I'm trying to find a way to report on the most recent login for all users on my Solaris 10 server. I'm starting with the output of the last
command. Using that command, I get output like this:
bd9439 pts/1 vpn-xxx-xx-xxx-x Fri Oct 25 10:46 still logged in
vf7854 pts/1 vpn-xxx-xx-xxx-x Fri Oct 25 10:23 - 10:38 (00:15)
According to the man page, the date and time formats are controlled by locale. I've very rarely used locale settings. Is there something I can use that will change the display to include the "year" portion of the date? I'm hoping to get an output line similar to this:
bd9439 pts/1 vpn-xxx-xx-xxx-x Fri Oct 25 2013 10:46 still logged in
vf7854 pts/1 vpn-xxx-xx-xxx-x Fri Oct 25 2013 10:23 - 10:38 (00:15)
It's not clear to me if the man page was referring to the output of the last
command itself or how the data is actually stored in /var/adm/wtmpx.
If there is another way to get this "last login" attribute, I'd be happy to learn it.
Best Answer
In which I half-provide context, half rant
You're running into an example of the main reason I don't like managing Solaris systems: Nothing is ever just easy.
I don't know if the locale's really going to do anything except change the order of certain portions of the timestamp around. I'm interested if anyone knows of a way to coax Solaris's
last
into giving the year, but I'm not going to hold my breath. Sun's software development mantra seems to have been "It Technically Works."Sun seems to have pretty much developed something right up to the point absolutely required of them, and then pretty much stopped there. So you end up with generally accepted solutions being like these and you just keep a listed collection of workarounds for common problems.
The only way I've ever found of doing this is to use
/usr/lib/acct/fwtmp
to dump the entire contents of/var/adm/wtmpx
to a pipe to some other program that I use for manipulating the text output (grep
,tac
,sed
, etc).Bonus: Since seeking the end of the file and just moving back by the fixed
wtmpx
record length would be asking too much,fwtmp
can only print out the contents ofwtmpx
as they appear in the file. So you have to use some other means (probablytac
) of reversing the lines, unless you're actually interested in the oldest information (which is the least likely use case, but I digress).Depending how long your system has been in operation
wtmpx
might be kind of large, so you may want to go get a cup of coffee, maybe go check to see if your tires are underinflated, and maybe go read a book or two while you're at it.The Actual Answer to your question:
This is a command that emulates
last
in way that is usable to most people interested in looking at login records:You'll notice I have to pipe
wtmpx
in since they don't give you a means of just giving the file tofwtmp
. That's because feeding it in viastdin
Technically Works™ in the majority of use cases and they wouldn't have had to write a few extra lines of code. So they'd rather just make Admins do that.This is example output of the above on on of the systems I look after:
EDIT:
I know I'm whining about something small up there, but after a while I just get tired of every little thing (such as simply asking "what's the year?") turning into an hour long googlefest or something that's more or less just tribal knowledge (such as the existence of
fwtmp
).