restarting Lastlog and wtmp

I have somehow corrupted my last login information so I can't find out who has been logging in and who is currently online.  How do I restart those logs so that they won't be corrupted anymore?
straznpAsked:
Who is Participating?
 
ajaroConnect With a Mentor Commented:
First, try to check wheather wtmp&utm&lastlog files are correctly created. There should be:
  -rw-r--r-- 1 root root  0 <date> lastlog
  lrwxrwxrwx 1 root root 13 <date> utmp -> /var/run/utmp
  (-rw-r--r-- 1 root root  0 <date> utmp)
  -rw-r--r-- 1 root root  0 <date> wtmp

then check /etc/rc.d/rc.inet2 for line:
"${NET}/syslogd" and "${NET}/klogd"
uncomment them.
Reboot system.

If it still doesn't work that could possibly be syslogd version demaged. Check out wheather other loging activities are made propertly. (/etc/syslog.conf and /var/adm/* log files).

At last try recompiling kernel (check /usr/include/sys/utmp.h).



0
 
jetxCommented:
goto /etc/rc.d and pico all the system file.. find Lastlog and wtmp then restart the file by doing ./file

jetx
0
 
straznpAuthor Commented:
I've tried that already, no luck.  So here is a detailed list of things that I have done.

Deleted /var/log/lastlog and /var/log/wtmp altogether.  Touched them again and started syslog.  No luck.  Removed /var/run/utmp and the other and restarted, still no luck.  Created a cron job to remove them and restart, still no luck.  I'm just not sure how these are still corrupted after I restart them.  I'm starting to think it would be a good time to start some source code analysis.
0
 
grmblCommented:
Before changing your rc.inet2 and compiling your kernel try this:

'echo > /var/run/utmp'

(or where ever your utmp is located)
and do:

'echo > /var/log/wtmp'

the tables are then reset.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.