"last" not showing recent login activity
m.seaman at infracaninophile.co.uk
Mon Dec 17 21:38:53 UTC 2012
On 17/12/2012 21:22, Matthew Seaman wrote:
> On 17/12/2012 18:55, Matthias Petermann wrote:
>> on one of my systems I just found out that "last" only shows some old
>> login / logout activity, but not the recent actvities.
>> The strange thing... everytime I log into the system, /var/log/utx.log
>> gets update to the current timestamp (and also grows by some bytes).
>> But "last" only shows very old data...
>> srv# last -f utx.log -d 20121218
>> matthias pts/3 Mon Dec 3 23:32 still
>> logged in
>> matthias pts/2 Mon Dec 3 23:31 still
>> logged in
>> Is there any reason why I can't see the recent logins there? Which
>> component does write data to utx.log - is this done via syslog or a
>> lower level mechanism?
Errr... OK. Yours is a different issue with utx.log. It is not syslog
that updates utx.log but the various programs like login(1) or sshd(8)
that actually handle the authentication when you try and log in. Most
applications achieve that via the pam_lastlog(8) module.
As to why you cannot see anything in the file beyond a certain point:
perhaps the file data got corrupted in the middle? You might be able to
tell by examining the file with hd(1) or getent(1) -- try:
getent utmpx log /var/log/utx.log
You might also fine the getutxent(3) man page enlightening.
Dr Matthew J Seaman MA, D.Phil.
JID: matthew at infracaninophile.co.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 266 bytes
Desc: OpenPGP digital signature
More information about the freebsd-questions