last command only retrieves the login times. I’m interested in the times that the screen was unlocked. Any indirect means of getting this are also welcome.
Did you check the system logs? You should see an authentication message in
/var/log/secure when someone attempts to unlock the screen.
For instance, when using KDE and someone types in the wrong password:
Mar 7 14:19:05 saurok kcheckpass: pam_sss(kscreensaver:auth): authentication failure; logname=username uid=248800001 euid=248800001 tty=:0 ruser= rhost= user=username
And a successful unlock:
Mar 7 14:19:09 saurok kcheckpass: pam_sss(kscreensaver:auth): authentication success; logname=username uid=248800001 euid=248800001 tty=:0 ruser= rhost= user=username
Yours will vary slightly (this machine is on a domain) but it should be present.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.