"last" not showing recent login activity

Matthew Seaman m.seaman at infracaninophile.co.uk
Mon Dec 17 21:38:53 UTC 2012

On 17/12/2012 21:22, Matthew Seaman wrote:
> On 17/12/2012 18:55, Matthias Petermann wrote:
>> Hello,
>> on one of my systems I just found out that "last" only shows some old
>> login / logout activity, but not the recent actvities.
>> The strange thing... everytime I log into the system, /var/log/utx.log
>> gets update to the current timestamp (and also grows by some bytes).
>> But "last" only shows very old data...
>> srv# last -f utx.log -d 20121218
>> matthias   pts/3                           Mon Dec  3 23:32   still
>> logged in
>> matthias   pts/2                           Mon Dec  3 23:31   still
>> logged in
>> Is there any reason why I can't see the recent logins there? Which
>> component does write data to utx.log - is this done via syslog or a
>> lower level mechanism?
> http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/168844

Errr... OK.  Yours is a different issue with utx.log.  It is not syslog
that updates utx.log but the various programs like login(1) or sshd(8)
that actually handle the authentication when you try and log in.  Most
applications achieve that via the pam_lastlog(8) module.

As to why you cannot see anything in the file beyond a certain point:
perhaps the file data got corrupted in the middle? You might be able to
tell by examining the file with hd(1) or getent(1) -- try:

  getent utmpx log /var/log/utx.log

You might also fine the getutxent(3) man page enlightening.



Dr Matthew J Seaman MA, D.Phil.

PGP: http://www.infracaninophile.co.uk/pgpkey
JID: matthew at infracaninophile.co.uk

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 266 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20121217/66c7d1e4/attachment.sig>

More information about the freebsd-questions mailing list