HPE Community
Operating System - HP-UX
1834839 Members
3067 Online
110070 Solutions
New Discussion

Re: how do I know the year of dates in the output of "last" command

 
Hanry Zhou
Super Advisor

‎12-09-2004 10:43 AM

‎12-09-2004 10:43 AM

how do I know the year of dates in the output of "last" command

Some of lines withing the output definitely are not year 2004, but it did not specify which year. Is there anyway to find oout?
none
0 Kudos
Reply
8 REPLIES 8
Patrick Wallek
Honored Contributor

‎12-09-2004 11:11 AM

‎12-09-2004 11:11 AM

Re: how do I know the year of dates in the output of "last" command

Not that I know of.
0 Kudos
Reply
c_51
Trusted Contributor

‎12-09-2004 11:14 AM

‎12-09-2004 11:14 AM

Re: how do I know the year of dates in the output of "last" command

last is a representation of the data in wtmp. and you can view the data in wtmp by using fwtmp.

might not be exactly what your looking for, but cat /etc/wtmp | /usr/sbin/acct/fwtmp will give you the year.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-09-2004 11:18 AM

‎12-09-2004 11:18 AM

Re: how do I know the year of dates in the output of "last" command

last (and lastb) do not show the year although it is included in the wtmp (and btmp) entries. You'll have to use /usr/sbin/acct/fwtmp to decode the binary file and see the year. However, I would setup a logfile archive to prevent multi-year logs. Most of the data that is more than a year old is never used.


Bill Hassell, sysadmin
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

‎12-09-2004 05:09 PM

‎12-09-2004 05:09 PM

Re: how do I know the year of dates in the output of "last" command


If you do not want to go to wtmp, then you can compare the current day with the 'last' day and assume that any 'future' time is in fact in the paste, and claim it to be last year.

FOr an example of this, see my response in:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=726662

hth,
Hein.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎12-09-2004 06:43 PM

‎12-09-2004 06:43 PM

Re: how do I know the year of dates in the output of "last" command

The output of this command:

strings /var/adm/wtmp

Will give you some information as to the year of the log entries.

This system probably isn't very busy or has never had a log rotation if you've got data that old in it.

Its a very good idea to trim the logs once in a while. On my light duty systems, the following command is run on logs once a month in cron.

> /var/adm/wtmp
> /var/adm/btmp

...

other log files

Just a part of the housekeeping we have to do.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
MarkSyder
Honored Contributor

‎12-09-2004 06:46 PM

‎12-09-2004 06:46 PM

Re: how do I know the year of dates in the output of "last" command

Why do you want data over a year old in your wtmp file?

Trim it regularly to stop /var from filling!

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
0 Kudos
Reply
Hanry Zhou
Super Advisor

‎12-10-2004 02:24 AM

‎12-10-2004 02:24 AM

Re: how do I know the year of dates in the output of "last" command

The customer wanted to list the LATEST login ONLY for all users on the system. So, I used "last -1" command on all user id's in /etc/passwd file. I expect it will give me what the customer wants. However, I found the date it shows don't include the year. It shows November, for instance, but it is not of 2004!

Did last -1 really give the latest login? and what if I wanted to add the year in each last -1 output.

As some of you suggested, fwtmp/strings would show me the year, but it is not really what I want. I just want find out the LATEST login, including MM/DD/YY.

Thanks,
none
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-10-2004 04:27 AM

‎12-10-2004 04:27 AM

Re: how do I know the year of dates in the output of "last" command

The easiest way to get this information is with getprpw (but only on Trusted systems):

/usr/lbin/getprpw -m slogint,ulogint

This will show last successful login and last unsuccessful login, complete date including year. It's the information shown during a login. The man page for getprwpw is only on 11.11 systems but you can find it at docs.hp.com. For a non-trusted system, you'll have to use fwtmp.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.