See computer's uptime and history

I was wondering if it is at all possible to find out when the computer was switched on, what files where accessed what folders were opened, what programs run and when the computer was resumed and put back to sleep (just like in the movies).

I know this isn't that important but it would be cool to know.

When was the machine turned on:

uptime

Example from my notebook:

20:06:33 up  1:50,  2 users,  load average: 0.03, 0.04, 0.05

That is current time, uptime, amount of users and the load average.

What programs run:

• Command line

  ps -ef|more
  

  

• GUI - System monitor (dash, system monitor):

  

When the computer was resumed or sleep

last

what folders were opened

what files where accessed

None of these I know a command for. Natty has activity journal for files.

Other interesting things...

• To see when the users logged in the last time: lastlog.

  

• Login failure: faillog.

  last, lastlog, faillog make use of log file /var/log/wtmp (last), /var/log/lastlog and /var/log/faillog. If those are not active you will not get any result.

• lsof shows a list of currently open files.

  

  It can do alot of checks on a lot of options. From man lsof:

  To list all open IPv4 network files in use by the process whose PID is 1234, use:

  lsof -i 4 -a -p 1234
  

  To list all open files for login name ``abe'', or user ID 1234, or process 456, or process 123, or process 789, use:

  lsof -p 456,123,789 -u 1234,abe
  

  To list all open files on device /dev/hd4, use:

  lsof /dev/hd4
  

You can use the last command to check on boot times, reboots, suspends/resumes.

A few things worth checking out :

• uptime command to see how long your computer's been running.
• Gnome Log Viewer (gnome-system-log) shows all of your logs at one place.
• Zeitgeist Activity Journal. This gives a brilliant calendar like view to show you what files were opened, and which applications were used.

As many have said "uptime" gives you up time.

I like to use "htop" to show me information about what's currently running - it's really really nicely formatted, easy for me to skim.

If you want to see who's currently logged in, try the command "who". You can dump messages on to their terminals by the "write" command, that can be fun.

As for seeing what's been going on, you can check your logs, such as /var/log/syslog or /var/log/messages (depending on distro). Further, for somewhat lower-level messages, "dmesg" is helpful.

Another thing you can use to try to see history is take a look at users *~/.bash_history* (or ~/.history, etc). That file will show you a list of commands that user has recently run. I believe a user has the ability to nuke their own history file. There's probably ways of configuring that so you can monitor more closely.

Hope that helps.

In the terminal write :

uptime