wtmp output

Linux and Unix-Like Red Hat
1

Hi,

Can anybody explain wtmp output fields?

A dir was created at 7:11pm and I wanted to find out who was logged in at that time but as you can see there is no ip address listed when I run utmpdump against the wtmp file.....

[7] [29752] [ts/3] [root    ] [pts/3       ] [89.101.216.58       ] [89.101.216.58  ] [Tue May 22 18:50:53 2012    ]
[8] [29750] [    ] [        ] [pts/3       ] [                    ] [0.0.0.0        ] [Tue May 22 18:53:58 2012    ]
[8] [28370] [    ] [        ] [pts/2       ] [                    ] [0.0.0.0        ] [Tue May 22 19:11:21 2012    ]

[/COLOR][/COLOR]

R,
D.

2

A better output can be obtained using the "last" command which uses the same /var/log/wtmp command but shows date/time in a better way.

root     pts/0        hub1-gw.XXXX Tue Aug  2 16:40 - 16:56  (00:16)
reboot   system boot  2.6.38.8-32.fc15 Tue Aug  2 16:39 - 16:56  (00:16)

If I wanted to see what happend on 11th July at around 2PM, I would issue something like this:

[root@host-6-81 ~]# last | grep "Jul 11 14"
root     pts/1        hub1-gw.xxxx Mon Jul 11 14:10 - 14:16  (00:06)
reboot   system boot  2.6.38.8-32.fc15 Mon Jul 11 14:07 - 14:16  (00:08)
root     pts/0        hub1-gw.xxxx Mon Jul 11 14:08 - crash  (00:00)

Hope this helps.

1 Like