[6428] in bugtraq
Re: wtmpx utility for solaris
daemon@ATHENA.MIT.EDU (Mikael Brandstrom)
Tue Mar 31 17:34:12 1998
Date: Tue, 31 Mar 1998 13:10:11 +0200
Reply-To: Mikael Brandstrom <mikael@Katedral.SE>
From: Mikael Brandstrom <mikael@KATEDRAL.SE>
X-To: Ryan <warf@goodnet.com>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.GSO.3.95.980330031027.18821D-200000@goodguy>
On Mon, 30 Mar 1998, Ryan wrote:
> There seems to be a problem with the tmpx file for solairs. Doesn't log
> the full IP's of the users loging in, it truncates it somehow. Therefore,
> the 'last' utility is praticly useless when trying to track down someone.
>
> The wtmpx file logs the full data and doesn't truncate anything. I
> could not find a utility that viewed the wtmpx file. So, I wrote a quick
> one. It has come in very handy. I have attached the source code that I
> wrote.
Just wondering, what is the differens compared with last? (if you
disregard that last only prints some of the information logged?
At least last reads wtmpx
$ truss last
<lot of lines>
open("/var/adm/wtmpx", O_RDONLY) = 3
<another lot of lines>
It seems like Solaris uses wtmpx for the continous logging. wtmp is used
for the accounting system, and is removed evry night if accounting is
running.
// M
---
This signature ought to be left blank, but is not.
