How to view history of user access logs /system uptime and administration information on Solaris 10

View history of user access logs:

We can use last command for that,

The last command looks in the /var/adm/wtmpx file, which records all logins and logouts, for information about a user, a terminal, or any group of users and terminals.

SYNOPSIS

     last [-a] [-n number | -number]  [-f filename] [name |  tty]

The following options are supported:

-a                                             

Displays the hostname in the last column.

 -f filename                    

 Uses filename as the name of the accounting file instead of /var/adm/wtmpx.

 -n number|-number               

limits the number of entries displayed to that specified by number. These options are identical;    the    -number option is provided as   a transition tool only and is removed in future releases.

Eg:

#last –a

 It will logs all logs in to wtmpx file...

You can view the file by using following command

#/usr/lib/acct/fwtmp </var/adm/wtmpx

slt                                   sshd                                  2444  7 0000 0000 1357634943 531781 0 10 172.16.0.8 Tue Jan  8 14:19:03 2013

slt                              ts/3 pts/3                                 2451  7 0000 0000 1357634943 549757 0 10 172.16.0.8 Tue Jan  8 14:19:03 2013

eci                              ftp  ftp2512                               2512  7 0000 0000 1357635001 0 0 11 172.16.0.4 Tue Jan  8 14:20:01 2013

eci                              ftp  ftp2512                               2512  8 0000 0000 1357635001 0 0 11 172.16.0.4 Tue Jan  8 14:20:01 2013

eci                              ftp  ftp2610                               2610  7 0000 0000 1357635300 0 0 11 172.16.0.4 Tue Jan  8 14:25:00 2013

eci                              ftp  ftp2610                               2610  8 0000 0000 1357635301 0 0 11 172.16.0.4 Tue Jan  8 14:25:01 2013

eci                              ftp  ftp2689                               2689  7 0000 0000 1357635600 0 0 11 172.16.0.4 Tue Jan  8 14:30:00 2013

eci                              ftp  ftp2689                               2689  8 0000 0000 1357635600 0 0 11 172.16.0.4 Tue Jan  8 14:30:00 2013

eci                              ftp  ftp2813                               2813  7 0000 0000 1357635901 0 0 11 172.16.0.4 Tue Jan  8 14:35:01 2013

eci                              ftp  ftp2813                               2813  8 0000 0000 1357635901 0 0 11 172.16.0.4 Tue Jan  8 14:35:01 2013

eci                              ftp  ftp2907                               2907  7 0000 0000 1357636201 0 0 11 172.16.0.4 Tue Jan  8 14:40:01 2013

.

.

.

fwtmp reads from the standard input and writes to the  standard  output, converting binary records of the type found in /var/adm/wtmpx to formatted ASCII records. We can’t view properly this kind of files (wtmpx) using cat commands.

We can also convert wtmpx file in to readable txt file format using following command:

#  /usr/lib/acct/fwtmp < /var/adm/wtmpx >>wtmpx.txt

The information of system up-time:

#/usr/lib/acct/fwtmp < /var/adm/utmpx

nms                              ts/1 pts/7                                19444  8 0000 0000 1329833595 0 0 12 50.17.3.155 Tue Feb 21 19:43:15 2012

nms                              ts/4 pts/4                                 7475  8 0000 0000 1339405255 125196 0 0  Mon Jun 11 14:30:55 2012

nms                              tt/4 pts/1                                19453  8 0000 0000 1329825282 0 0 12 50.17.3.155 Tue Feb 21 17:24:42 2012

slt                              ts/8 pts/8                                 4367  8 0000 0000 1352283236 747674 0 0  Wed Nov  7 15:43:56 2012

.

.

.

Read More