I'm sure there might be an answer here. I have searched but cannot find specifics. I have wtmps file exported to a txt file for reading. The code for the export I believe is this.
if [ ${OS_VERSION} = "B.11.11" ]; then
for file in $(ls -1 /var/adm/wtmp.*|grep -v gz)
do
/usr/sbin/acct/fwtmp -X < ${file} >> ${REPORTDIR}/successful-logins-all
done
if [ -f /var/adm/wtmp ]; then
/usr/sbin/acct/fwtmp -X < /var/adm/wtmp >> ${REPORTDIR}/successful-logins-all
fi
else
for file in $(ls -1 /var/adm/wtmps.*|grep -v gz)
do
/usr/sbin/acct/fwtmp -X < ${file} >> ${REPORTDIR}/successful-logins-all
done
if [ -f /var/adm/wtmps ]; then
/usr/sbin/acct/fwtmp -X < /var/adm/wtmps >> ${REPORTDIR}/successful-logins-all
fi
fi
I'm not an expert just auditing. when I open output file this is an example of lines I see.
dev/ 18096 8 0000 0000 1448946032 416868 Dec 1 00:00:32 2015 0
dev/ 18123 8 0000 0000 1448946038 364909 Dec 1 00:00:38 2015 0
dev/ 18126 8 0000 0000 1448946038 381202 Dec 1 00:00:38 2015 0
dev/ 18149 8 0000 0000 1448946048 259553 Dec 1 00:00:48 2015 0
dev/ 18191 8 0000 0000 1448946059 377515 Dec 1 00:00:59 2015 0
My question then is really what is this information telling me? I cannot seem to find anything that tells me what the output means.
Thank you much,