in /var/log/wtmp last -f wtmp.1 //shows you the last login from the previous month's rotation

lastb //bad login attempts, /var/log/btmp

/etc/logrotate.conf

rotated once a month, with 6 backup copies retained:

no packages own wtmp, or btmp -- we'll rotate them here

/var/log/wtmp { missingok monthly create 0664 root utmp rotate 6 }