Date: Mon, 17 Dec 2012 21:38:45 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@freebsd.org Subject: Re: "last" not showing recent login activity Message-ID: <50CF90E5.7000505@infracaninophile.co.uk> In-Reply-To: <50CF8D2B.6010908@FreeBSD.org> References: <20121217195511.Horde.WiYpoIyApmatxN7nK60how2@d2ux.org> <50CF8D2B.6010908@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBCE0238D3C12C7A572FA4878 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 17/12/2012 21:22, Matthew Seaman wrote: > On 17/12/2012 18:55, Matthias Petermann wrote: >> Hello, >> >> on one of my systems I just found out that "last" only shows some old >> login / logout activity, but not the recent actvities. >> >> The strange thing... everytime I log into the system, /var/log/utx.log= >> gets update to the current timestamp (and also grows by some bytes). >> >> But "last" only shows very old data... >> >> srv# last -f utx.log -d 20121218 >> matthias pts/3 Mon Dec 3 23:32 still >> logged in >> matthias pts/2 Mon Dec 3 23:31 still >> logged in >> >> Is there any reason why I can't see the recent logins there? Which >> component does write data to utx.log - is this done via syslog or a >> lower level mechanism? >=20 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dbin/168844 Errr... OK. Yours is a different issue with utx.log. It is not syslog that updates utx.log but the various programs like login(1) or sshd(8) that actually handle the authentication when you try and log in. Most applications achieve that via the pam_lastlog(8) module. As to why you cannot see anything in the file beyond a certain point: perhaps the file data got corrupted in the middle? You might be able to tell by examining the file with hd(1) or getent(1) -- try: getent utmpx log /var/log/utx.log You might also fine the getutxent(3) man page enlightening. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey JID: matthew@infracaninophile.co.uk --------------enigBCE0238D3C12C7A572FA4878 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDPkOcACgkQ8Mjk52CukIzjrQCgg4Y0bpAWlybA7kLnx09u1t76 eawAnRYYsvGnEiDaimEg0WY1C5oOLPIg =gweo -----END PGP SIGNATURE----- --------------enigBCE0238D3C12C7A572FA4878--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50CF90E5.7000505>