Monday, August 18, 2008

fwtmp - how to manipulate connect-time accounting records

fwtmp manipulates connect-time accounting records by reading binary records in wtmp format from standard input, converting them to formatted ASCII records. The ASCII version is useful when it is necessary to edit bad records.

# fwtmp [-ic]

where :

-ic : denotes that input is in ASCII form, and output is to be written in binary form.

Example to convert a binary record in wtmp format to an ASCII record called dummy.file, enter:

# fwtmp < /var/adm/wtmp > dummy.file

Example to convert an ASCII dummy.file to a binary file in wtmp format called /var/adm/wtmp, enter the fwtmp command with the -ic switch:

# fwtmp -ic <> /var/adm/wtmp

Note: Depending on your flavour of Unix, the file may be called wtmpx or wtmp.

Example:


fwtmp < /var/adm/wtmp > dummy.file

To get a list of all the failed logins in IBM AIX:

To read the file /etc/security/failedlogin, you need to use fwtmp:

# /usr/sbin/acct/fwtmp < /etc/security/failedlogin

To get information for a particular user:

# /usr/sbin/acct/fwtmp < /etc/security/failedlogin | grep username

Example:


/usr/sbin/acct/fwtmp < /etc/security/failedlogin

2 comments:

Anonymous said...

Where can I get this utility now ?
apt-cache search doesn't give result, neither does google.

If it does not exist anymore, do you know any equivalent for ubuntu lucid ?

Anonymous said...

I am also search for equivalent on RH/CentOS, neither 'yum provides fwtmp' nor 'yum search fwtmp' return a match.