I'm writing a Solaris 10 ksh script to retrieve details of logins and logouts using specific user names. The details I want are quite basic - the username, the computer logged in from, and the date and time the user logged in and logged off.
I initially thought that the 'last' command would be perfect, however its output doesn't include a year in its date information, which I need.
After further searching on this site and others I came across the fwtmp command, which I can use as follows to read the information I need:
This works fine and returns a plain text file that includes full year information in the date, but the problem is that I don't understand all of the fields contained in the output.
As far as I can tell, if field 5 contains a 7, the entry shows a login, and if field 5 contains an 8, the entry shows a logout. Assuming this is correct, I've written the following nawk commands to extract the information I need:
I appear to need different commands for the logins and logouts, as the record structure seems to be a bit different for each.
I'm then sorting the file using the following command:
Code:
sort -k 3,3 -k 9,9 -k6M myoutput.txt
This seems to sort each login record chronologically, with its corresponding logout on the following line.
What I want to know is, are my assumptions about the output format of fwtmp correct? Also, will my sort command group all the results as I've outlined?
I've tried to find a reference that explains in plain english what the format of the fwtmp output is, but have not been successful. The best I've found is someone advising to run the command 'man 4 utmpx', which does seem related, but this refers to a c header file (utmpx.h), and my c is a bit rusty at this stage.
If someone could respond to my concerns, and point me in the direction of an explanation of the ascii output of the fwtmp command I'd be grateful.
Apologies if this has been answered before, but I don't think it has. Thanks in advance for any assistance anyone can provide.
Hi -
Trying to understand a few things from an ifconfig -a output - can't seem to find info anywhere on the net.
Specifically - looking to understand the following:
Flags=8863
Smart
Running (is this the same as UP)
Simplex
inet6
supported media: autoselect - does that imply the... (1 Reply)
Hi,
I am having some problems understanding the info from the following output:
Disk /dev/sda: 17849 cylinders, 255 heads, 63 sectors/track
Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0
Device Boot Start End #cyls #blocks Id System
/dev/sda1 *... (5 Replies)
Could you please explain me whats happening in the below code, appreciate your help, Thank you.
/product/apps/informatica/v7/pc/ExtProc/NewDAC/dacRecBuilder.sh
/product/apps/informatica/v7/pc/TgtFiles/NEW_DAC/DAC_Pos_TradeInv_Records.out ... (5 Replies)
Its very critical and 'm in need to schedule this on my crontab so that the output can be monitored by a tool
I have written the command below to redirect the error which has the output redirected to the file gincle_lol.log.
Code:
echo "---" >>/gingle/gincle_lol.log
date... (0 Replies)
Its very critical and 'm in need to schedule this on my crontab so that the output can be monitored by a tool
I have written the command below to redirect the error which has the output redirected to the file gincle_lol.log.
echo "---" >>/gingle/gincle_lol.log
date... (1 Reply)
ok, so I have a script im running on a linux box that uses "egrep" a lot. now, when i run this script, i check the TOP to see how much system resource it is using.
the "top" command gives the following output:
last pid: 25384; load avg: 1.06, 1.04, 0.76; up 351+06:30:24 ... (0 Replies)
After running nm command on any object file from out put can we get to know that wheather a symbol is a call to a function or definition of function ?
I am searching a class and function definitions inside many .so files.
I have 3 files which contain the symbol but I don't know wheather they... (2 Replies)
I ran the following command.
cat abc.c > abc.c
I got message the following message from command cat:
cat: abc.c : input file is same as the output file
How the command came to know of the destination file name as the command is sending output to standard file. (3 Replies)
Hi,
I found this in a script and I would like to know how this works
Code is here:
# var1=PART1_PART2
# var2=${var1##*_}
# echo $var2
PART2
I'm wondering how ##* makes the Shell to understand to pick up the last value from the given. (2 Replies)
Hello,
Been looking through Google, and I don't see a direct answer to this:
# last
...
abcd pts/1 srever02 Mon Feb 23 07:56 - 07:56 (00:00)
abcd sshd server02 Mon Feb 23 07:56 - 07:56 (00:00)
klmn sshd ... (2 Replies)
Discussion started by: kitykitykity
2 Replies
LEARN ABOUT SUNOS
fwtmp
fwtmp(1M) System Administration Commands fwtmp(1M)NAME
fwtmp, wtmpfix - manipulate connect accounting records
SYNOPSIS
/usr/lib/acct/fwtmp [-ic]
/usr/lib/acct/wtmpfix [file...]
DESCRIPTION
fwtmp reads from the standard input and writes to the standard output, converting binary records of the type found in /var/adm/wtmpx to
formatted ASCII records. The ASCII version is useful when it is necessary to edit bad records.
wtmpfix examines the standard input or named files in utmpx format, corrects the time/date stamps to make the entries consistent, and
writes to the standard output. A hyphen (-) can be used in place of file to indicate the standard input. If time/date corrections are not
performed, acctcon(1M) will fault when it encounters certain date-change records.
Each time the date is set, a pair of date change records are written to /var/adm/wtmpx. The first record is the old date denoted by the
string "old time" placed in the line field and the flag OLD_TIME placed in the type field of the utmpx structure. The second record speci-
fies the new date and is denoted by the string new time placed in the line field and the flag NEW_TIME placed in the type field. wtmpfix
uses these records to synchronize all time stamps in the file.
In addition to correcting time/date stamps, wtmpfix will check the validity of the name field to ensure that it consists solely of alphanu-
meric characters or spaces. If it encounters a name that is considered invalid, it will change the login name to INVALID and write a diag-
nostic to the standard error. In this way, wtmpfix reduces the chance that acctcon will fail when processing connect accounting records.
OPTIONS -ic Denotes that input is in ASCII form, and output is to be written in binary form.
FILES
/var/adm/wtmpx history of user access and administration information
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWaccu |
+-----------------------------+-----------------------------+
SEE ALSO acctcom(1), ed(1), acct(1M), acctcms(1M), acctcon(1M), acctmerg(1M), acctprc(1M), acctsh(1M), runacct(1M), acct(2), acct.h(3HEAD),
utmpx(4), attributes(5)
System Administration Guide: Basic Administration
SunOS 5.10 22 Feb 1999 fwtmp(1M)
03-01-2012
