HPE Community
Operating System - Linux
1756613 Members
2805 Online
108848 Solutions
New Discussion юеВ

Re: wtmps access

 
Pradeep Singh
New Member

тАО07-14-2005 10:49 AM

тАО07-14-2005 10:49 AM

wtmps access

How can I access /var/adm/wtmps programatically ? I have tried the structure in utmps.h and also getutsent() functions, but no valid entries are reported.

Is there any other way to get the same output as the "last" command but with the "YEAR" information in the date field ?

Any help will be appreciated.
0 Kudos
Reply
7 REPLIES 7
Tom Schroll
Frequent Advisor

тАО07-15-2005 12:37 AM

тАО07-15-2005 12:37 AM

Re: wtmps access


Do you mean /var/adm/wtmp or /var/adm/wtmpx? I don't seem to see any /var/adm/wtmps file.

Please clarify.

Thanks...

-- Tom
If it ain't broke, it needs optimized.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО07-15-2005 12:54 AM

тАО07-15-2005 12:54 AM

Re: wtmps access

The year information is NOT stored in the wtmp or btmp files.

You should periodically clear out the files so you KNOW exactly when someone logged in.

0 Kudos
Reply
Devender Khatana
Honored Contributor

тАО07-16-2005 01:15 AM

тАО07-16-2005 01:15 AM

Re: wtmps access

Hi Pradeep,

The system auditing requires to be carried out periodically & these logs should be cleared out alongwith that. Otherwise also viewing a information older than few months did not achive much.

If still you require you utilize this information for that than all your entries are visible in the output in descending order sorted by date. So you should be easily able to differentiate in multiple entries of same month in two different years.

HTH,
Devender

Impossible itself mentions "I m possible"
0 Kudos
Reply
Ermin Borovac
Honored Contributor

тАО07-17-2005 03:50 PM

тАО07-17-2005 03:50 PM

Re: wtmps access

wtmps is used on 11.23 so I assume that you are running that version of hp-ux. /usr/sbin/acct/fwtmp will show you year and number of seconds since epoch so you can try it. -X option is required to read wtmps style records.

$ /usr/sbin/acct/fwtmp -X < /var/adm/wtmps
system boot 0 2 0000 0000 1115882951 0 May 12 07:29:11 2005
0
...
0 Kudos
Reply
Pradeep Singh
New Member

тАО07-18-2005 03:24 AM

тАО07-18-2005 03:24 AM

Re: wtmps access

Thanks everyone for responding.

It seems that /var/adm/wtmp and wtmpx will be obsolete in future releases of HPUX. The new file is /var/adm/wtmps. I can get the last login information using /usr/sbin/acct/fwtmp as suggested by Ermin. Iam curious as to which data structure is used to store entries in this file. I have a small C program which takes out the last entry ( on Solaris and AIX ) and sends it to server for reporting and it would be easy to just use the new data structure.

0 Kudos
Reply
Ermin Borovac
Honored Contributor

тАО07-18-2005 12:17 PM

тАО07-18-2005 12:17 PM

Re: wtmps access

I believe that getuts(3C) routines are for accessing utmps. If you'd like to read wtmps you can use bwtmps(3C) functions. man 3C bwtmps for more information.

Here is a sample C program that should work.

#include
#include

int main()
{
struct utmps *wtmps;

bwtmpname(WTMPS_FILE);

while ((wtmps = getbwent(sizeof(struct utmps))) != NULL) {
printf("%-8.8s %-12.12s %5ld %2hd %lu %s\n",
wtmps->ut_user,
wtmps->ut_line,
wtmps->ut_pid,
wtmps->ut_type,
wtmps->ut_tv.tv_sec,
wtmps->ut_host
);
}
}
0 Kudos
Reply
Pradeep Singh
New Member

тАО07-19-2005 03:29 AM

тАО07-19-2005 03:29 AM

Re: wtmps access

Right on the button Ermin. This is exactly what I wanted. Thanks a Lot.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.