Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Understanding the output of fwtmp
Top Forums Shell Programming and Scripting Understanding the output of fwtmp Post 302603549 by confusedAdmin on Thursday 1st of March 2012 09:43:45 AM
Old 03-01-2012
Hi methyl.

Thanks for the response. Here are a couple of lines from the file. These are unedited, aside from me replacing the actual log in name they contain:

Code:
username                         s/10 pts/10                               23848  7 0000 0000 1203424585 4953 0 11 10.13.57.20 Tue Feb 19 12:36:25 2008
username                         s/10 pts/10                               23848  8 0000 0000 1203425529 334490 0 0  Tue Feb 19 12:52:09 2008


I've also spaced them out a bit, numbered the fields and labeled what I think the fields mean here:

Code:
Log in line:
$1        $2    $3      $4     $5      $6    $7    $8          $9      $10  $11  $12          $13    $14    $15       $16       $17
Username  ?     Term    Pid    Action  ?     ?     ?           ?       ?    ?    N/w host     Day    Month  Date      Time      Year
username  s/10  pts/10  23848  7       0000  0000  1203424585  4953    0    11   10.13.57.20  Tue    Feb    19        12:36:25  2008
 
Log out line:                                                                                                                
$1        $2    $3      $4     $5      $6    $7    $8          $9      $10  $11  $12          $13    $14    $15       $16
Username  ?     Term    Pid    Action  ?     ?     ?           ?       ?    ?    Day          Month  Date   Time      Year
username  s/10  pts/10  23848  8       0000  0000  1203425529  334490  0    0    Tue          Feb    19     12:52:09  2008


Space delimited field $5 in both lines identifies what I think is the action recorded by the line. I think '7' corresponds to a log in, and '8' corresponds to a log out.

$12 in the log in line contains what seems to be the ip address of the computer used to log in to Solaris from. This field is missing on the log out line, so it pushes out the rest of the fields - field $13 in the log in line corresponds to field $12 in the log out line, and so on for the remainder of the fields. This is why I need separate nawk commands for the two types of records.

Am I correct in what I've stated above? Also can you advise me what the fields I've labeled as '?' refer to?

Thanks,
cA.
 

10 More Discussions You Might Find Interesting

1. OS X (Apple)

Ifconfig output - help understanding flags 'Smart, Simplex', etc

Hi - Trying to understand a few things from an ifconfig -a output - can't seem to find info anywhere on the net. Specifically - looking to understand the following: Flags=8863 Smart Running (is this the same as UP) Simplex inet6 supported media: autoselect - does that imply the... (1 Reply)
Discussion started by: littlefrog
1 Replies

2. UNIX for Dummies Questions & Answers

Help Understanding Output and question about /dev/

Hi, I am having some problems understanding the info from the following output: Disk /dev/sda: 17849 cylinders, 255 heads, 63 sectors/track Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0 Device Boot Start End #cyls #blocks Id System /dev/sda1 *... (5 Replies)
Discussion started by: mojoman
5 Replies

3. UNIX for Dummies Questions & Answers

Understanding the output command

Could you please explain me whats happening in the below code, appreciate your help, Thank you. /product/apps/informatica/v7/pc/ExtProc/NewDAC/dacRecBuilder.sh /product/apps/informatica/v7/pc/TgtFiles/NEW_DAC/DAC_Pos_TradeInv_Records.out ... (5 Replies)
Discussion started by: Ariean
5 Replies

4. AIX

Problem in understanding the output of errpt -d H -T PERM -s `date +"%m%d%H00%y"`

Its very critical and 'm in need to schedule this on my crontab so that the output can be monitored by a tool I have written the command below to redirect the error which has the output redirected to the file gincle_lol.log. Code: echo "---" >>/gingle/gincle_lol.log date... (0 Replies)
Discussion started by: Sounddappan
0 Replies

5. Shell Programming and Scripting

problem in understanding the output of errpt -d H -T PERM -s `date +"%m%d%H00%y"`

Its very critical and 'm in need to schedule this on my crontab so that the output can be monitored by a tool I have written the command below to redirect the error which has the output redirected to the file gincle_lol.log. echo "---" >>/gingle/gincle_lol.log date... (1 Reply)
Discussion started by: Sounddappan
1 Replies

