lastcomm gives information on previously executed commands. With no arguments,
lastcomm prints information about all the commands recorded during the current accounting file's lifetime.
Option:
-f file
Read from file rather than the default accounting file.
If called with arguments, only accounting entries with a matching
command name,
user name, or
terminal name are printed. So, for example:
lastcomm a.out root ttyd0
would produce a listing of all the executions of commands named
a.out by user
root on the terminal
ttyd0.
For each process entry, the following are printed.
•
The name of the user who ran the process.
•
Flags, as accumulated by the accounting facilities in the system.
•
The command name under which the process was called.
•
The amount of cpu time used by the process (in seconds).
•
The time the process started.
•
The elapsed time of the process.
The flags are encoded as follows: “S” indicates the command was executed by the super-user, “F” indicates the command ran after a fork, but without a following
exec(3), “C” indicates the command was run in PDP-11 compatibility mode (VAX only), “D” indicates the command terminated with the generation of a
core file, and “X” indicates the command was terminated with a signal.
The “S” and “C” flags are no longer recorded by the system, but will be reported by
lastcomm when reading from an accounting file generated by an older version of the system.