I'm looking for a list of users logging in and out of my server. When I execute
the last command, I get a list of users, and IP addresses they connected from
root pts/0 10.129.77.126 Tue Jan 27 10:47 still logged in
jhare pts/0 10.129.77.113 Fri Jan 23 16:43 - 16:50 (00:06)
root pts/0 10.129.77.113 Fri Jan 23 16:38 - 16:43 (00:05)
root pts/0 10.129.77.115 Fri Jan 23 12:28 - 12:35 (00:07)
root pts/0 10.129.77.115 Wed Jan 21 11:57 - 13:25 (01:27)
root pts/0 10.129.77.115 Wed Jan 21 11:50 - 11:57 (00:07)
root pts/0 10.129.77.115 Wed Jan 21 10:44 - 11:46 (01:01)
root pts/0 10.129.77.115 Sat Jan 17 15:53 - 15:57 (00:04)
Is this information being saved somewhere? /var/log perhaps? If not, do you
know of some way to save it/use syslog to forward it?
Yes, in /var/log/wtmp itself. This is a binary format file, though, so you
need a program of some kind ("last", for example) to interpret the contents
and print it out in a human-useful form.
If you want to regularly forward the info that can be found in wtmp, you can have a script regularly run "last" and have it send the output to a temporary file somewhere, then mail that file.
KR
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
