NAME
rawtmp - display wtmp entries in raw form.
SYNOPSIS
rawtmp [-da] [-w wtmp|-] [-X[3|4]d] [-s start] [-e end] [-b H:M:S]
[--help] [--version]
DESCRIPTION
Rawtmp is a utility to dump the raw data in a wtmp or utmp file to the
screen for viewing. It may be useful to anyone who wishes to divine
the nature of the data stored in the wtmp or utmp files. It may also
be useful to extract special wtmp entries that are not documented
anywhere (like those netdate puts in the wtmp file).
If on a logout, when the username is encoded in the ut_user field by
replacing the first character of the username with a null, rawtmp will
print the contents of the user field with a leading dot ’.’ to denote
the null character. Only agetty and tacacs control software are
currently known to use this logging method.
OPTIONS
Rawtmp understands the following command line switches:
--help Outputs a verbose usage listing.
--version
Displays the version of rawtmp.
-w wtmp
Select a different input file instead of the default
(/var/log/wtmp).
-X[3] Read a wtmp file maintained by versions 3.3 or 3.4 Tacacs
terminal server access control software.
-X4 Read a wtmp file maintained by version 4.0 of Tacacs terminal
server access control software.
-d Output the time in MMM DD HH:MM:SS format instead of raw time
for a more human readable form (and to actually know what day
you’re looking at!).
-a Print the contents of the ut_addr field (in quad-dotted
notation) instead of using the ut_host field. Note: ut_addr is
almost never used and more than likely contains garbage
information.
-b hours[:minutes[:seconds]]
Consider only those utmp entries that fall within the last few
hours/minutes/seconds from the current time, disregarding the
rest.
-s start
Selects the starting date of the report, in mm/dd/yy format.
-e end Selects the ending date of the report, in mm/dd/yy format.
FILES
/var/log/wtmp login database.
AUTHOR
Steve Baker (ice@mama.indstate.edu)
BUGS
Could use some filtering options.
SEE ALSO
last(1), sac(8)