≡ Menu

Linux How do I display failed login attempt?

/var/log/faillog is a log file for failed login attempts. This file maintains a count of login failures and the limits for each account. The file is fixed length record, indexed by numerical ID. Each record contains the count of login failures since the last successful login; the maximum number of failures before the account is disabled; the line the last login failure occurred on; and the date the last login failure occurred. Since data is in binary format you need to use faillog command to display failed login attempt.

How do I use faillog?

To display failed login attempt for user root with following command:
$ faillog -u root

Login       Failures Maximum Latest                   On
root            0        0   02/17/06 14:49:52 +0530  tty1

To display all failed login attempt try:
$ faillog -a

Login       Failures Maximum Latest                   On
root            0        0   02/17/06 14:49:52 +0530  tty1
rocky           0        0   02/27/06 22:05:03 +0530  tty1
usr1            2        0   02/16/06 15:05:01 +0530  tty2

See also:

Share this on:

{ 4 comments… add one }

  • Vicky November 23, 2010, 6:46 am

    Seems like nobody is interested in login failures..
    Anyhow, Vivek ji great article again :D

  • Saurabh March 17, 2011, 7:23 am

    I created a user and deliberatly made its login faild.
    When I use the command ,it doesn;t seem to work.
    I even checked the /var/log/faillog file and its empty…

  • A.Jesin April 17, 2011, 12:00 pm

    When I use the faillog command I get the error
    cannot open /var/log/faillog doesn’t exist

  • Harman November 17, 2013, 12:01 pm

    It seems like /var/log/faillog doesn’t create at the installation time.

    Do we have any other way to get the status of the user account ?

Leave a Comment

   Tagged with: , , , , , , , , , ,