I need information from "last", but most of it is gone! (Old Sco Unix)
(SCO) The default root crontab cleans out /usr/adm/sulog, /etc/wtmp and /etc/wtmpx on Sunday mornings. The script that does this is /etc/cleanup.
(Linux) Logrotate does the cleaning, so modify /etc/logrotate.conf.
(BSD) uses "newsyslog".
But if system accounting is on, "runacct" does this.
If your machine is used at the time this script is run, you will want to change the time in crontab. If you want more than 1 week's information in these files, you need to change its frequency or take it out all together.
# grep wtmp /etc/cleanup# If accounting isn't enabled, clean up wtmp and wtmpx,
: Do nothing - accounting will clean up wtmp and wtmpx
[ -f /etc/wtmp ] && >/etc/wtmp
[ -f /etc/wtmpx ] && >/etc/wtmpx
.
Having that run on Sunday is not ideal for forensics - "who logged in over the w
weekend?" is not an unusual question.
A good modification might be to output "last" to a file before cleaing it.
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
-> -> (SCO Unix) I need information from 'last', but most of it is gone!
FORTRAN was the language of choice for the same reason that three-legged races are popular. (Ken Thompson)
Skills Tests
Unix/Linux Book Reviews
My Unix/Linux Troubleshooting Book
This site runs on Linode
Sat May 17 05:35:48 2008: 4201 anonymous
Or - rotate utmp/wtmp/wtmpx log files. No logrotate comes with OSR5 so you might want to write a small shell script to suit your purposes. Then use last with -W to specify filename to view a historical wtmp.
------------------------
Printer Friendly Version
Have you tried Searching this site?
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version