From owner-freebsd-questions@FreeBSD.ORG Mon Dec 17 21:38:53 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 98245BF7 for ; Mon, 17 Dec 2012 21:38:53 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 164508FC12 for ; Mon, 17 Dec 2012 21:38:52 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id qBHLcl9N049524 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Mon, 17 Dec 2012 21:38:47 GMT (envelope-from m.seaman@infracaninophile.co.uk) DKIM-Filter: OpenDKIM Filter v2.7.1 smtp.infracaninophile.co.uk qBHLcl9N049524 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1355780327; bh=3D+ErJ420qZkoeUZIBS/VlDjPxqi6YoVb+6zlDHrdHU=; h=Date:From:To:Subject:References:In-Reply-To; z=Date:=20Mon,=2017=20Dec=202012=2021:38:45=20+0000|From:=20Matthew =20Seaman=20|To:=20freebsd-questi ons@freebsd.org|Subject:=20Re:=20"last"=20not=20showing=20recent=2 0login=20activity|References:=20<20121217195511.Horde.WiYpoIyApmat xN7nK60how2@d2ux.org>=20<50CF8D2B.6010908@FreeBSD.org>|In-Reply-To :=20<50CF8D2B.6010908@FreeBSD.org>; b=EMfdKq5dSJyav8IV3WdwVsZkPpDESZpIgbcc7urVKhjEYtIo+DM5cDTbiBfM9Wrz5 eEcsSFMbWq5iVewBH8475Cfdx9uzw4Mn5DF0vDycELhRV2wyPl2aeHFMOMFMqE67dP CO3NM8Etqg8et8YITpQ0VlJykPduankIpg+Ylr3c= Message-ID: <50CF90E5.7000505@infracaninophile.co.uk> Date: Mon, 17 Dec 2012 21:38:45 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: "last" not showing recent login activity References: <20121217195511.Horde.WiYpoIyApmatxN7nK60how2@d2ux.org> <50CF8D2B.6010908@FreeBSD.org> In-Reply-To: <50CF8D2B.6010908@FreeBSD.org> X-Enigmail-Version: 1.4.6 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigBCE0238D3C12C7A572FA4878" X-Virus-Scanned: clamav-milter 0.97.6 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, T_DKIM_INVALID autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Dec 2012 21:38:53 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBCE0238D3C12C7A572FA4878 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 17/12/2012 21:22, Matthew Seaman wrote: > On 17/12/2012 18:55, Matthias Petermann wrote: >> Hello, >> >> on one of my systems I just found out that "last" only shows some old >> login / logout activity, but not the recent actvities. >> >> The strange thing... everytime I log into the system, /var/log/utx.log= >> gets update to the current timestamp (and also grows by some bytes). >> >> But "last" only shows very old data... >> >> srv# last -f utx.log -d 20121218 >> matthias pts/3 Mon Dec 3 23:32 still >> logged in >> matthias pts/2 Mon Dec 3 23:31 still >> logged in >> >> Is there any reason why I can't see the recent logins there? Which >> component does write data to utx.log - is this done via syslog or a >> lower level mechanism? >=20 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dbin/168844 Errr... OK. Yours is a different issue with utx.log. It is not syslog that updates utx.log but the various programs like login(1) or sshd(8) that actually handle the authentication when you try and log in. Most applications achieve that via the pam_lastlog(8) module. As to why you cannot see anything in the file beyond a certain point: perhaps the file data got corrupted in the middle? You might be able to tell by examining the file with hd(1) or getent(1) -- try: getent utmpx log /var/log/utx.log You might also fine the getutxent(3) man page enlightening. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey JID: matthew@infracaninophile.co.uk --------------enigBCE0238D3C12C7A572FA4878 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDPkOcACgkQ8Mjk52CukIzjrQCgg4Y0bpAWlybA7kLnx09u1t76 eawAnRYYsvGnEiDaimEg0WY1C5oOLPIg =gweo -----END PGP SIGNATURE----- --------------enigBCE0238D3C12C7A572FA4878--