HPE Community
Operating System - HP-UX
1834800 Members
2637 Online
110070 Solutions
New Discussion

Re: track logins

 
Tony500
Advisor

‎09-11-2002 07:29 AM

‎09-11-2002 07:29 AM

track logins

Does anyone know if HPUX 11.* tracks logins and logouts in a file somewhere?
Thanks
You can usually find me at www.constantreader.net
0 Kudos
Reply
12 REPLIES 12
Rodney Hills
Honored Contributor

‎09-11-2002 07:34 AM

‎09-11-2002 07:34 AM

Re: track logins

Do a man on the "last" command.

-- Rod Hills
There be dragons...
0 Kudos
Reply
Tony500
Advisor

‎09-11-2002 07:40 AM

‎09-11-2002 07:40 AM

Re: track logins

I'm looking more for a way to check a specific time range and see if anyone logged on. Is there a log file I can use for that?
You can usually find me at www.constantreader.net
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎09-11-2002 07:41 AM

‎09-11-2002 07:41 AM

Re: track logins

Hi Tony,

Yes in

/etc/utmp -> All users logged in
/var/adm/btmp -> unsuccessful logins
/var/adm/wtmp -> Record of all logins - good & bad

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎09-11-2002 07:42 AM

‎09-11-2002 07:42 AM

Re: track logins

Hi,

Sorry, I'm a dummy....

/var/adm/wtmp -> Record of all logins & logouts.

Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Tony500
Advisor

‎09-11-2002 07:46 AM

‎09-11-2002 07:46 AM

Re: track logins

I need a way to check a specific time range on a specific day and see if anyone logged on.
You can usually find me at www.constantreader.net
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎09-11-2002 07:49 AM

‎09-11-2002 07:49 AM

Re: track logins

The information is in utmp. It is up to you to develop a program or script to select and present it the way you want.

-- Rod Hills
There be dragons...
0 Kudos
Reply
Tony500
Advisor

‎09-11-2002 07:50 AM

‎09-11-2002 07:50 AM

Re: track logins

If I try to more the file, /var/adm/wtmp , its a jumbled mess. Whats the best way to use this file to check a specific time range on a specific day and see if anyone logged on?
You can usually find me at www.constantreader.net
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎09-11-2002 07:58 AM

‎09-11-2002 07:58 AM

Re: track logins

Hi (again) Tony,

Use the /usr/sbin/acct/fwtmp command to write a text file from the binary.
Then you can look it over.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Steve Labar
Valued Contributor

‎09-11-2002 08:00 AM

‎09-11-2002 08:00 AM

Re: track logins

last is the command that reads the wtmp file. And lastb is the command that reads the btmp file. As Rodney pointed out, you will need to write your own utility to format the information as you need it.

Good Luck.

Steve
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎09-11-2002 08:01 AM

‎09-11-2002 08:01 AM

Re: track logins

I would pipe the output from "last" into a perl script that would parse the information and setup memory tables that would map day/time snapshots to users logged in.

If you don't know perl, then you could develop whatever programming/scripting language you are comfortable with.

-- Rod Hills
There be dragons...
0 Kudos
Reply
Deshpande Prashant
Honored Contributor

‎09-11-2002 08:01 AM

‎09-11-2002 08:01 AM

Re: track logins

HI
Try using fwtmp command.

Check following thread.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x16268f960573d611abdb0090277a778c,00.html

thanks.
Prashant.
Take it as it comes.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎09-11-2002 08:48 AM

‎09-11-2002 08:48 AM

Re: track logins

Hi Tony,

If manipulating the output of last doesn't give you what you're looking for then you may need to write a program that can read the wtmp file. As you've found it's a binary file - the utmp(4) man page gives the file structure.

Alternatively, if you need to have this functionality in the future you could consider using auditing on the login event. You will need to trust your system for this - there's many threads on trusting/auditing.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.