APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Lengthen SCO 5.0.6 or Linux wtmpx logs


© March 2005 CraigF


Author: CraigF
Date: Tue Mar 29 05:31:12 2005


Subject: Lengthen SCO 5.0.6 wtmpx logs

We required a timestamp on a login from a week ago, and due the amount of logins since then, we only have logs for a couple of days at most.

Thanks,

Craig Foster
fostware@gmail.com

See I need information from "last", but most of it is gone! also.

Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> wtmpx empty (sco and linux)

1 comment


Inexpensive and informative Apple related e-books:

iOS 8: A Take Control Crash Course

Take Control of OS X Server

Take Control of iCloud

Take Control of IOS 11

Take Control of Pages




More Articles by © CraigF






Tue Mar 29 09:55:45 2005: 242   TonyLawrence

gravatar
Because it's cleaned out by a cron job (/etc/cleanup ) that by default runs on Sunday:

# grep wtmp /etc/cleanup
# If accounting isn't enabled, clean up wtmp and wtmpx,
: Do nothing - accounting will clean up wtmp and wtmpx
[ -f /etc/wtmp ] && >/etc/wtmp
[ -f /etc/wtmpx ] && >/etc/wtmpx




(Solaris clears ir with /usr/lib/acct/runacct, Linux systems use logrotate (so change it in /etc/logrotate.conf)

Having that run on Sunday is not ideal for forensics - "who logged in over the wweekend?" is not an unusual question.

A good modification might be to output "last" to a file before cleaing it.

------------------------


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done. (Andy Rooney)




Linux posts

Troubleshooting posts


This post tagged:

Forum



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode





SCO Unix Sales, Support, & Service

Phone:  707-SCO-UNIX (707-726-8649Toll Free: 833-SCO-UNIX (833-726-8649)
www.SCOsales.com