Unfortunately, the message is stating that the first entry of the wtmp file (what last command uses in AIX) is Nov 22 14:03. If you execute a last without any arguments, you'll see all of the current entries since Nov 22 14:03. Not much help in your case. As the date is fairly recent, it looks like the user accounting may not be activated, and the wtmp file is not being populated. If the last command returns no entries, then that's probably the case, and the last command probably won't be of much help.
If you have a backup of the /var/adm/wtmp file around the time you need, you could restore it to a temp location, and view it with the last command. I forget the syntax, but the man pages for the last command explains it pretty well. hth -Phil- -----Original Message----- From: Chauhan, Savita [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 23, 2004 2:35 PM To: [EMAIL PROTECTED] Subject: RE: [U2][UD] - Transaction Processing I tried >>last <login-id> and returned wtmp begins Nov 22 14:03 >>who -m | awk '{ print $6 }' did not return anything. What does above mean and how do I get the IP address of the machine from where the user logged in on a particular date? Also, is there a way of know what transaction (UniData) was done by a user on a particular day? Thanks all for responding. Savita Chauhan, Programmer/Analyst x:1754 Central Texas College. ------------------------------------------- Change is the only Constant. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Rubeor Sent: Tuesday, November 23, 2004 1:17 PM To: [EMAIL PROTECTED] Subject: RE: [U2][UD] - Transaction Processing I'm assuming you are on a unix platform. If not, go ahead and delete this. If you really need to determine where someone was sitting, you will need to know both who and when the requisition was authorized. Then, you will need to parse through the utmp files. On hpux, the command is "last -R <userid>". On linux, the command is "last <userid>". Depending on your setup, that should show you info you need. I really doubt this will help you, since you specified November 2003. Most utmp files don't go over one year. Going forward, there is probably an easier method, but I get this information by capturing the output from a who command. If you are telneting to a windows server, I do not know what the equivalent is. Depending on the unix flavor, the command could be either "who -mR", "who -mx", or even "who -m --login". Once you capture the output, the ip address will be at the end, usually the sixth field. You can parse this with awk if you need this in a script, or FIELD if you need it in Unibasic. Please keep in mind, if users do not have secure passwords and/or leave their desktops unlocked, this will not provide a 100% secure method of tracking who did what. Hope that helps. -----Original Message----- From: Chauhan, Savita [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 23, 2004 12:23 PM To: [EMAIL PROTECTED] Subject: [U2][UD] - Transaction Processing Hi, This question is probably for someone who is a UniData administrator and system administrator with a little knowledge of Networking. We have a Requisitions file with on the fields as who authorized person a particular requisition. This field is in an association because several people have to authorize a requisition. I want to know from which machine (the IP address) a particular person authorized a requisition in Nov 2003. Assuming that we use static IP addressing. Can someone please direct me on how to do this? Is there a way I can see the transactions performed by UniData? Thanks in advance. Savita. ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/
