We had a user damage one of mobile PC's and I'm trying to track who
was logged onto that device. I've looked in the /var/adm/wtmp file but
it only give me a list containing the pts. Is there a log file that I
could match this up to that would contain were a connection was
originated from. The PC in question is set up in the /etc/hosts file.
I just need a log to find the device and pts to compare with. Is there
such a log??

On Oct 4, 11:57 am, wlippinc...@gmail.com wrote:
> We had a user damage one of mobile PC's and I'm trying to track who
> was logged onto that device. I've looked in the /var/adm/wtmp file but
> it only give me a list containing the pts. Is there a log file that I
> could match this up to that would contain were a connection was
> originated from. The PC in question is set up in the /etc/hosts file.
> I just need a log to find the device and pts to compare with. Is there
> such a log??

If you know the IP address that was assigned to the mobile PC, you can
try this command:

last|grep "[put_the_IP_address_here]"

On Oct 4, 12:35 pm, steven_nospam at Yahoo! Canada
<steven_nos...@yahoo.ca> wrote:
> On Oct 4, 11:57 am, wlippinc...@gmail.com wrote:
>
> > We had a user damage one of mobile PC's and I'm trying to track who
> > was logged onto that device. I've looked in the /var/adm/wtmp file but
> > it only give me a list containing the pts. Is there a log file that I
> > could match this up to that would contain were a connection was
> > originated from. The PC in question is set up in the /etc/hosts file.
> > I just need a log to find the device and pts to compare with. Is there
> > such a log??
>
> If you know the IP address that was assigned to the mobile PC, you can
> try this command:
>
> last|grep "[put_the_IP_address_here]"

The command was accepted without and syntax errors, but it isn't
returning any values.
Thanks for the idea though.

On Oct 4, 1:43 pm, wlippinc...@gmail.com wrote:
> On Oct 4, 12:35 pm, steven_nospam at Yahoo! Canada
>
> <steven_nos...@yahoo.ca> wrote:
> > On Oct 4, 11:57 am, wlippinc...@gmail.com wrote:
>
> > > We had a user damage one of mobile PC's and I'm trying to track who
> > > was logged onto that device. I've looked in the /var/adm/wtmp file but
> > > it only give me a list containing the pts. Is there a log file that I
> > > could match this up to that would contain were a connection was
> > > originated from. The PC in question is set up in the /etc/hosts file.
> > > I just need a log to find the device and pts to compare with. Is there
> > > such a log??
>
> > If you know the IP address that was assigned to the mobile PC, you can
> > try this command:
>
> > last|grep "[put_the_IP_address_here]"
>
> The command was accepted without and syntax errors, but it isn't
> returning any values.
> Thanks for the idea though.

Perhaps just try this:

last|more

....then scan the list to see who has been logging in on ALL PCs. The
IP address may not show up as xxx.xxx.xxx.xxx if the user who logged
in has an entry in the /etc/hosts file. For example, you may see
"mobilepc.companyname.com" instead of an IP.

If not, you might also try:

who /var/adm/wtmp

That is supposed to show a history of logins on the server.

Good luck!

Steve

On Oct 4, 12:53 pm, steven_nospam at Yahoo! Canada
<steven_nos...@yahoo.ca> wrote:
> On Oct 4, 1:43 pm, wlippinc...@gmail.com wrote:
>
>
>
> > On Oct 4, 12:35 pm, steven_nospam at Yahoo! Canada
>
> > <steven_nos...@yahoo.ca> wrote:
> > > On Oct 4, 11:57 am, wlippinc...@gmail.com wrote:
>
> > > > We had a user damage one of mobile PC's and I'm trying to track who
> > > > was logged onto that device. I've looked in the /var/adm/wtmp file but
> > > > it only give me a list containing the pts. Is there a log file that I
> > > > could match this up to that would contain were a connection was
> > > > originated from. The PC in question is set up in the /etc/hosts file.
> > > > I just need a log to find the device and pts to compare with. Is there
> > > > such a log??
>
> > > If you know the IP address that was assigned to the mobile PC, you can
> > > try this command:
>
> > > last|grep "[put_the_IP_address_here]"
>
> > The command was accepted without and syntax errors, but it isn't
> > returning any values.
> > Thanks for the idea though.
>
> Perhaps just try this:
>
> last|more
>
> ...then scan the list to see who has been logging in on ALL PCs. The
> IP address may not show up as xxx.xxx.xxx.xxx if the user who logged
> in has an entry in the /etc/hosts file. For example, you may see
> "mobilepc.companyname.com" instead of an IP.
>
> If not, you might also try:
>
> who /var/adm/wtmp
>
> That is supposed to show a history of logins on the server.
>
> Good luck!
>
> Steve

I actually got it by using who -u /var/adm/wtmp. That gave me the
name, the session id, the location, and the time that they logged in.
Thanks for the help.