{"id":577,"date":"2012-09-10T18:27:02","date_gmt":"2012-09-10T18:27:02","guid":{"rendered":"https:\/\/trouble.org\/?p=577"},"modified":"2012-09-10T18:27:02","modified_gmt":"2012-09-10T18:27:02","slug":"reading-wtmp","status":"publish","type":"post","link":"https:\/\/trouble.org\/?p=577","title":{"rendered":"reading wtmp"},"content":{"rendered":"<p>Have a wtmp file you need read? A nice perl one liner to do so:<\/p>\n<div class=\"codecolorer-container text blackboard\" style=\"overflow:auto;white-space:nowrap;\"><div class=\"text codecolorer\">perl -we '@type=(&quot;Empty&quot;,&quot;Run Lvl&quot;,&quot;Boot&quot;,&quot;New Time&quot;,&quot;Old Time&quot;,&quot;Init&quot;,&quot;Login&quot;,&quot;Normal&quot;,&quot;Term&quot;,&quot;Account&quot;);$recs = &quot;&quot;; while (&lt;&gt;) {$recs .= $_};foreach (split(\/(.{384})\/s,$recs)) {next if length($_) == 0;my ($type,$pid,$line,$inittab,$user,$host,$t1,$t2,$t3,$t4,$t5) = $_ =~\/(.{4})(.{4})(.{32})(.{4})(.{32})(.{256})(.{4})(.{4})(.{4})(.{4})(.{4})\/s;if (defined $line &amp;&amp; $line =~ \/\\w\/) {$line =~ s\/\\x00+\/\/g;$host =~ s\/\\x00+\/\/g;$user =~ s\/\\x00+\/\/g;printf(&quot;%s %-8s %-12s %10s %-45s\\n&quot;,scalar(gmtime(unpack(&quot;I4&quot;,$t3))),$type[unpack(&quot;I4&quot;,$type)],$user,$line,$host)}}print&quot;\\n&quot;' &lt; \/var\/log\/wtmp<\/div><\/div>\n<p>Thanks to: http:\/\/www.hcidata.info\/wtmp.htm<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Have a wtmp file you need read? A nice perl one liner to do so: perl -we &#8216;@type=(&quot;Empty&quot;,&quot;Run Lvl&quot;,&quot;Boot&quot;,&quot;New Time&quot;,&quot;Old Time&quot;,&quot;Init&quot;,&quot;Login&quot;,&quot;Normal&quot;,&quot;Term&quot;,&quot;Account&quot;);$recs = &quot;&quot;; while (&lt;&gt;) {$recs .= $_};foreach (split(\/(.{384})\/s,$recs)) {next if length($_) == 0;my ($type,$pid,$line,$inittab,$user,$host,$t1,$t2,$t3,$t4,$t5) = $_ =~\/(.{4})(.{4})(.{32})(.{4})(.{32})(.{256})(.{4})(.{4})(.{4})(.{4})(.{4})\/s;if (defined $line &amp;&amp; $line =~ \/\\w\/) {$line =~ s\/\\x00+\/\/g;$host =~ s\/\\x00+\/\/g;$user =~ s\/\\x00+\/\/g;printf(&quot;%s %-8s %-12s %10s %-45s\\n&quot;,scalar(gmtime(unpack(&quot;I4&quot;,$t3))),$type[unpack(&quot;I4&quot;,$type)],$user,$line,$host)}}print&quot;\\n&quot;&#8217; [&hellip;]<\/p>\n","protected":false},"author":44,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31,46,4,6],"tags":[334,326,147],"class_list":["post-577","post","type-post","status-publish","format-standard","hentry","category-code","category-perl","category-security","category-tech","tag-hack","tag-perl","tag-wtmp"],"_links":{"self":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=577"}],"version-history":[{"count":3,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/577\/revisions"}],"predecessor-version":[{"id":580,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/577\/revisions\/580"}],"wp:attachment":[{"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}