User's Manual
Solaris 9 Security CX-310-301 24
It should be noted that login attempts using CDE (dtlogin) will not be caught by this facility. Only attempts
that use the login command will be noticed.
lastlog, utmpx, wtmpx and last
The files /var/adm/utmpx and /var/adm/wtmpx record information about who is logged in to a system.
utmpx contains current information and wtmpx contains historical information.
The file /var/adm/lastlog records the prior login information. It is not an ASCII readable file. The example
below shows the output received when user john logs in using telnet, the last time the user logged in is
displayed on the screen:
SunOS 5.9
login: john
Password:
Last login: Fri Apr 9 01:40:27 from 192.168.1.2
Users should be made aware of this information as it could provide valuable information on unauthorized
accesses to the system.
The last command (/usr/bin/last) displays login information from utmpx and wtmpx, including details of
system reboots. The example below shows some truncated output from the last command:
# last
john pts/1 test.mobileven Fri Apr 9 11:10 still logged in
root console Fri Apr 9 01:51 - 01:52 (00:00)
john dtremote 192.168.1.2: Fri Apr 9 01:40 - 01:42 (00:01)
john dtremote 192.168.1.2: Mon Apr 5 22:47 - 01:12 (02:24)
reboot system boot Sun Apr 4 16:41
Notice how the output indicates users that are “still logged in”.
System Log Files
There are three main log files used by the system to record important messages, syslog, which is described
in the next subsection, /var/adm/messages and /var/adm/sulog.
/var/adm/messages
This file contains system messages and is the central repository for the majority of messages that would
interest the system administrator. The type of messages that get logged here include:
¾ System boot messages