sorry for being a noob, i am trying to find which user accessed the server at what time and there ip address at first i used who command but the output didn't contain the ip address then i used the last command which provided me with the ip of the users but when i searched i searched and found that both commands use to retrieve the data from a file called wtmp.
does both use the same file ?
i found that the file contains only record for the last day how can i increase the time the this file hold the data ?
is there a patch to export the data another file each day ?
/etc/utmp stores the logins, while /var/adm/wtmp stores archives everything together with information that will be used if you are using the Advanced Accounting facilities of AIX.
I just did a check on a box and here is the outcome:
# who -a /etc/utmp| wc -l
35
# who -a /var/adm/wtmp| wc -l
1497
Do you maybe have a job that tries to save space in /var and just overwrites or nulls /var/adm/wtmp? It can happen on machines, that are very busy login-wise, that this file can get very big very fast. Maybe that's the reason a last shows only last's day entries.