Unix/Linux Go Back    

AIX AIX is IBM's industry-leading UNIX operating system that meets the demands of applications that businesses rely upon in today's marketplace.

wtmp file


aix, unix

Thread Tools Search this Thread Display Modes
Old Unix and Linux 07-02-2012   -   Original Discussion by hercules_1010
hercules_1010 hercules_1010 is offline
Registered User
Join Date: Jul 2012
Last Activity: 5 July 2012, 9:16 AM EDT
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
wtmp file

sorry for being a noob, i am trying to find which user accessed the server at what time and there ip address at first i used who command but the output didn't contain the ip address then i used the last command which provided me with the ip of the users but when i searched i searched and found that both commands use to retrieve the data from a file called wtmp.
- does both use the same file ?
- i found that the file contains only record for the last day how can i increase the time the this file hold the data ?
- is there a patch to export the data another file each day ?
Sponsored Links
Old Unix and Linux 07-02-2012   -   Original Discussion by hercules_1010
zaxxon's Unix or Linux Image
zaxxon zaxxon is offline Forum Staff  
code tag tagger
Join Date: Sep 2007
Last Activity: 15 November 2017, 7:27 AM EST
Location: St. Gallen, Switzerland
Posts: 6,574
Thanks: 176
Thanked 560 Times in 481 Posts
No need to be sorry.

From man who:
To obtain information, the who command usually examines the /etc/utmp file. If you specify another file with the File parameter,
the who command examines that file instead. This new file is usually the /var/adm/wtmp or /etc/security/failedlogin file.
Normally a plain last shows all entries. Though you can try who -a /var/adm/wtmp if it shows more.

/etc/utmp contains much less entries than /var/adm/wtmp.

Here some clearing up from the IBM site:
Help - AIX 7.1 Information Center

/etc/utmp stores the logins, while /var/adm/wtmp stores archives everything together with information that will be used if you are using the Advanced Accounting facilities of AIX.

I just did a check on a box and here is the outcome:

# who -a /etc/utmp| wc -l
# who -a /var/adm/wtmp| wc -l

Do you maybe have a job that tries to save space in /var and just overwrites or nulls /var/adm/wtmp? It can happen on machines, that are very busy login-wise, that this file can get very big very fast. Maybe that's the reason a last shows only last's day entries.
Sponsored Links

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
wtmp file lo-lp-kl AIX 4 06-02-2008 02:32 PM
WTMP file cleared after upgrade zuessh AIX 2 03-07-2008 12:47 PM
Displaying fields in wtmp file? eclapton1 Programming 1 06-27-2004 02:48 AM
manage the wtmp file me2unix UNIX for Dummies Questions & Answers 0 12-18-2000 07:09 AM

All times are GMT -4. The time now is 08:14 AM.