I am trying to use the information from the "last" command to examine
how long users are logged into a certain machine for a research
project. I wrote a perl script to parse the information into a comma
delimited file, opened it in a spreadsheet, and sorted the entries by
how long the users were logged in. To my surprise, out of about 3200
entries, only 17 of them showed up as being logged in for more than an
hour! I know this information is inaccurate, because these users work
on projects for hours at a time. Another mystery is that when I run
"who", it shows about 50 users being logged in, whereas the "last"
command only shows about 10. Running last using utmpx as the file
instead of the default wtmpx, it shows users being logged in for a lot
I know that the "who" command uses the utmpx file, and the "last"
command uses the wtmpx file, but shouldn't the wtmpx file contain the
same information as the utmpx file, only a lot more of it? Can anyone
think of an explanation to why the "last" output isn't showing the
entire session a user is logged in for? Also, if there is data
missing, is there another way I can get the login and logout history
of all the users?
I would greatly appreciate any help you can give. :)