Unix/Linux Go Back    

AIX AIX is IBM's industry-leading UNIX operating system that meets the demands of applications that businesses rely upon in today's marketplace.

wtmp file


aix, unix

Thread Tools Search this Thread Display Modes
Old Unix and Linux 07-02-2012
hercules_1010 hercules_1010 is offline
Registered User
Join Date: Jul 2012
Last Activity: 5 July 2012, 9:16 AM EDT
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
wtmp file

sorry for being a noob, i am trying to find which user accessed the server at what time and there ip address at first i used who command but the output didn't contain the ip address then i used the last command which provided me with the ip of the users but when i searched i searched and found that both commands use to retrieve the data from a file called wtmp.
- does both use the same file ?
- i found that the file contains only record for the last day how can i increase the time the this file hold the data ?
- is there a patch to export the data another file each day ?
Sponsored Links
Old Unix and Linux 07-02-2012
zaxxon's Unix or Linux Image
zaxxon zaxxon is offline Forum Staff  
code tag tagger
Join Date: Sep 2007
Last Activity: 4 April 2017, 5:17 AM EDT
Location: St. Gallen, Switzerland
Posts: 6,552
Thanks: 171
Thanked 553 Times in 476 Posts
No need to be sorry.

From man who:
To obtain information, the who command usually examines the /etc/utmp file. If you specify another file with the File parameter,
the who command examines that file instead. This new file is usually the /var/adm/wtmp or /etc/security/failedlogin file.
Normally a plain last shows all entries. Though you can try who -a /var/adm/wtmp if it shows more.

/etc/utmp contains much less entries than /var/adm/wtmp.

Here some clearing up from the IBM site:
Help - AIX 7.1 Information Center

/etc/utmp stores the logins, while /var/adm/wtmp stores archives everything together with information that will be used if you are using the Advanced Accounting facilities of AIX.

I just did a check on a box and here is the outcome:

# who -a /etc/utmp| wc -l
# who -a /var/adm/wtmp| wc -l

Do you maybe have a job that tries to save space in /var and just overwrites or nulls /var/adm/wtmp? It can happen on machines, that are very busy login-wise, that this file can get very big very fast. Maybe that's the reason a last shows only last's day entries.
Sponsored Links

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
wtmp file lo-lp-kl AIX 4 06-02-2008 01:32 PM
WTMP file cleared after upgrade zuessh AIX 2 03-07-2008 11:47 AM
Displaying fields in wtmp file? eclapton1 Programming 1 06-27-2004 01:48 AM
manage the wtmp file me2unix UNIX for Dummies Questions & Answers 0 12-18-2000 06:09 AM

All times are GMT -4. The time now is 08:56 PM.