Home
Home
Contact
Course Materials
Courses
Code
Projects
Demos
Games
Web Apps
Resources
Quick References
Links
Logo  

Home - Old Man Programmer

Displaying projects/sac/rawtmp.1 

.\" $Copyright: $
.\" Copyright (c) 1995, 1996, 1997, 1998 by Steve Baker (ice@mama.indstate.edu)
.\" All Rights reserved
.\"
.\" This software is provided as is without any express or implied
.\" warranties, including, without limitation, the implied warranties
.\" of merchant-ability and fitness for a particular purpose.
.\"
...
.V= $Header: rawtmp.1 1.4 1998 $
.TH RAWTMP 1 "\*(V)" "UNIX Manual"
.SH NAME
rawtmp \- display wtmp entries in raw form.
.SH SYNOPSIS
\fBrawtmp\fP [\fB-da\fP] [\fB-w\fP \fIwtmp\fP|\fB-\fP] [\fB-X[3|4]d\fP] [\fB-s\fP \fIstart\fP] [\fB-e\fP \fIend\fP] [\fB-b\fP \fIH:M:S\fP] [\fB--help\fP] [\fB--version\fP]
.br
.SH DESCRIPTION
\fIRawtmp\fP is a utility to dump the raw data in a wtmp or utmp file to the
screen for viewing.  It may be useful to anyone who wishes to divine the
nature of the data stored in the wtmp or utmp files.  It may also be useful
to extract special wtmp entries that are not documented anywhere (like those
netdate puts in the wtmp file).

If on a logout, when the username is encoded in the ut_user field by
replacing the first character of the username with a null, rawtmp will print
the contents of the user field with a leading dot '.' to denote the null
character. Only \fIagetty\fP and \fItacacs\fP control software are currently
known to use this logging method.
.br
.SH OPTIONS
\fIRawtmp\fP understands the following command line switches:
.TP
\fB--help\fP
Outputs a verbose usage listing.
.PP
.TP
\fB--version\fP
Displays the version of rawtmp.
.PP
.TP
\fB-w\fP \fIwtmp\fP
Select a different input file instead of the default (\fI/var/log/wtmp\fP).
.PP
.TP
\fB-X[3]\fP
Read a wtmp file maintained by versions 3.3 or 3.4 Tacacs terminal server
access control software.
.PP
.TP
\fB-X4\fP
Read a wtmp file maintained by version 4.0 of Tacacs terminal server access
control software.
.PP
.TP
\fB-d\fP
Output the time in MMM DD HH:MM:SS format instead of raw time for a more
human readable form (and to actually know what day you're looking at!).
.PP
.TP
\fB-a\fP
Print the contents of the ut_addr field (in quad-dotted notation) instead of
using the ut_host field.  Note: ut_addr is almost never used and more than
likely contains garbage information.
.PP
.TP
\fB-b\fP \fIhours\fP[\fI:minutes\fP[\fI:seconds\fP]]
Consider only those utmp entries that fall within the last few
hours/minutes/seconds from the current time, disregarding the rest.
.PP
.TP
\fB-s\fP \fIstart\fP
Selects the starting date of the report, in mm/dd/yy format.
.PP
.TP
\fB-e\fP \fIend\fP
Selects the ending date of the report, in mm/dd/yy format.
.PP
.SH FILES
/var/log/wtmp        login database.
.SH AUTHOR
Steve Baker (ice@mama.indstate.edu)
.SH BUGS
Could use some filtering options.
.SH SEE ALSO
.BR last (1),
.BR sac (8)