Hi Friends,
Learning Linux is now more exciting to me, I stay very happy when i learn any new thing about UNIX systems.sharing the same with you my friends, please add more in this if find me correct or incorrect so that we all can share better with everyone and understand more about UNIX system and working on it.
Reading files with cat, vi and more depends only upon the type of file which we want to check or read or see. So it is best to check the type of file with "file --name of the file-- ".
#file /var/log/wtmp
wtmp: data
#
so to read it we can try with Command "STRINGS" i.e.
#strings wtmp
but this output doesn't show the output in human readable form. so we can use "last -f" command. like below :- last -f /var/log/wtmp
we can also redirect this output to /tmp or desired location. and can then read this file properly.
-----
-----
wtmp file carries login details, reboot or system boot details with timings, terminals detail, with format of Day, Date, Time, System Crash/ Went Down/Made reboot.
utmp , wtmp carries login records and it also depends on type of programs using utmp logging as not all programs uses utmp logging.
utmp can be found in
/var/log/utmp
/var/run/utmp
btmp file carries login details, attaching the output in text file so that it can be read.
again
last -f "/var/log/btmp" ---- will give output in detail and can be redirected to any desired path.
attaching the o/p below :-
[root@localhost log]# last -f btmp
(unknown tty1 :0 Fri Mar 28 13:29 gone - no logout
ROOTEST1 tty7 :0 Wed Mar 26 20:28 gone - no logout
ROOTTEST tty7 :0 Wed Mar 26 20:25 - 20:28 (00:03)
test123 tty7 :0 Wed Mar 26 20:15 - 20:25 (00:10)
harish tty1 :0 Tue Mar 11 06:48 - 13:29 (17+06:41)
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 gone - no logout
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 - 05:29 (00:00)
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 - 05:29 (00:00)
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 - 05:29 (00:00)
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 - 05:29 (00:00)
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 - 05:29 (00:00)
-============================================
btmp begins Sun Mar 2 02:09:17 2014
[root@localhost log]# last -f wtmp
root pts/1 :0.0 Tue Apr 1 07:42 still logged in
root pts/0 :0.0 Tue Apr 1 07:38 still logged in
root tty1 :0 Tue Apr 1 07:34 still logged in
reboot system boot 2.6.32-358.el6.x Tue Apr 1 07:33 - 07:43 (00:09)
root pts/0 :0.0 Mon Mar 31 23:49 - down (00:30)
root tty1 :0 Mon Mar 31 23:48 - down (00:30)
reboot system boot 2.6.32-358.el6.x Mon Mar 31 23:48 - 00:19 (00:31)
root pts/2 :0.0 Sun Mar 30 11:38 - 11:38 (00:00)
==================================
[root@localhost Desktop]# last -f /var/log/wtmp > /tmp/wtmpMarch.txt
[root@localhost Desktop]# ls -ld /tmp/wtmpMarch.txt
-rw-r--r-- 1 root root 12435 Apr 3 08:36 /tmp/wtmpMarch.txt
[root@localhost Desktop]#
[root@localhost Desktop]# less /tmp/wtmpMarch.txt
[root@localhost Desktop]# tail -4 /tmp/wtmpMarch.txt
reboot system boot 2.6.32-358.el6.x Sat Feb 8 23:42 - 23:49 (00:07)
reboot system boot 2.6.32-358.el6.x Sat Feb 8 23:40 - 23:41 (00:01)
wtmp begins Sat Feb 8 23:40:05 2014
[root@localhost Desktop]#
Love Sharing
Amit Chopra
Learning Linux is now more exciting to me, I stay very happy when i learn any new thing about UNIX systems.sharing the same with you my friends, please add more in this if find me correct or incorrect so that we all can share better with everyone and understand more about UNIX system and working on it.
Reading files with cat, vi and more depends only upon the type of file which we want to check or read or see. So it is best to check the type of file with "file --name of the file-- ".
#file /var/log/wtmp
wtmp: data
#
so to read it we can try with Command "STRINGS" i.e.
#strings wtmp
but this output doesn't show the output in human readable form. so we can use "last -f" command. like below :- last -f /var/log/wtmp
we can also redirect this output to /tmp or desired location. and can then read this file properly.
-----
-----
wtmp file carries login details, reboot or system boot details with timings, terminals detail, with format of Day, Date, Time, System Crash/ Went Down/Made reboot.
utmp , wtmp carries login records and it also depends on type of programs using utmp logging as not all programs uses utmp logging.
utmp can be found in
/var/log/utmp
/var/run/utmp
btmp file carries login details, attaching the output in text file so that it can be read.
again
last -f "/var/log/btmp" ---- will give output in detail and can be redirected to any desired path.
attaching the o/p below :-
[root@localhost log]# last -f btmp
(unknown tty1 :0 Fri Mar 28 13:29 gone - no logout
ROOTEST1 tty7 :0 Wed Mar 26 20:28 gone - no logout
ROOTTEST tty7 :0 Wed Mar 26 20:25 - 20:28 (00:03)
test123 tty7 :0 Wed Mar 26 20:15 - 20:25 (00:10)
harish tty1 :0 Tue Mar 11 06:48 - 13:29 (17+06:41)
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 gone - no logout
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 - 05:29 (00:00)
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 - 05:29 (00:00)
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 - 05:29 (00:00)
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 - 05:29 (00:00)
root ssh:notty 175.125.29.35 Sun Mar 2 05:29 - 05:29 (00:00)
-============================================
btmp begins Sun Mar 2 02:09:17 2014
[root@localhost log]# last -f wtmp
root pts/1 :0.0 Tue Apr 1 07:42 still logged in
root pts/0 :0.0 Tue Apr 1 07:38 still logged in
root tty1 :0 Tue Apr 1 07:34 still logged in
reboot system boot 2.6.32-358.el6.x Tue Apr 1 07:33 - 07:43 (00:09)
root pts/0 :0.0 Mon Mar 31 23:49 - down (00:30)
root tty1 :0 Mon Mar 31 23:48 - down (00:30)
reboot system boot 2.6.32-358.el6.x Mon Mar 31 23:48 - 00:19 (00:31)
root pts/2 :0.0 Sun Mar 30 11:38 - 11:38 (00:00)
==================================
[root@localhost Desktop]# last -f /var/log/wtmp > /tmp/wtmpMarch.txt
[root@localhost Desktop]# ls -ld /tmp/wtmpMarch.txt
-rw-r--r-- 1 root root 12435 Apr 3 08:36 /tmp/wtmpMarch.txt
[root@localhost Desktop]#
[root@localhost Desktop]# less /tmp/wtmpMarch.txt
[root@localhost Desktop]# tail -4 /tmp/wtmpMarch.txt
reboot system boot 2.6.32-358.el6.x Sat Feb 8 23:42 - 23:49 (00:07)
reboot system boot 2.6.32-358.el6.x Sat Feb 8 23:40 - 23:41 (00:01)
wtmp begins Sat Feb 8 23:40:05 2014
[root@localhost Desktop]#
Love Sharing
Amit Chopra
No comments:
Post a Comment