wtmp file | Unix Linux Forums | AIX

  Go Back    


AIX AIX is IBM's industry-leading UNIX operating system that meets the demands of applications that businesses rely upon in today's marketplace.

wtmp file

AIX


Tags
aix, unix

Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 07-02-2012
hercules_1010 hercules_1010 is offline
Registered User
 
Join Date: Jul 2012
Last Activity: 5 July 2012, 9:16 AM EDT
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
wtmp file

sorry for being a noob, i am trying to find which user accessed the server at what time and there ip address at first i used who command but the output didn't contain the ip address then i used the last command which provided me with the ip of the users but when i searched i searched and found that both commands use to retrieve the data from a file called wtmp.
- does both use the same file ?
- i found that the file contains only record for the last day how can i increase the time the this file hold the data ?
- is there a patch to export the data another file each day ?
Sponsored Links
    #2  
Old 07-02-2012
zaxxon's Avatar
zaxxon zaxxon is offline Forum Staff  
code tag tagger
 
Join Date: Sep 2007
Last Activity: 28 August 2014, 10:17 AM EDT
Location: St. Gallen, Switzerland
Posts: 6,227
Thanks: 121
Thanked 451 Times in 411 Posts
No need to be sorry.

From man who :
Quote:
To obtain information, the who command usually examines the /etc/utmp file. If you specify another file with the File parameter,
the who command examines that file instead. This new file is usually the /var/adm/wtmp or /etc/security/failedlogin file.
Normally a plain last shows all entries. Though you can try who -a /var/adm/wtmp if it shows more.

/etc/utmp contains much less entries than /var/adm/wtmp.

Here some clearing up from the IBM site:
Help - AIX 7.1 Information Center

/etc/utmp stores the logins, while /var/adm/wtmp stores archives everything together with information that will be used if you are using the Advanced Accounting facilities of AIX.

I just did a check on a box and here is the outcome:

Code:
# who -a /etc/utmp| wc -l
      35
# who -a /var/adm/wtmp| wc -l
    1497

Do you maybe have a job that tries to save space in /var and just overwrites or nulls /var/adm/wtmp? It can happen on machines, that are very busy login-wise, that this file can get very big very fast. Maybe that's the reason a last shows only last's day entries.
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
wtmp file lo-lp-kl AIX 4 06-02-2008 01:32 PM
WTMP file cleared after upgrade zuessh AIX 2 03-07-2008 11:47 AM
Displaying fields in wtmp file? eclapton1 Programming 1 06-27-2004 01:48 AM
manage the wtmp file me2unix UNIX for Dummies Questions & Answers 0 12-18-2000 06:09 AM



All times are GMT -4. The time now is 12:14 AM.