6. Shell Programming and Scripting

Understanding the output of TOP

ok, so I have a script im running on a linux box that uses "egrep" a lot. now, when i run this script, i check the TOP to see how much system resource it is using. the "top" command gives the following output: last pid: 25384; load avg: 1.06, 1.04, 0.76; up 351+06:30:24 ... (0 Replies)
Discussion started by: SkySmart
0 Replies

7. UNIX for Dummies Questions & Answers

Understanding nm command output

After running nm command on any object file from out put can we get to know that wheather a symbol is a call to a function or definition of function ? I am searching a class and function definitions inside many .so files. I have 3 files which contain the symbol but I don't know wheather they... (2 Replies)
Discussion started by: yatrik007
2 Replies

8. Red Hat

Command understanding the output file destination in case of standard output!!!!!

I ran the following command. cat abc.c > abc.c I got message the following message from command cat: cat: abc.c : input file is same as the output file How the command came to know of the destination file name as the command is sending output to standard file. (3 Replies)
Discussion started by: ravisingh
3 Replies

9. Shell Programming and Scripting

Need your help in understanding this

Hi, I found this in a script and I would like to know how this works Code is here: # var1=PART1_PART2 # var2=${var1##*_} # echo $var2 PART2 I'm wondering how ##* makes the Shell to understand to pick up the last value from the given. (2 Replies)
Discussion started by: sathyaonnuix
2 Replies

10. UNIX for Advanced & Expert Users

Understanding output of "last" command

Hello, Been looking through Google, and I don't see a direct answer to this: # last ... abcd pts/1 srever02 Mon Feb 23 07:56 - 07:56 (00:00) abcd sshd server02 Mon Feb 23 07:56 - 07:56 (00:00) klmn sshd ... (2 Replies)
Discussion started by: kitykitykity
2 Replies

LEARN ABOUT SUNOS

wtmpfix

fwtmp(1M)						  System Administration Commands						 fwtmp(1M)

NAME

       fwtmp, wtmpfix - manipulate connect accounting records

SYNOPSIS

       /usr/lib/acct/fwtmp [-ic]

       /usr/lib/acct/wtmpfix [file...]

DESCRIPTION

       fwtmp  reads  from  the	standard input and writes to the standard output, converting binary records of the type found in /var/adm/wtmpx to
       formatted ASCII records.  The ASCII version is useful when it is necessary to edit  bad records.

       wtmpfix examines the standard input or named files in utmpx format, corrects the time/date stamps  to  make  the  entries  consistent,  and
       writes  to the standard output.	A hyphen (-) can be used in place of file to indicate the standard input. If time/date corrections are not
       performed, acctcon(1M) will fault when it encounters certain date-change records.

       Each time the date is set, a pair of date change records are written to /var/adm/wtmpx. The first record is the old  date  denoted  by  the
       string  "old time" placed in the line field and the flag OLD_TIME placed in the type field of the utmpx structure. The second record speci-
       fies the new date and is denoted by the string new time placed in the line field and the flag NEW_TIME placed in the  type  field.  wtmpfix
       uses these records to synchronize all time stamps in the file.

       In addition to correcting time/date stamps, wtmpfix will check the validity of the name field to ensure that it consists solely of alphanu-
       meric characters or spaces. If it encounters a name that is considered invalid, it will change the login name to INVALID and write a  diag-
       nostic to the standard error. In this way, wtmpfix reduces the chance that acctcon will fail when processing connect accounting records.

OPTIONS

       -ic	Denotes that input is in ASCII form, and output is to be written in binary form.

FILES

       /var/adm/wtmpx	       history of user access and administration information

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWaccu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       acctcom(1),  ed(1),  acct(1M),  acctcms(1M),  acctcon(1M),  acctmerg(1M),  acctprc(1M),	acctsh(1M),  runacct(1M),  acct(2), acct.h(3HEAD),
       utmpx(4), attributes(5)

       System Administration Guide: Basic Administration

SunOS 5.10							    22 Feb 1999 							 fwtmp(1M)
All times are GMT -4. The time now is 01:52 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy