02-10-2008
Use "last" to see who's logged in
The command you want is "last". It uses the information from wtmp, which after 30 days gets moved to /var/adm/wtmpx.1 or something like that.
Use last by itself to get the standard report. Remote logins will have the IP address in the 3rd column. (Locally spawned sessions, ie, Xterms or virtual terminals will not have an IP address.) Use -f filename to use the older wtmpx file.
As the previous poster hinted at, hackers may be able to cover their tracks, so this only helps with authorized access. To cross-reference, you can also look at the logs from /var/adm/messages*. To enable more verbosity in log messages, you should tweak entries in both /etc/pam.conf, /etc/syslogd.conf, and /etc/ssh/sshd.conf.
8 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi All,
Whenever I log in to my terminal and execute some cmds and then I type "history", I get the list of all the commands that I have executed.
I want to know where is the history been stored (any path location ?)
Secondly,if I want to delete the history or some part of the history, can... (9 Replies)
Discussion started by: shubhranshu
9 Replies
2. UNIX for Advanced & Expert Users
Team ,
using fc command we can get details of our history file .. Is it possible to get the same result for different user from root.. Actually I need to collect all the stuff from select users history file for day to day basis.
thanks in advance .. (2 Replies)
Discussion started by: rgpai9972
2 Replies
3. UNIX for Dummies Questions & Answers
How do I pipe serveral commans that will list only the user ids, sort the output, and remove any duplice name entries for those that have logged in in the past month? Thanks! (1 Reply)
Discussion started by: CasperQuiet
1 Replies
4. Shell Programming and Scripting
Hi,
I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history?
thank you,
S (4 Replies)
Discussion started by: sardare
4 Replies
5. Solaris
Hi
We are sharing our envoirnment with our component teams. the plateform is SunOS 5.8 Generic_117350-41 sun4u sparc SUNW,Sun-Fire-V490.
All team logs in the domain with same user and perform activities.
Now for the system auditing purpose can somebody guide me how can I get the details when... (6 Replies)
Discussion started by: sukhvinder_Tm
6 Replies
6. UNIX for Advanced & Expert Users
Hi all,
My need is :
1. To know who , when , which command used.
2. Local user should not delete this information.
I mean , with an example , i can say
i have a user user1
i need to give all the following permissions to user1, :
a. A specific directory other than his home... (3 Replies)
Discussion started by: linuxadmin
3 Replies
7. Shell Programming and Scripting
Is it possible to find out the history of recently typed in commands of a particular user in a multi user system?
the history command expects a numeric argument with it. is it possible to find out the history o commands of a particular user say John_smith for example? (2 Replies)
Discussion started by: arindamlive
2 Replies
8. UNIX for Dummies Questions & Answers
Hi all,
My need is :
1. To know who , when , which command used.
2. Local user should not delete this information.
I mean , with an example , i can say
i have a user user1
i need to give all the following permissions to user1, :
a. A specific directory other than his home... (1 Reply)
Discussion started by: sriky86
1 Replies
LEARN ABOUT OPENSOLARIS
grablogs.conf
grablogs.conf(4) File Formats grablogs.conf(4)
NAME
grablogs.conf - grablogs configuration for libgrablogs.so of the plugins of
gnome-system-log file
SYNOPSIS
/usr/lib/gnome-system-log/plugins/grablogs.conf
DESCRIPTION
The libgrablogs.so is a plugin for gnome-system-log(1), it colloct the log files from the system as many as possible. grablogs.conf is a
configuration file that contains a set of lines mixed with sh(1) syntax codes and individual
log files. libgrablogs.so will read the file try to get a log files list for
gnome-system-log(1). Users can copy the file into $HOME/.gnome2/gnome-system-log/plugins/`uname -p` to overwrite the system default one.
The grablogs.conf file contains the following configuration categories:
[configs]
Each line under this category is interpreted as a config file of System. The plugin will open the config file and try to find
all system paths of the logs.
[commands]
Each line under this category is interpreted as a shell command and will be execute through a pipe. And each line of the out-
put of the command will be interpreted as a log path.
[logs] Each line under this category is interpreted as a log path.
FILES
/usr/lib/gnome-system-log/plugins/grablogs.conf
The system default configuration file for the plugin libgrablogs.so
$HOME/.gnome2/gnome-system-log/plugins/`uname -p`/grablogs.conf
The user specific configuration file for the plugin libgrablogs.so
EMAMPLE
[configs]
/etc/syslog.conf
[commands]
for i in `svcs -aH -o FMRI | grep -v lrc `; do svcprop -p restarter/logfile $i 2>/dev/null || svcprop -q -p restarter/alt_logfile $i
2>/dev/null ; done
[logs]
/var/log/messages
/var/log/secure
/var/log/maillog
/var/log/cron
/var/log/Xorg.0.log
/var/log/XFree86.0.log
/var/log/auth.log
/var/log/cups/error_log
SEE ALSO
gnome-system-log(1), pipelog.conf(1)
gnome-utils 2.16.0 13 Oct 2006 grablogs.conf(4)