iTechNote

Ever been asked a question similar to “I wanna to find out who is logged in last night at 8:34″?

The last command for Solaris tells who was or still is on the system. You may want to use with ‘| more‘ to be able to page through the log. It offers great feature for tracking who was on your system last, how long they stayed logged in and from which terminal or machine (IP) they came from. It will save your day by tracking those would-be party-crashers.

If you want an enhanced version of last, you may want to try out Matty’s lastx. lastx is an extension of the last utility shipped with Solaris. It prints all 32-characters of the users utmpx entry, and provides facilities to display last data over a period of days. It also allows the user to print unique logins, and the total number of attempted logins. However, you need to compile the program yourself as it comes with source only.

Usage:
lastx { [-d num_days] [-n lines] } [-f filename] [-u] [-h]
-d num_days : Print the users who have logged in within the past num_days
-f filename : Filename to use
-h : Print this screen
-n lines : Print the the last N number of lines in the wtmpx file
-u : Print the unique entries for each user

The utmpx and wtmpx files are extended database files that have superseded the obsolete utmp and wtmp database files. The utmpx database contains user access and accounting information for commands such as who, write and login. The wtmpx database contains the history of user access and accounting information for the utmpx database. Both files can be accessed in /var/adm.