Hi,
I have a server AIX 5.3
Few people have the root password and somebody used the root login to erase a file (command rm in the .sh_history of root). 
I would like to know if a file exist with what ip address has been connected.
I want to find the guilty!!! 
Thanks guys
Hi,
last root should give you ip or hostname and time of login and logout of root logins.
expl@suptdf06/tmp/sauve_base_mren> last root
wtmp begins Oct 18 03:10
expl@suptdf06/tmp/sauve_base_mren> date
Tue Oct 18 14:03:22 DFT 2011
What does it mean please? Somebody did it a 03:10 this morning?