SUMMARY: Another utmpx parser besides last

From: Keith Resar <3fcb85eee6f3a_at_heavyk.org>
Date: Mon Feb 07 2005 - 17:20:13 EST
Apparently the hostname information is recorded at login if
available, otherwise the IP is recorded.  Therefore, if a reverse
DNS lookup succeeded then there is no way to access to the IP 
address of the connecting system after the fact.


> Does anyone know of a script/tool to parse the utmpx file from a
> Solaris 8 system besides last?
> 
> We're trying to do some auditing after a possible compromise but
> last does a lookup on the src IP address so we're getting a bum
> domain name rather then something more useful.
> 
> 
> Thanks for any pointers.
> Keith.
> 
> -- 
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers
-- 
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Mon Feb 7 17:20:50 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:43 EST