HPE Community
Operating System - HP-UX
1753511 Members
5054 Online
108795 Solutions
New Discussion юеВ

last command

 
SOLVED
Go to solution
Mani Pushpanathan
Occasional Contributor

тАО10-13-2005 02:44 AM

тАО10-13-2005 02:44 AM

last command

The output from last command is
wtmp begins Thu Oct 13 22:32

It doesn't show me all the logon connections. I'm on HPUX 11i. Can someone tell me what's wrong?
0 Kudos
8 REPLIES 8
MarkSyder
Honored Contributor

тАО10-13-2005 02:47 AM

тАО10-13-2005 02:47 AM

Re: last command

Someone has nulled the wtmp file, probably because it was too large.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
0 Kudos
Mel Burslan
Honored Contributor

тАО10-13-2005 02:50 AM

тАО10-13-2005 02:50 AM

Re: last command

check your crontab. More often than not, I have seen previous sysadmins put a daily/weekly job to zero out the wtmp file just because there are too many entries in it gets accumulated.

Also keep in mind that, sometimes this file gets corrupted and there is no other recovery than zeroing it out.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Michael Jorgensen
Esteemed Contributor

тАО10-13-2005 11:55 AM

тАО10-13-2005 11:55 AM

Re: last command

Mani,

The fact that it is saying that wtmp begins on today's (well at least your post date) date means that something has wiped out the history of logins on your host.

wtmp is the file where this information is stored and last is telling you that the file only started today... that's why you don't see anything.
0 Kudos
Mani Pushpanathan
Occasional Contributor

тАО10-13-2005 01:26 PM

тАО10-13-2005 01:26 PM

Re: last command

Guys
Its true that I nulled the file yesterday because prior to that I was still getting no output from the command although I've done numerous logins earlier. This morning, the output shows a different date and nothing else. Pretty strange. see below

# ls -l w*
-rw-rw-r-- 1 adm adm 11761 Oct 14 09:02 wtmp
-rw------- 1 root sys 280 Sep 16 16:19 wtmpx
# last

wtmp begins Sat Sep 21 20:47
0 Kudos
Arunvijai_4
Honored Contributor

тАО10-13-2005 03:57 PM

тАО10-13-2005 03:57 PM

Re: last command

Try to check any cron jobs are running in the system. what does your lastb command show ? Just curious to know..

[I have assigned points to 0 of 16 responses to my questions.] Make it 16/16 and you will get more replies.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Muthukumar_5
Honored Contributor

тАО10-13-2005 07:05 PM

тАО10-13-2005 07:05 PM

Solution

Re: last command

Just do check points as,

a) permission of /var/adm directory

# ls -ld /var/adm
drwxr-xr-x 12 adm adm 8192 Oct 14 00:39 /var/adm

b) # ls -l wtmp
-rw-rw-rw- 1 adm adm 420 Oct 14 00:49 wtmp

Next level:

# mv /var/adm/wtmp /var/adm/wtmp.old
# touch /var/adm/wtmp
# chmod 664 /var/adm/wtmp

Try with new (few) logins and audit it.

# last -f /var/adm/wtmp

If it is not working then,

# uname -a
# what `which login`

Post this.

hth.
# chown adm:adm /var/adm/wtmp
Easy to suggest when don't know about the problem!
0 Kudos
Mei Jiao
Respected Contributor

тАО10-13-2005 07:38 PM

тАО10-13-2005 07:38 PM

Re: last command

Hi Mani,

Yes, please try this:
# mv /var/adm/wtmp /var/adm/wtmp.old
# touch /var/adm/wtmp
# chmod 664 /var/adm/wtmp
# chown adm:adm /var/adm/wtmp

Try login and run command "last" again to see how.

BR,
Mei
0 Kudos
Mani Pushpanathan
Occasional Contributor

тАО10-13-2005 07:56 PM

тАО10-13-2005 07:56 PM

Re: last command

Thks Muthukumar. It works now.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.