August 1998
Intermediate to advanced
800 pages
39h 20m
English
Every time a user logs into or out of a
Unix system, a record is added to the wtmp file.
You can’t use the normal tail program on
it because it’s in binary format. The
tailwtmp program in Example 8.7
knows the format of the binary file and shows every new record as it
appears. You’ll have to adjust the pack
format for your own system.
Example 8-7. tailwtmp
#!/usr/bin/perl
# tailwtmp - watch for logins and logouts;
# uses linux utmp structure, from utmp(5)
$typedef = 's x2 i A12 A4 l A8 A16 l';
$sizeof = length pack($typedef, () );
use IO::File;
open(WTMP, '/var/log/wtmp') or die "can't open /var/log/wtmp: $!";
seek(WTMP, 0, SEEK_END);
for (;;) {
while (read(WTMP, $buffer, $sizeof) == $sizeof) {
($type, $pid, $line, $id, $time, $user, $host, $addr)
= unpack($typedef, $buffer);
next unless $user && ord($user) && $time;
printf "%1d %-8s %-12s %2s %-24s %-16s %5d %08x\n",
$type,$user,$line,$id,scalar(localtime($time)),
$host,$pid,$addr;
}
for ($size = -s WTMP; $size == -s WTMP; sleep 1) {}
WTMP->clearerr();
}