NetBSD Problem Report #5686
Received: (qmail 17314 invoked from network); 1 Jul 1998 17:11:25 -0000
Message-Id: <199807011711.TAA06745@dr.zook.pilhuhn.de>
Date: Wed, 1 Jul 1998 19:11:06 +0200 (MEST)
From: "Heiko W.Rupp" <hwr@pilhuhn.de>
Reply-To: hwr@pilhuhn.de
To: gnats-bugs@gnats.netbsd.org
Cc: hwr@dr.zook.pilhuhn.de
Subject: wtmp does not log logouts when file is cycled via newsyslog
X-Send-Pr-Version: 3.95
>Number: 5686
>Category: bin
>Synopsis: wtmp does not log logouts when file is cycled via newsyslog
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jul 01 10:20:01 +0000 1998
>Closed-Date:
>Last-Modified: Mon Jun 05 20:55:13 +0000 2000
>Originator: Heiko W.Rupp
>Release: 1.3.2
>Organization:
private
>Environment:
System: NetBSD dr.zook 1.3.2 NetBSD 1.3.2 (DR.ZOOK) #0: Tue Jun 2 19:07:13 MEST 1998 hwr@dr.zook:/usr/src/sys/arch/i386/compile/DR.ZOOK i386
>Description:
A user logs in. Its login is recorded in wtmp.
Then after some time wtmp is rotated via newsyslog to some wtmp.0.gz
When user logs out, there is no trace (at least not visible with
'last'
Thus you can see the login time by using
$ gzcat wtmp.0.gz > foo
$ last -f foo
In this case the user is reported as 'still logged in'
but
$ last
will not show the logout time.
>How-To-Repeat:
snert# pwd
/var/log
snert# last
uselx ttyp8 sun-ks.xxx.net Tue Jun 30 16:01 - 16:09 (00:07)
hwr ftp tp71.rz.xxxxxxxx Tue Jun 30 15:55 - 16:01 (00:06)
hwr ftp tp71.rz.xxxxxxxx Tue Jun 30 10:01 - 10:08 (00:06)
wtmp begins Tue Jun 30 10:01
snert# gzcat wtmp.0.gz > foo
snert# last -f foo
neo ttyp7 andrea.xxxxxxxxx Mon Jun 29 16:31 still logged in
neo ttyp6 andrea.xxxxxxxxx Mon Jun 29 10:01 still logged in
neo ttyp7 andrea.xxxxxxxxx Fri Jun 26 09:29 - 18:13 (08:44)
hwr ftp tp70.rz.xxxxxxxx Wed Jun 24 16:48 - 17:08 (00:19)
wtmp begins Wed Jun 24 16:48
>Fix:
Hm. write to wtmp.0.gz :-)
>Release-Note:
>Audit-Trail:
From: woods@most.weird.com (Greg A. Woods)
To: hwr@pilhuhn.de
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: bin/5686: wtmp does not log logouts when file is cycled via newsyslog
Date: Wed, 1 Jul 1998 15:11:19 -0400 (EDT)
[ On Wed, July 1, 1998 at 19:11:06 (+0200), Heiko W.Rupp wrote: ]
> Subject: bin/5686: wtmp does not log logouts when file is cycled via newsyslog
>
>
> A user logs in. Its login is recorded in wtmp.
> Then after some time wtmp is rotated via newsyslog to some wtmp.0.gz
> When user logs out, there is no trace (at least not visible with
> 'last'
>
> Thus you can see the login time by using
> $ gzcat wtmp.0.gz > foo
> $ last -f foo
>
> In this case the user is reported as 'still logged in'
>
> but
>
> $ last
>
> will not show the logout time.
The report format for 'last' doesn't really lend itself well to showing
logouts that have no corresponding login, thus it simply ignores
un-matched logout records. I suppose it could use something like the
following (though people who parse the output of 'last' may get upset at
such a change):
snert# last
uselx ttyp8 sun-ks.xxx.net Tue Jun 30 16:01 - 16:09 (00:07)
hwr ftp tp71.rz.xxxxxxxx Tue Jun 30 15:55 - 16:01 (00:06)
hwr ftp tp71.rz.xxxxxxxx Tue Jun 30 10:01 - 10:08 (00:06)
neo ttyp7 andrea.xxxxxxxxx (no start) - Jun 29 16:31
neo ttyp6 andrea.xxxxxxxxx (no start) - Jun 29 10:01
wtmp begins Tue Jun 30 10:01
(Of course people who try to parse the output of 'last' are probably
getting what they're asking for anyway -- they shouldn't even try as
there are much better ways to generate parsable login accounting
records. There are many other problems with BSD login accounting that
should be solved long before this problem with 'last' is tackled. ;-)
If you're going to go to the trouble of uncompressing and looking
through archived copies of wtmp then you should concatenate them all
together so that you get a complete picture right up to the time you're
concerned with:
$ gzcat wtmp.1.gz wtmp.0.gz | cat - wtmp > foo
$ last -f foo
Now you'll have a complete trace of all wtmp records from back from
where you want to begin (wtmp.1 in this example) all the way up to the
point you're interested in (the current moment in this example).
--
Greg A. Woods
+1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
From: "Heiko W.Rupp" <hwr@pilhuhn.de>
To: "Greg A. Woods" <woods@weird.com>
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: bin/5686: wtmp does not log logouts when file is cycled via newsyslog
Date: Thu, 2 Jul 1998 16:14:09 +0200
On Wed, Jul 01, 1998 at 03:11:19PM -0400, Greg A. Woods wrote:
> [ On Wed, July 1, 1998 at 19:11:06 (+0200), Heiko W.Rupp wrote: ]
> > Subject: bin/5686: wtmp does not log logouts when file is cycled via newsyslog
> un-matched logout records. I suppose it could use something like the
> following (though people who parse the output of 'last' may get upset at
> such a change):
>
> snert# last
> neo ttyp6 andrea.xxxxxxxxx (no start) - Jun 29 10:01
Yes. But this could be used when some command line option is issued.
> If you're going to go to the trouble of uncompressing and looking
This was merly meant as a joke (thus the ':-)') at the end.
> Now you'll have a complete trace of all wtmp records from back from
> where you want to begin (wtmp.1 in this example) all the way up to the
But right - for finding out when a logout was, this is a possible way.
--
See <a href="http://www.netbsd.org">NetBSD</a> for a multiplatform OS
Usenet is "the last uncensored mass medium."
- Steve Crocker (aq817@cleveland.Freenet.Edu)
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.