Well i had several suggestions for this one:
>You need to rebuild all programs, eg ssh, that writes to the wtmp file.
>They are still writing according to the old style.
>Are you using secure crt?
>Check your cron definitions. 5.1 seems to default to "cleaning"
>log files much more often than 4.x did.
but none of these are really appropriate as i rebuilt OpenSSH 2.9p2 after
moving to Tru64 v5.1, we're not using crt and the files aren't being
cleaned or removed it's just that they're not being read.
closer inspection (after a few unrelated reboots) seems to reveal that
something's happening after the machine is booted. after a reboot 'last'
will show all logins up until the time of reboot but nothing afterwards
even though looking in /var/adm/wtmp shows all subsequent logins still
being logged. if i 'mv wtmp wtmp.old' and 'touch wtmp' it then starts
logging everything and last works fine... until the next reboot...
this is the same on all 18 Tru64 v5.1 boxes...
john
Original question:
>
> Hi All -
>
> I upgraded to V5.1 from v4.0G a few weeks ago and that all went OK but now
> I've noticed that 'last' doesn't seem to be working correctly - if I run
> the command it only seems to pick up logins up to some arbitrary time and
> then just seems to ignore anything after that. Different machines seem to
> have stopped logging at different days/times.
> After upgrading I ran 'wtmpconvert' to change wtmp and utmp to the new
> formats so it's not that (I hope...) and the files themselves ARE being
> updated because I can see the size and date change every time I log in or
> out and I can read the connection details just by running 'strings' on the
> files.
> Here's a sample output from one of our main servers which has people
> logging in and out all the time:
>
> # last
> xyz pts/7 modem-27.paddle- Sun Sep 02 13:44 - 13:44 (00:00)
> xzy pts/5 vega.bac.pku.edu Sun Sep 02 13:26 still logged in
> yzx pts/5 modem-27.paddle- Sun Sep 02 13:19 - 13:21 (00:01)
> zyx pts/7 host217-32-117-2 Sun Sep 02 13:02 - 13:07 (00:04)
> zxy pts/5 modem-27.paddle- Sun Sep 02 13:02 - 13:09 (00:07)
> zxy pts/5 host217-35-245-2 Sun Sep 02 12:04 - 12:12 (00:08)
> yyz pts/5 astro1.bnsc.rl.a Sun Sep 02 10:04 - 10:07 (00:02)
> zyy pts/5 p26.nas4.is5.u-n Sun Sep 02 09:37 - 09:39 (00:02)
> xyy pts/5 217.149.104.51 Sun Sep 02 09:34 - 09:36 (00:01)
> yyy pts/7 212.159.19.103 Sun Sep 02 08:38 - 08:38 (00:00)
> yyy pts/5 212.159.19.103 Sun Sep 02 08:36 - 08:40 (00:04)
> abc pts/5 ppp-1-100.cvx3.t Sun Sep 02 03:24 - 03:39 (00:15)
>
> wtmp begins Sun Sep 02 03:24
>
> Another machine shows no logins after 15:30 Monday afternoon, another one
> nothing since Thu Jan 01 01:00!
>
> This was all fine with Tru64 v4.0F, then I went to v4.0G and on to V5.1.
>
> Further investigation shows that some machines have /var/adm/utmp and wtmp
> now linked to /var/cluster/members/{memb}/adm/utmp and wtmp while others
> don't...
>
> Did I miss something somewhere...?
>
>
> Any help appreciated,
>
> john
>
>
> ----------------------------------------------------------------------------
> John Deacon | UCL Starlink Site Manager
> Dept Physics and Astronomy | Email: jrd_at_star.ucl.ac.uk
> University College London | Tel: 020 7679 7147
> Gower Street London WC1E 6BT | Fax: 020 7679 7145
> ----------------------------------------------------------------------------
>
>
>
Received on Thu Sep 06 2001 - 14:13:41 NZST