Who Was On the Server?

Reconstruct who accessed a server during an incident window.

A intermediate Linux challenge worth 10 points. Solve it hands-on in a real Linux environment in your browser - no local setup, no fake shells.