restarting Lastlog and wtmp

I have somehow corrupted my last login information so I can't find out who has been logging in and who is currently online.  How do I restart those logs so that they won't be corrupted anymore?
straznpAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jetxCommented:
goto /etc/rc.d and pico all the system file.. find Lastlog and wtmp then restart the file by doing ./file

jetx
0
straznpAuthor Commented:
I've tried that already, no luck.  So here is a detailed list of things that I have done.

Deleted /var/log/lastlog and /var/log/wtmp altogether.  Touched them again and started syslog.  No luck.  Removed /var/run/utmp and the other and restarted, still no luck.  Created a cron job to remove them and restart, still no luck.  I'm just not sure how these are still corrupted after I restart them.  I'm starting to think it would be a good time to start some source code analysis.
0
ajaroCommented:
First, try to check wheather wtmp&utm&lastlog files are correctly created. There should be:
  -rw-r--r-- 1 root root  0 <date> lastlog
  lrwxrwxrwx 1 root root 13 <date> utmp -> /var/run/utmp
  (-rw-r--r-- 1 root root  0 <date> utmp)
  -rw-r--r-- 1 root root  0 <date> wtmp

then check /etc/rc.d/rc.inet2 for line:
"${NET}/syslogd" and "${NET}/klogd"
uncomment them.
Reboot system.

If it still doesn't work that could possibly be syslogd version demaged. Check out wheather other loging activities are made propertly. (/etc/syslog.conf and /var/adm/* log files).

At last try recompiling kernel (check /usr/include/sys/utmp.h).



0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
grmblCommented:
Before changing your rc.inet2 and compiling your kernel try this:

'echo > /var/run/utmp'

(or where ever your utmp is located)
and do:

'echo > /var/log/wtmp'

the tables are then reset.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.