Linux log file utmp, wtmp, lastlog, messages
https://www.cnblogs.com/zhuiluoyu/p/6874255.html
1, about the currently logged-on user's information is recorded in the file utmp; == who commands
2, log entry and exit records in the file wtmp; == w command
3, the last time the log file can be viewed with the lastlog command;
4, messages = ===== record information from the syslog
Note: wtmp and utmp files are binary files, they can not be cut and paste commands such as tail or merge (using the cat command). Users
need to use who, w, users, last, and ac to utilize the information contained in these two documents.
Examples:
Last command searches backwards to show the wtmp file for the first time since the creation of the user logged
users print with a single line of the currently logged in user, each user name displayed corresponds to a login session
w command to query utmp file and displays the current system, each user and process information which it runs
every user who command to query utmp file and reports the current logged-
ac command to report the time the user link based on the current / var / log / wtmp file Log entry and exit (h)
utmp file that records each user currently logged into the system;
a binary record has the following structure written in these two documents:
struct utmp {
char ut_line [. 8]; / * TTY Line: "ttyh0", " ttyd0 to refer "," ttyp0 ", ... * /
char ut_name [. 8]; / * Login name * /
Long ut_time; / * Operating since seconds The Epoch * /
};
Login, login procedure to fill such a structure, and then written to the utmp file, it will also Tianxie to wtmp file. When you log off, init process the corresponding records utmp file erasure (each byte are filled with 0), and a new record Tianxie to wtmp file. The write-off record read wtmp file, which ut_name field is cleared to 0. At system restart, and change the system time and date of the front and rear, are Tianxie special entries in wtmp file. who (1) utmp file read program, and print the contents readable format. Later versions of UNIX provide last (1) command, which reads wtmp file and prints the selected record. wtmp file, which track individual login and logout events.
wted
wtmp / utmp log editing program. You can use this tool to edit all wtmp or utmp file types.
Z2
utmp / wtmp / lastlog log cleaning tools. You can delete utmp / wtmp / lastlog log file of all entries for a user name. However, if a Linux system requires manually modify the source code, the installation position of the log file.
1, about the currently logged-on user's information is recorded in the file utmp; == who commands
2, log entry and exit records in the file wtmp; == w command
3, the last time the log file can be viewed with the lastlog command;
4, messages = ===== record information from the syslog
Note: wtmp and utmp files are binary files, they can not be cut and paste commands such as tail or merge (using the cat command). Users
need to use who, w, users, last, and ac to utilize the information contained in these two documents.
Examples:
Last command searches backwards to show the wtmp file for the first time since the creation of the user logged
users print with a single line of the currently logged in user, each user name displayed corresponds to a login session
w command to query utmp file and displays the current system, each user and process information which it runs
every user who command to query utmp file and reports the current logged-
ac command to report the time the user link based on the current / var / log / wtmp file Log entry and exit (h)
utmp file that records each user currently logged into the system;
a binary record has the following structure written in these two documents:
struct utmp {
char ut_line [. 8]; / * TTY Line: "ttyh0", " ttyd0 to refer "," ttyp0 ", ... * /
char ut_name [. 8]; / * Login name * /
Long ut_time; / * Operating since seconds The Epoch * /
};
Login, login procedure to fill such a structure, and then written to the utmp file, it will also Tianxie to wtmp file. When you log off, init process the corresponding records utmp file erasure (each byte are filled with 0), and a new record Tianxie to wtmp file. The write-off record read wtmp file, which ut_name field is cleared to 0. At system restart, and change the system time and date of the front and rear, are Tianxie special entries in wtmp file. who (1) utmp file read program, and print the contents readable format. Later versions of UNIX provide last (1) command, which reads wtmp file and prints the selected record. wtmp file, which track individual login and logout events.
wted
wtmp / utmp log editing program. You can use this tool to edit all wtmp or utmp file types.
Z2
utmp / wtmp / lastlog log cleaning tools. You can delete utmp / wtmp / lastlog log file of all entries for a user name. However, if a Linux system requires manually modify the source code, the installation position of the log file.