Hello Vincent, * Vincent Poy <vincepoy_at_gmail.com> wrote: > I just updated to a January 31, 2010 -CURRENT from a -CURRENT prior to the > above change and have a few questions and issues: > > 1) What's the correct way to use wtmpcvt(1) as the usage is wtmpcvt oldfile > newfile > out of the utmp, wtmp, lastlog, the utmp is not important as that's > basically the current logins. wtmp is not important either as that's just > the recent monthly logins. What is the correct procedure to convert lastlog > as that is basically the database that showed when the last time a user > logged on to the system so that when using lastlogin or finger, it will > showed when the person last logged in? > > I've tried wtmpcvt /var/log/lastlog /var/log/utx.lastlogin after backing up > /var/log/utx.lastlogin but when I ran lastlogin, it was all blank. Right now there is no way to convert lastlog files. The point is that unlike you mentioned, the wtmp is actually the only important log file. All information could in theory be derived from it. You could convert wtmp files and use last -f to scroll through history to figure out when someone logged in. From an administrative point of view, you just want to be able to inspect log files in case it turns out a couple of months earlier something bad happened with your system (getting hacked, etc). lastlog is a nice feature, but it should just be considered being a bonus. Using wtmpcvt(1) on non-wtmp files will indeed generate unreadable data files. > 2) I noticed that for last for ftp sessions, it will not show it as a ftp > session like how the previous utmp did even though w now shows the session > when it's still connected, not sure if this is really a bad thing unless ftp > isn't the only way to not use a tty. It seems finger now will report the > last login session which previously was only for tty sessions. > > <snip> I have been thinking about possibly extending the utmpx interface to include an application name string for login entries, like "sshd" or "ftpd". > 3) I noticed that it seems the system in the w, who, finger, last, > lastlogin output is not recognizing additional sessions of the same user on > a new tty if they are already logged in such as this example. I am already > logged in as vince on ptys/0 so I login again as vince on ptys/1: > <snip> This is very odd. Could you try debugging this a bit more? In order to ease debugging, I extended the getent command. You should be able to use the following commands: - getent utmpx active Get list of active sessions (`utmp') - getent utmpx log Get list of log entries (`wtmp') - getent utmpx lastlogin Get list of last login entries (`lastlog') When you log in, it should add a "user process" entry to the active sessions database, append the same entry to the log and overwrite the lastlogin entry for the corresponding user. An advantage of these commands is that they just perform a raw dump of the data on screen, instead of having many forms of unwanted processing on top. > lastlogin shows only the last ftp session but not acknowledging that the > current ptys/1 session as the ptys/0 session is still active. > vince_at_bigbang [2:44pm][~] >> lastlogin > vince solar Mon Feb 1 14:20:03 2010 No, but that's not what lastlogin is supposed to do. lastlogin will only print information about the last login, which means it will only list the FTP login. > <snip> > > 4) the misc/screen port appears to be broken: > <snip> Are you sure your ports tree is up-to-date? -- Ed Schouten <ed_at_80386.nl> WWW: http://80386.nl/
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:00 UTC