I noticed that on one of my machines the last command returned nothing. I determined the cause of this to be an empty /var/log/wtmp file. What would cause this to be empty? I assume the "tmp" means temporary, but what and where decides how temporary this log file is?
Asked
Active
Viewed 1,664 times
3
qq4
- 509
- 5
- 12
1 Answers
3
/var/log/wtmp is usually rotated (or just cleared) by a monthly cron job, or with a config file in /etc/logrotate.d/
For example: on my Debian system, all the lines in /etc/logrotate.d/wtmp are commented out, but /etc/cron.monthly/acct (from the acct GNU Accounting Utilities package) rotates it and generates a monthly report (/var/log/wtmp.report).
Check to see if you have /var/log/wtmp.1, /var/log/wtmp.2, etc. Possibly compressed with .gz filename extensions.
You can use last's -f option to view the records in other wtmp files. e.g.
last -f /var/log/wtmp.1
From man last:
-f,--file fileTell last to use a specific file instead of
/var/log/wtmp. The--fileoption can be given multiple times, and all of the specified files will be processed.
BTW, last -f can't read a compressed wtmp file. If it's compressed, you'll have to gunzip it first.
cas
- 1
- 7
- 119
- 185