wtmp output

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat wtmp output
# 1  
Old 05-23-2012
wtmp output

Hi,

Can anybody explain wtmp output fields?

A dir was created at 7:11pm and I wanted to find out who was logged in at that time but as you can see there is no ip address listed when I run utmpdump against the wtmp file.....

Code:
[7] [29752] [ts/3] [root    ] [pts/3       ] [89.101.216.58       ] [89.101.216.58  ] [Tue May 22 18:50:53 2012    ]
[8] [29750] [    ] [        ] [pts/3       ] [                    ] [0.0.0.0        ] [Tue May 22 18:53:58 2012    ]
[8] [28370] [    ] [        ] [pts/2       ] [                    ] [0.0.0.0        ] [Tue May 22 19:11:21 2012    ]



R,
D.
# 2  
Old 05-23-2012
A better output can be obtained using the "last" command which uses the same /var/log/wtmp command but shows date/time in a better way.

Code:
root     pts/0        hub1-gw.XXXX Tue Aug  2 16:40 - 16:56  (00:16)
reboot   system boot  2.6.38.8-32.fc15 Tue Aug  2 16:39 - 16:56  (00:16)

If I wanted to see what happend on 11th July at around 2PM, I would issue something like this:
Code:
[root@host-6-81 ~]# last | grep "Jul 11 14"
root     pts/1        hub1-gw.xxxx Mon Jul 11 14:10 - 14:16  (00:06)
reboot   system boot  2.6.38.8-32.fc15 Mon Jul 11 14:07 - 14:16  (00:08)
root     pts/0        hub1-gw.xxxx Mon Jul 11 14:08 - crash  (00:00)

Hope this helps.

Last edited by admin_xor; 05-23-2012 at 06:13 PM..
This User Gave Thanks to admin_xor For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. AIX

Wtmp empty everyday

Anyone got experience where wtmp logs get truncated everyday? Though sulog, failedlogin and lastlog seems to be fine. The server uptime is 18 days running on AIX 5.3. Sorry this seems to be a generic questions but never really encountered before. (6 Replies)
Discussion started by: depam
6 Replies

2. AIX

Clear wtmp

Hello, Is there a difference between the following commands besides consider the file permissions? /usr/sbin/acct/nulladm /var/adm/wtmp >/var/adm/wtmp cat /dev/null >/var/adm/wtmp Today I tried the second command and it worked... (2 Replies)
Discussion started by: x_adm
2 Replies

3. AIX

wtmp file

Hello everyone I have a problem with the file wtmp that is on /var/adm This file was not on this directory (adm). I try creating a new file with the correct rights (644) and owner (adm:adm) but It doesnt work. If I type the last command i get this last ora10g ... (4 Replies)
Discussion started by: lo-lp-kl
4 Replies

4. Solaris

Determine last reboot when wtmp broken

Hi - How can I determine the time my system was last booted when my "wtmp" file is broken? (It is being cleaned out incorrectly, I'mm working on that issue) ie uptime shows invalid details and who -b shows "nothing at all" is there a shutdown log somewhere that may indicat the last re-boot? (3 Replies)
Discussion started by: Andrek
3 Replies

5. UNIX for Dummies Questions & Answers

truncate wtmp

I have AIX5.1 I have been trying to learn how to truncate the /var/adm/wtmp file. I have seen several things on google actually but don't quite understand. I also searched your forums but couldn't find it. one says this ">/var/adm/wtmp Is that all I do? I have a seperate question also. I was... (1 Reply)
Discussion started by: rocker40
1 Replies

6. UNIX for Dummies Questions & Answers

wtmp

Hi, is it ok if i delete wtmp on HPUX 11 under /var/adm It is filling up that filesystem Cheers (2 Replies)
Discussion started by: dsharples
2 Replies

7. UNIX for Dummies Questions & Answers

Resetting WTMP?

When I type last oracle I get dates from Nov 28, 2000 all the way back to the beginning of time it seems. The 11-28-2000 entry states that Oracle is still logged in, but if you type a who, it shows only 1 entry - the currently logged in user (Me as oracle), but I logged in only minutes ago - and... (4 Replies)
Discussion started by: cuppjr
4 Replies

8. UNIX for Dummies Questions & Answers

manage the wtmp file

Here's a usefull perl script to trim the wtmp file, in case it got too big, which happens sometimes, or got curropted (which also happens often). You could learn from here how to parse the wtmp file... but of course for just reading its content always simply use "last" like Neo said.... ... (0 Replies)
Discussion started by: me2unix
0 Replies

9. UNIX for Dummies Questions & Answers

Need Wtmp Reader

I would loke to read the WTMP file. This is a binary file in the /var/logs directory. Is there any utility which will convert this binary file to ASCII format? (1 Reply)
Discussion started by: pgold1
1 Replies
Login or Register to Ask a Question