Greetings, I am seeing strange entries when i perform "last -20" for example. Here's a sample output becuase I can not seem to make any sense out of this in the last two days and can't find any information online. Any help is appreciated. 0 F=?Bttyp Wed Dec 31 16:00 still logged in 0 6??Bttyp Wed Dec 31 16:00 still logged in 0 m??Bttyp Wed Dec 31 16:00 still logged in 7 m??Bttyv Wed Dec 31 16:00 still logged in 0 ?Bttyp Wed Dec 31 16:00 still logged in 0 (o?Bttyp Wed Dec 31 16:00 still logged in 2 ?g?Bttyp Wed Dec 31 16:00 still logged in . and it keeps going for 20 lines. Thanks for your time, Saurabh
On Wed, 15 Jun 2005, Saurabh Bhasin wrote:> Greetings, > > I am seeing strange entries when i perform "last -20" for example. > Here's a sample output becuase I can not seem to make any sense out of > this in the last two days and can't find any information online. Any > help is appreciated. > > 0 F=?Bttyp Wed Dec 31 16:00 still logged in > 0 6??Bttyp Wed Dec 31 16:00 still logged in > 0 m??Bttyp Wed Dec 31 16:00 still logged in > 7 m??Bttyv Wed Dec 31 16:00 still logged in > 0 ?Bttyp Wed Dec 31 16:00 still logged in > 0 (o?Bttyp Wed Dec 31 16:00 still logged in > 2 ?g?Bttyp Wed Dec 31 16:00 still logged in > . > > and it keeps going for 20 lines.The last command uses /var/log/wtmp and /var/log/utmp (mabe even /var/log/lastlog) - anyway, the point is, it uses those files to get the information, now, it appears as if they have become corrupt, mabe by userland/kernel land desynch? bad upgrade? tried a reboot? Else, can you give us more details about the system, past upgrades, intrusions? ~NVX
> The last command uses /var/log/wtmp and /var/log/utmp (mabe even > /var/log/lastlog) - anyway, the point is, it uses those files to get the > information, now, it appears as if they have become corrupt, mabe by > userland/kernel land desynch? bad upgrade? tried a reboot? > > Else, can you give us more details about the system, past upgrades, > intrusions?Thanks for the explanation. I do understand the above and for sanity sake did every single thing to determine if my box was broken into. However, it turns out that the file did get corrupted (this behavior started to appear after a system reboot which required manual fsck). Simple re-creation of the file worked out just fine.