[12806] in Athena Bugs
sun4 7.7K: newsyslog
daemon@ATHENA.MIT.EDU (Karen Walrath)
Thu Oct 27 16:31:46 1994
To: bugs@MIT.EDU
Date: Thu, 27 Oct 1994 16:31:40 EDT
From: Karen Walrath <karen@MIT.EDU>
System name: lees2
Type and version: SPARC/Classic 7.7K (1 update(s) to same version)
Display type: cgthree
What were you trying to do?
look who has logged in to the workstation using last
What's wrong:
newsyslog is not saving old wtmp files
What should have happened:
newsyslog should have created wtmp.0, wtmp.1, wtmp.2, wtmp.3
Please describe any relevant documentation references:
/etc/athena/newsyslog.conf
#
# Newsyslog configuration file
# MIT Project Athena
#
# $Id: newsyslog.conf,v 1.2 94/04/26 14:21:52 root Exp $
/var/adm/lastlog 644 1 20 * B
/usr/adm/wtmp 644 3 50 * B <----
/usr/adm/wtmpx 644 3 50 * B <----
/usr/adm/cron/log 644 1 10 * Z
/usr/adm/messages 644 1 10 * Z
/usr/spool/mqueue/syslog 600 1 10 * Z
ls -l /var/adm/wt*
-rw-rw-r-- 1 root other 39240 Oct 27 16:24 /var/adm/wtmp
-rw-r--r-- 1 root other 48732 Oct 27 16:24 /var/adm/wtmpx
-rw-r--r-- 1 root other 61008 Oct 25 23:29 /var/adm/wtmpx.0
-rw-r--r-- 1 root other 56916 Oct 23 01:38 /var/adm/wtmpx.1
-rw-r--r-- 1 root other 71052 Oct 19 01:17 /var/adm/wtmpx.2
-rw-r--r-- 1 root other 53196 Oct 14 01:36 /var/adm/wtmpx.3
Note that only the wtmpx are being saved. The wtmp are not. I believe
that the wtmp file is the one that last uses, since when you type last,
it ends with "wtmp begins xxxxx".
Since it is turning over once every couple of days, I'd like to be able
to look at these older files to scan for root logins etc. on our private
machines.
Ps. I looked at a whole bunch of the suns in our lab, and they all
have the same problem.
Karen
