Johann Spies at Johann <[EMAIL PROTECTED]> writes: I am not an expert on this, so I had to search a little to find this, so if anybody finds any problems with this, please correct me.
The lastlog file appears to be an array of structures of binary data, with an entry for each UID (except 'nobody' on mine). The size of yours would indicate that your last UID is 63434 if your is a x86 based system. You could do a 'ls -s' /var/log/lastlog to get the real size in blocks to see if the file has holes in it. The structure information is in /usr/include/utmpbits.h, which is included from /usr/include/lastlog.h. The lastlog file simply holds the last time each user logged in, so is appears to never be rotated. The wtmp file should be an array of structures of all logins and reboots. The size of yours might be correct if your system has a lot of users, although I just discovered that my wtmp.0 file is corrupt. The 'last' command will show a decoded version of the file, and the option '-f <file>' will also allow you to specify another file. This file appears to be rotated from the /etc/cron.monthly/standard script. The dates of your files indicate it has not been rotating properly in the past, so your wtmp.0 file probably has 7 months of logs. The utmp(5) manpage has further details on the file, if you need it. > I have two large files in my /var/log: > > -rw-r--r-- 1 root root 18523020 May 24 07:14 lastlog <--------- > > -rw-r--r-- 1 root adm 871296 May 24 07:14 wtmp > -rw-r--r-- 1 root adm 7499904 May 5 14:07 wtmp.0 <--------- > -rw-r--r-- 1 root adm 49369 Oct 1 1998 wtmp.1.gz > -rw-r--r-- 1 root adm 26365 Aug 1 1998 wtmp.2.gz > -rw-r--r-- 1 root adm 56427 Jun 9 1998 wtmp.3.gz > -rw-r--r-- 1 root adm 18072 Mar 1 1998 wtmp.4.gz > -rw-r--r-- 1 root adm 652 Feb 1 1998 wtmp.5.gz > -rw-r--r-- 1 root root 130944 Aug 21 1998 wtmp.libc5 > > It seems as if wtmp.0 is on its way to become wtmp.1.gz some time but what > about lastlog? Is this normal? > > I have tried to look at the contents of lastlog and it contains thousands > of ^@'s. > > On 21 May 1999, Carl Johnson wrote: > > My /var/log directory is only a little over 2MB, but mine is mostly just a > > workstation for me. Just for reference, I only have 5 files over 100KB, and > > the largest is only 300KB. > -- Carl Johnson [EMAIL PROTECTED]
