☆─────────────────────────────────────☆
JulyClyde (七月) 于(Sat Nov 26 11:19:39 2005)提到:
今天突然又看到一个btmp
把我对?tmp系列文件的印象全搞乱了
哪位大侠告诉我?
☆─────────────────────────────────────☆
MrWrong (雨中的猪头) 于(Sat Nov 26 11:22:48 2005)提到:
The utmp file allows one to discover information about who is currently
using the system. There may be more users currently using the system,
because not all programs use utmp logging.
The wtmp file records all logins and logouts.
☆─────────────────────────────────────☆
MrWrong (雨中的猪头) 于(Sat Nov 26 11:25:29 2005)提到:
基本上
w是utmp的信息
last是wtmp的信息
【 在 MrWrong (雨中的猪头) 的大作中提到: 】
☆─────────────────────────────────────☆
JulyClyde (七月) 于(Sat Nov 26 11:26:17 2005)提到:
last命令查看的是wtmp
utmp好象容易损坏。有时候断线了再上去,会发现原来那个“自己”还在
btmp呢?
【 在 MrWrong (雨中的猪头) 的大作中提到: 】
☆─────────────────────────────────────☆
MrWrong (雨中的猪头) 于(Sat Nov 26 11:35:59 2005)提到:
没见过btmp :(
【 在 JulyClyde (七月) 的大作中提到: 】
☆─────────────────────────────────────☆
TGIF (野人) 于(Sat Nov 26 11:49:33 2005)提到:
btmp好像是记录失败的telnet登录
【 在 JulyClyde (七月) 的大作中提到: 】
☆─────────────────────────────────────☆
dreameration ( 醉梦人生) 于(Sat Nov 26 13:05:43 2005)提到:
NAME
utmp, wtmp, btmp — utmp, wtmp, btmp entry format
SYNOPSIS
#include
#include
DESCRIPTION
These files, which hold user and accounting information for such commands as last, who, write, and login (see last(1), who(1), write(1), and login(1)), have the following structure as defined by :
#define UTMP_FILE "/etc/utmp"
#define WTMP_FILE "/var/adm/wtmp"
#define BTMP_FILE "/var/adm/btmp"
#define ut_name ut_user
struct utmp {
char ut_user[8]; /* User login name */
char ut_id[4]; /* /etc/inittab id(usually line#)*/
char ut_line[12] /* device name (console, lnxx) */
pid_t ut_pid; /* process id */
short ut_type; /* type of entry */
struct exit_status
short e_termination; /* Process termination status*/
short e_exit; /* Process exit status*/
} ut_exit; /* The exit status of a process*/
/* marked as DEAD_PROCESS.*/
unsigned short ut_reserved1; /* Reserved for future use*/
time_t ut_time; /* time entry was made*/
char ut_host[16]; /* host name,if remote*/
unsigned long ut_addr; /* host Internet addr, if remote*/
};
/* Definitions for ut_type */
#define EMPTY 0
#define RUN_LVL 1
#define BOOT_TIME 2
#define OLD_TIME 3
#define NEW_TIME 4
#define INIT_PROCESS 5 /* Process spawned by "init" */
#define LOGIN_PROCESS 6 /* getty process awaiting login */
#define USER_PROCESS 7 /* A user process */
#define DEAD_PROCESS 8
#define ACCOUNTING 9
#define UTMAXTYPE ACCOUNTING /* Max. legal value of ut_type */
/* Special strings or formats used in the "ut_line" field */
/* when accounting for something other than a process */
/* No string for the ut_line field can be more than */
/* 11 chars + a NULL in length */
#define RUNLVL_MSG "run-level %c"
#define BOOT_MSG "system boot"
#define OTIME_MSG "old time"
#define NTIME_MSG "new time"
File utmp contains a record of all users logged onto the system. File btmp contains bad login entries for each invalid logon attempt. File wtmp contains a record of all logins and logouts.
Note that wtmp and btmp tend to grow without bound, and should be checked regularly. Information that is no longer useful should be removed periodically to prevent it from becoming too large. Also note that wtmp and btmp are not created by the programs that maintain them. Thus, if these files are removed, record-keeping is turned off.
FILES
/etc/utmp
/var/adm/wtmp
/var/adm/btmp
AUTHOR
utmp, wtmp, and btmp were developed by HP and the University of California, Berkeley.
SEE ALSO
last(1), login(1), who(1), write(1), acctcon(1M), fwtmp(1M), getut(3C).
STANDARDS CONFORMANCE
: XPG2
【 在 TGIF (野人) 的大作中提到: 】
☆─────────────────────────────────────☆
dreameration ( 醉梦人生) 于(Sat Nov 26 13:08:13 2005)提到:
这文档说btmp和wtmp应该定时地删掉没用的
信息,请问怎么删?
【 在 dreameration ( 醉梦人生) 的大作中提到: 】
☆─────────────────────────────────────☆
MrWrong (雨中的猪头) 于(Sat Nov 26 14:15:16 2005)提到:
echo > /var/log/wtmp
【 在 dreameration ( 醉梦人生) 的大作中提到: 】
☆─────────────────────────────────────☆
dreameration ( 醉梦人生) 于(Sat Nov 26 14:57:17 2005)提到:
好方法!
但有没有办法删除部分记录
比如仅删除早于某日的登录记录
【 在 MrWrong (雨中的猪头) 的大作中提到: 】
☆─────────────────────────────────────☆
Invader (Varendi) 于(Sat Nov 26 16:45:54 2005)提到:
use logrotate
【 在 dreameration ( 醉梦人生) 的大作中提到: 】
【 在 JulyClyde (七月) 的大作中提到: 】
: 今天突然又看到一个btmp
: 把我对?tmp系列文件的印象全搞乱了
: 哪位大侠告诉我?
: ...................
: The utmp file allows one to discover information about who is currently
: using the system. There may be more users currently using the system,
: because not all programs use utmp logging.
: ...................
: The utmp file allows one to discover information about who is currently
: using the system. There may be more users currently using the system,
: because not all programs use utmp logging.
: ...................
: last命令查看的是wtmp
: utmp好象容易损坏。有时候断线了再上去,会发现原来那个“自己”还在
: btmp呢?
: ...................
: last命令查看的是wtmp
: utmp好象容易损坏。有时候断线了再上去,会发现原来那个“自己”还在
: btmp呢?
: ...................
: btmp好像是记录失败的telnet登录
: NAME
: utmp, wtmp, btmp — utmp, wtmp, btmp entry format
: SYNOPSIS
: ...................
: 这文档说btmp和wtmp应该定时地删掉没用的
: 信息,请问怎么删?
: echo > /var/log/wtmp
: 好方法!
: 但有没有办法删除部分记录
: 比如仅删除早于某日的登录记录
: ...................