Unix/Linux Go Back    


AIX AIX is IBM's industry-leading UNIX operating system that meets the demands of applications that businesses rely upon in today's marketplace.

wtmp file

AIX


Tags
aix, unix

Closed Linux or Unix Question    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 07-02-2012
hercules_1010 hercules_1010 is offline
Registered User
 
Join Date: Jul 2012
Last Activity: 5 July 2012, 9:16 AM EDT
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
wtmp file

sorry for being a noob, i am trying to find which user accessed the server at what time and there ip address at first i used who command but the output didn't contain the ip address then i used the last command which provided me with the ip of the users but when i searched i searched and found that both commands use to retrieve the data from a file called wtmp.
- does both use the same file ?
- i found that the file contains only record for the last day how can i increase the time the this file hold the data ?
- is there a patch to export the data another file each day ?
Sponsored Links
    #2  
Old Unix and Linux 07-02-2012
zaxxon's Unix or Linux Image
zaxxon zaxxon is offline Forum Staff  
code tag tagger
 
Join Date: Sep 2007
Last Activity: 27 April 2015, 8:54 AM EDT
Location: St. Gallen, Switzerland
Posts: 6,294
Thanks: 131
Thanked 460 Times in 418 Posts
No need to be sorry.

From man who :
Quote:
To obtain information, the who command usually examines the /etc/utmp file. If you specify another file with the File parameter,
the who command examines that file instead. This new file is usually the /var/adm/wtmp or /etc/security/failedlogin file.
Normally a plain last shows all entries. Though you can try who -a /var/adm/wtmp if it shows more.

/etc/utmp contains much less entries than /var/adm/wtmp.

Here some clearing up from the IBM site:
Help - AIX 7.1 Information Center

/etc/utmp stores the logins, while /var/adm/wtmp stores archives everything together with information that will be used if you are using the Advanced Accounting facilities of AIX.

I just did a check on a box and here is the outcome:

Code:
# who -a /etc/utmp| wc -l
      35
# who -a /var/adm/wtmp| wc -l
    1497

Do you maybe have a job that tries to save space in /var and just overwrites or nulls /var/adm/wtmp? It can happen on machines, that are very busy login-wise, that this file can get very big very fast. Maybe that's the reason a last shows only last's day entries.
Sponsored Links
Closed Linux or Unix Question

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Unix or Linux Image More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
wtmp file lo-lp-kl AIX 4 06-02-2008 01:32 PM
WTMP file cleared after upgrade zuessh AIX 2 03-07-2008 11:47 AM
Displaying fields in wtmp file? eclapton1 Programming 1 06-27-2004 01:48 AM
manage the wtmp file me2unix UNIX for Dummies Questions & Answers 0 12-18-2000 06:09 AM



All times are GMT -4. The time now is 09:39 AM.