Need Wtmp Reader


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Need Wtmp Reader
# 1  
Old 12-13-2000
Question

I would loke to read the WTMP file. This is a binary file in the /var/logs directory. Is there any utility which will convert this binary file to ASCII format?
# 2  
Old 12-13-2000
last(1)

The last(1) command reads wtmp. If you want super-details, you can get the source code for last(1) and examine the format details. If you want to read wtmp in a standard way, just use <B>last</B>.

Also, you can do a man on both <B>last</B> and <B>wmtp</B> to get high level, general details.

Quote:

Last looks back in the wtmp file which records all logins and logouts for information about a user, a teletype or any group of users and teletypes. Arguments specify names of users or teletypes of interest. If multiple arguments are given, the information which applies to any of the arguments is printed. For example ``last root console'' would list all of root's sessions as well as all sessions on the console terminal. Last displays the sessions of the specified users and teletypes, most recent first, indicating the times at which the session began, the duration of the session, and the teletype which the session cut short by a reboot, last so indicates.

The pseudo-user reboot logs in at reboots of the system.

Last with no arguments displays a record of all logins and logouts, in reverse order.

If last is interrupted, it indicates how far the search has progressed in wtmp. If interrupted with a quit signal last indicates how far the search has progressed so far, and the search continues.
[Edited by Neo on 12-13-2000 at 02:33 AM]
 
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. AIX

Wtmp empty everyday

Anyone got experience where wtmp logs get truncated everyday? Though sulog, failedlogin and lastlog seems to be fine. The server uptime is 18 days running on AIX 5.3. Sorry this seems to be a generic questions but never really encountered before. (6 Replies)
Discussion started by: depam
6 Replies

2. Red Hat

wtmp output

Hi, Can anybody explain wtmp output fields? A dir was created at 7:11pm and I wanted to find out who was logged in at that time but as you can see there is no ip address listed when I run utmpdump against the wtmp file..... R, D. (1 Reply)
Discussion started by: Duffs22
1 Replies

3. AIX

Clear wtmp

Hello, Is there a difference between the following commands besides consider the file permissions? /usr/sbin/acct/nulladm /var/adm/wtmp >/var/adm/wtmp cat /dev/null >/var/adm/wtmp Today I tried the second command and it worked... (2 Replies)
Discussion started by: x_adm
2 Replies

4. AIX

wtmp file

Hello everyone I have a problem with the file wtmp that is on /var/adm This file was not on this directory (adm). I try creating a new file with the correct rights (644) and owner (adm:adm) but It doesnt work. If I type the last command i get this last ora10g ... (4 Replies)
Discussion started by: lo-lp-kl
4 Replies

5. Red Hat

changing wtmp ownership and permission

Hi, I am using redhat AS 3. Recently, I was asked to implement a security control on the OS: to change ownership of /var/log/wtmp to root:sys and permission to 600. However, when I made the change and reboot the machine, everything was reverted. How come? Please help. The following is the... (1 Reply)
Discussion started by: voa2mp3
1 Replies

6. UNIX for Dummies Questions & Answers

truncate wtmp

I have AIX5.1 I have been trying to learn how to truncate the /var/adm/wtmp file. I have seen several things on google actually but don't quite understand. I also searched your forums but couldn't find it. one says this ">/var/adm/wtmp Is that all I do? I have a seperate question also. I was... (1 Reply)
Discussion started by: rocker40
1 Replies

7. UNIX for Dummies Questions & Answers

wtmp

Hi, is it ok if i delete wtmp on HPUX 11 under /var/adm It is filling up that filesystem Cheers (2 Replies)
Discussion started by: dsharples
2 Replies

8. UNIX for Dummies Questions & Answers

Resetting WTMP?

When I type last oracle I get dates from Nov 28, 2000 all the way back to the beginning of time it seems. The 11-28-2000 entry states that Oracle is still logged in, but if you type a who, it shows only 1 entry - the currently logged in user (Me as oracle), but I logged in only minutes ago - and... (4 Replies)
Discussion started by: cuppjr
4 Replies

9. UNIX for Dummies Questions & Answers

manage the wtmp file

Here's a usefull perl script to trim the wtmp file, in case it got too big, which happens sometimes, or got curropted (which also happens often). You could learn from here how to parse the wtmp file... but of course for just reading its content always simply use "last" like Neo said.... ... (0 Replies)
Discussion started by: me2unix
0 Replies
Login or Register to Ask a Question