HPE Community
Operating System - HP-UX
1831213 Members
2743 Online
110021 Solutions
New Discussion

System Log files

 
Yajuvendra Singh
Advisor

‎07-17-2006 11:13 PM

‎07-17-2006 11:13 PM

System Log files

Dear All,

I want to find out the complete list of system login details either it is from console or from remote.

Please let me know how to find out.

Thanks in advance.
0 Kudos
6 REPLIES 6
spex
Honored Contributor

‎07-17-2006 11:15 PM

‎07-17-2006 11:15 PM

Re: System Log files

Hi,

# last | more

PCS
0 Kudos
Steven E. Protter
Exalted Contributor

‎07-17-2006 11:22 PM

‎07-17-2006 11:22 PM

Re: System Log files

Shalom,

lastbjavascript:postAnswerSubmit('submit');
Submit shows bad logins.

the files they come from:

/var/adm/syslog/wtmp (last)
/var/adm/syslog/btmp (lastb)

The -R parameter on either command will show the source of the login by IP address.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎07-17-2006 11:40 PM

‎07-17-2006 11:40 PM

Re: System Log files

Hi:

In addition to the 'wtmp' and 'btmp' files which can be examined with 'last' and 'lastb' respectively, you should also examine the switch-user ('su') log:

# /var/adm/sulog

You will see entries that look like:

SU 07/17 11:00 - ttyp3 jrf-root
SU 07/17 11:01 + ttyp3 jrf-root

...a "-" indicates failure; a "+" signals success. The direction of the switch is shown as the last field.

Regards!

...JRF...
0 Kudos
spex
Honored Contributor

‎07-17-2006 11:41 PM

‎07-17-2006 11:41 PM

Re: System Log files

In the output from 'last', the first column is username, the second is the tty, the third contains login and logout timestamps, and the fourth is the session duration. If you enable the '-R' switch, the hostname of the incoming session is displayed in the third column.

On my systems (not sure if this is the same everywhere), a tty name of the form 'pts/0', 'pts/1', etc. indicates that the user logged in via ssh, while 'pts/ta', 'pts/tb', etc. indicates telnet. Examples of other tty names include 'console', 'remshd', and 'ftp'.

If you want to filter the output of 'last', you can specify a username or tty after the command. For example, 'last root' will show you logins for root, and 'last pts/0' will show logins on '/dev/pts/0'. 'lastb' behaves the same as 'last', except it displays invalid login attempts.

PCS
0 Kudos
Peter Godron
Honored Contributor

‎07-17-2006 11:51 PM

‎07-17-2006 11:51 PM

Re: System Log files

If you just want to see who is currently logged on:
who -u
0 Kudos
Yajuvendra Singh
Advisor

‎07-18-2006 12:44 AM

‎07-18-2006 12:44 AM

Re: System Log files

Hi All,

Thanks for sharing so much valuable information.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.