I am talking about the messages file not WTMP file The file should contain console messages I think somebody may have deleted it by mistake Regards 3 Replies. Shell Programming and Scripting. I checked the log level in Linux and they seem OK. Is there any other log file that contains the messages or is it just that Linux doesn't log great many things? I have a solaris 10 machine, lately I had a drive error issue so the dmesg command would show a screen full, now that the drive issue is resolved I want to have a fresh start for my dmesg command output.
Check message file and result posted below. Can anyone tell me what this is a sign of, what does it mean? Hi, No log entry is found in messages files. The file size is 0. We are using Solaris 9. Anyone knows what could be wrong. I'm running a Solaris 9 box with Oracle databases on it. RedHat Commands. OpenSolaris Commands. Linux Commands. SunOS Commands.
FreeBSD Commands. Full Man Repository. Reviewing the data in the wtmp log is a basic step in taking a security-minded approach to your system admin duties.
For a typical family computer, it might not be so critical from a security perspective, but it is interesting to be able to review your combined use of the computer.
Unlike many of the text-based log files in Linux, wtmp is a binary file. To access the data within it, we need to use a tool designed for that task. The last command reads data from the wtmp log and displays it in a terminal window. If you type last and press Enter it will display all of the records from the log file. The terminal field is replaced with the kernel version.
The duration of the logged in session for these entries represents the up-time for the computer. Using the last command on its own produces a dump of the entire log with most of it whizzing past the terminal window.
The portion that remains visible is the earliest data in the log. This is probably not what you wanted to see. You can tell last to give you a specific number of lines of output. Note the hyphen. To see five lines, you need to type -5 and not 5 :. Because this gives a neater output with no ugly wraparounds, this option has been used in all of the following examples. If you were using last to try to identify unusual or suspicious activity, you would not suppress this field.
You can use the -s since option to restrict the output to only show login events that took place since a specific date. If you only wanted to see login events that took place from May, 26th , you would use the following command:. The output shows records with login events that took place from the time on the specified day, up to the newest records in the log file.
You can use the -t until to specify an end date. This allows you to select a set of login records that took place between two dates of interest. This command asks last to retrieve and display the login records from dawn on the 26th up to the time dawn on the 27th.
This narrows the listing down to login sessions that took place on the 26th only. The different time formats that can be used with the last options that use dates and times are allegedly :. The second and third formats in the list did not work during the research for this article.
These commands were tested on Ubuntu, Fedora, and Manjaro distributions. These are derivatives of the Debian, RedHat and Arch distributions, respectively. That covers all of the main families of Linux distribution. Using the first date and time format from the list with the same date and times as the previous command does return records:. You also specify time periods that are measured in minutes or days, relative to the current date and time.
Here we are asking for records from two days ago up until one day ago. Not that this will not include any records for today. That is the expected behavior. The command asks for records from the start date until the end date. This will show all login events right up the present time, including those that are still logged in. The -p present option allows you to find out who was logged in at a point in time. If the computer has not been rebooted since the time you specify it will be listed as still running.
If you use the now shorthand with the -p present option you can find out who is logged in at the time you issue the command. This a somewhat long-winded way to achieve what can be accomplished using the who command.
The lastb command deserves mention. It reads data from a log called btmp. There is a little more consensus on this log name. It accepts the same options as last. Because they were failed login attempts, they entries will all have a duration. Knowing who has logged into your Linux computer, and when, and from where is useful information.
Combining this with the details of failed login attempts arms you with the first steps in investigating suspicious behavior. Use Google Fonts in Word. Customize the Taskbar in Windows What Is svchost. Best Home Theater Systems. Best Smartwatches. Best Gaming Laptops.
0コメント