Solved

restarting Lastlog and wtmp

Posted on 1997-12-19
4
639 Views
Last Modified: 2006-11-17
I have somehow corrupted my last login information so I can't find out who has been logging in and who is currently online.  How do I restart those logs so that they won't be corrupted anymore?
0
Comment
Question by:straznp
4 Comments
 
LVL 4

Expert Comment

by:jetx
ID: 1634869
goto /etc/rc.d and pico all the system file.. find Lastlog and wtmp then restart the file by doing ./file

jetx
0
 

Author Comment

by:straznp
ID: 1634870
I've tried that already, no luck.  So here is a detailed list of things that I have done.

Deleted /var/log/lastlog and /var/log/wtmp altogether.  Touched them again and started syslog.  No luck.  Removed /var/run/utmp and the other and restarted, still no luck.  Created a cron job to remove them and restart, still no luck.  I'm just not sure how these are still corrupted after I restart them.  I'm starting to think it would be a good time to start some source code analysis.
0
 
LVL 1

Accepted Solution

by:
ajaro earned 50 total points
ID: 1634871
First, try to check wheather wtmp&utm&lastlog files are correctly created. There should be:
  -rw-r--r-- 1 root root  0 <date> lastlog
  lrwxrwxrwx 1 root root 13 <date> utmp -> /var/run/utmp
  (-rw-r--r-- 1 root root  0 <date> utmp)
  -rw-r--r-- 1 root root  0 <date> wtmp

then check /etc/rc.d/rc.inet2 for line:
"${NET}/syslogd" and "${NET}/klogd"
uncomment them.
Reboot system.

If it still doesn't work that could possibly be syslogd version demaged. Check out wheather other loging activities are made propertly. (/etc/syslog.conf and /var/adm/* log files).

At last try recompiling kernel (check /usr/include/sys/utmp.h).



0
 

Expert Comment

by:grmbl
ID: 1634872
Before changing your rc.inet2 and compiling your kernel try this:

'echo > /var/run/utmp'

(or where ever your utmp is located)
and do:

'echo > /var/log/wtmp'

the tables are then reset.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now