Date: Tue, 2 Feb 2010 00:32:16 +0100 From: Ed Schouten <ed@80386.nl> To: Vincent Poy <vincepoy@gmail.com> Cc: freebsd-current@freebsd.org Subject: Re: HEADS UP: <utmp.h> gone. All welcome <utmpx.h>. Message-ID: <20100201233216.GL77705@hoeg.nl> In-Reply-To: <429af92e1002011500q59b9ae09g908154ae63881ff5@mail.gmail.com> References: <429af92e1002011500q59b9ae09g908154ae63881ff5@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--QIE8wBgbk5Wqyq1O Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Vincent, * Vincent Poy <vincepoy@gmail.com> wrote: > I just updated to a January 31, 2010 -CURRENT from a -CURRENT prior to the > above change and have a few questions and issues: >=20 > 1) What's the correct way to use wtmpcvt(1) as the usage is wtmpcvt oldfi= le > newfile > out of the utmp, wtmp, lastlog, the utmp is not important as that's > basically the current logins. wtmp is not important either as that's just > the recent monthly logins. What is the correct procedure to convert last= log > as that is basically the database that showed when the last time a user > logged on to the system so that when using lastlogin or finger, it will > showed when the person last logged in? >=20 > I've tried wtmpcvt /var/log/lastlog /var/log/utx.lastlogin after backing = up > /var/log/utx.lastlogin but when I ran lastlogin, it was all blank. Right now there is no way to convert lastlog files. The point is that unlike you mentioned, the wtmp is actually the only important log file. All information could in theory be derived from it. You could convert wtmp files and use last -f to scroll through history to figure out when someone logged in. =46rom an administrative point of view, you just want to be able to inspect log files in case it turns out a couple of months earlier something bad happened with your system (getting hacked, etc). lastlog is a nice feature, but it should just be considered being a bonus. Using wtmpcvt(1) on non-wtmp files will indeed generate unreadable data files. > 2) I noticed that for last for ftp sessions, it will not show it as a ftp > session like how the previous utmp did even though w now shows the session > when it's still connected, not sure if this is really a bad thing unless = ftp > isn't the only way to not use a tty. It seems finger now will report the > last login session which previously was only for tty sessions. >=20 > <snip> I have been thinking about possibly extending the utmpx interface to include an application name string for login entries, like "sshd" or "ftpd". > 3) I noticed that it seems the system in the w, who, finger, last, > lastlogin output is not recognizing additional sessions of the same user = on > a new tty if they are already logged in such as this example. I am alrea= dy > logged in as vince on ptys/0 so I login again as vince on ptys/1: > <snip> This is very odd. Could you try debugging this a bit more? In order to ease debugging, I extended the getent command. You should be able to use the following commands: - getent utmpx active Get list of active sessions (`utmp') - getent utmpx log Get list of log entries (`wtmp') - getent utmpx lastlogin Get list of last login entries (`lastlog') When you log in, it should add a "user process" entry to the active sessions database, append the same entry to the log and overwrite the lastlogin entry for the corresponding user. An advantage of these commands is that they just perform a raw dump of the data on screen, instead of having many forms of unwanted processing on top. > lastlogin shows only the last ftp session but not acknowledging that the > current ptys/1 session as the ptys/0 session is still active. > vince@bigbang [2:44pm][~] >> lastlogin > vince solar Mon Feb 1 14:20:03 2010 No, but that's not what lastlogin is supposed to do. lastlogin will only print information about the last login, which means it will only list the FTP login. > <snip> >=20 > 4) the misc/screen port appears to be broken: > <snip> Are you sure your ports tree is up-to-date? --=20 Ed Schouten <ed@80386.nl> WWW: http://80386.nl/ --QIE8wBgbk5Wqyq1O Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAktnZIAACgkQ52SDGA2eCwVCzwCdF8Ne+XW8VjpIceuiLKssd89m FF8AmwaHEY4f4PoNmIyIWWf7ub+J/Wn5 =5vlF -----END PGP SIGNATURE----- --QIE8wBgbk5Wqyq1O--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100201233216.GL77705>