如何正确显示utmp、wtmp、btmp文件的内容?

如何正确显示utmp、wtmp、btmp文件的内容?

如何使用 cat 显示/var/run/utmp, /var/log/wtmp, /var/log/btmp

当我尝试显示它们时,我也得到了一些其他字符。

这是我尝试读取文件时得到的输出:

jai@frank-Jai:~$ cat /var/run/utmp
~~~reboot3.8.0-26-genericf�Q%p  2~~~runlevel3.8.0-26-genericf�Q
�   �tty44LOGIN�f�Q�tty55LOGIN�f�Q�tty22LOGIN�f�Q�tty33LOGIN�f�Q�tty66LOGIN�f�Q�tty11LOGIN�k�Qtty7:0jai:0y�Q
                                                       ��pts/0/0jai:0.0�{�QFQjai@frank-Jai:~$ cat /var/log/wtmp
~~~reboot3.8.0-19-generic��Q�b
2~~~runlevel3.8.0-19-generic��Q�c
*tty44LOGIN*��Q0tty55LOGIN0��Q:tty22LOGIN:��Q;tty33LOGIN;��Q=tty66LOGIN=��Q"tty11LOGIN"��Q�pts/1/1jai:0.0��Q�D       pts/1/1jai��Q���   pts/1/1jai:0.0t��Q��    pts/2/2jai:0.0���Q
�   pts/3/3jai:0.0`��Qpts/3/3jaib��Qpts/1/1jai"��Q
                                                        pts/2/2jai"��Q62~~~ru*tty44*;��Q�0tty550;��Q�:tty22:;��Q�;tty33;;��QM=tty66=;��Q�
                                                                       "tty11";��Ql,~~~shutdown3.8.0-19-genericH��Qz�~~~reboot3.8.0-26-generic���Q-�2~~~runlevel3.8.0-26-generic���Q�ctty44LOGINc���Qjtty55LOGINj���Qutty22LOGINu���Qvtty33LOGINv���Qytty66LOGINy���Q?tty11LOGIN?���Q02~~~runlevel3.8.0-26-generic���Q.
                 ctty44c���Qjtty55j���Qutty22u���Qvtty33v���Qytty66y���Q?tty11?���Q�~~~shutdown3.8.0-26-generic���Q�~~~reboot3.8.0-26-genericʩ�stty44LOGINsʩ�Qztty55LOGINzʩ�Q�tty22LOGIN�˩�Qtty33LOGIN˩�Q�tty66LOGIN�˩�QCtty11LOGINC˩�Qpts/0/0jai:0.0B��Qp�
                                            pts/1/1jai:0.0��QOpts/1/1jai��Q(C
                                                                             ptspts/1/1jai��Q"pts/0/0jai;�Q�
stty44s�A�Q��ztty55z�A�Q��i�tty22��A�Q��ntty33�A�QZ�26-ge�tty66��A�Qmn
Ctty11C�A�Qz
~~~shutdown3.8.0-26-generic�A�Q
                                �~~~reboot3.8.0-26-generic e�Q�2~~~runlevel3.8.0-26-generic e�Q�iMtty44LOGINM e�QStty55LOGINS e�Q]tty22LOGIN] e�Q^tty33LOGIN^ e�Q`tty66LOGIN` e�Q�tty11LOGIN�#e�QL
pts/0/0jai:0.0l�Q�#
pts/0/0jai:0.0:t�Q#;pts/0/0jai߂�QO|02~~~runlevel3.8.0-26-generic߂�Qu�Mtty44M߂�QStty55S߂�Q]tty22]߂�Q^tty33^߂�Q`tty66`߂�Q�    �tty11�߂�Q�D    ~~~shutdown3.8.0-26-generic���Q
                        ~~~reboot3.8.0-26-generic���Q�2~~~runlevel3.8.0-26-generic���Q[�ktty44LOGINk���Qqtty55LOGINq���Q{tty22LOGIN{���Q|tty33LOpts/2/2jaiL��Q��62~~~runlevel3.8.0-26-genericL��Q��ktty44kL��Qqtty55qL��Q{tty22{L��QY   |tty33|L��Q@
                               �tty66�L��Q� �tty11�L��Q�M   ~~~shutdown3.8.utty44LOGINuW��Q}tty55LOGIN}W��Qtty22LOGINW��Q�tty33LOGIN�W��Q�tty66pts/0/0jai:0.0���Qpts/0/0jaiv��Ql�02~~~runlevel3.8.0-26-genericv��Q�butty44uv��Q1
    }tty55}v��Q4
                tty22v��Q*

                         �tty33�v��Q&
                                      �tty66�v��Q3
                                                    �tty11�v��Q�
                                                                   ~~~shutdown3.8.0-26-generic���QN%~~~reboot3.8.0-26-generic���Q
y2~~~runlevel3.8.0-26-generic���Q��tty44LOGIN���Q�tty55LOGIN����Q�tty22LOGIN����Q�tty33LOGIN����Q�tty66LOGIN����Q�tty11LOGIN����Q02~~~runleveltty44]��Q��tty55�]��Q��tty22�]��Q��tty33�]��Q��tty66�]��QE�tty11�]��Q��~~~shutdown3.8.0-26-genericj��Q�Q~~~reboot3.8.0-26-genericC��QQ�
                                                                    2~~~runleveltty44LOGINlC��Qptty55LOGINpC��Qvtty22LOGINvC��Qwtty33LOGINwD��Qytty66LOGINyD��Q�tty11LOGIN�E��Q62~~~runlevel3.8.0-26-generice��Qltty44lf��Q
)ptty55pf��Q4vtty22vf��Q�7wtty33wf��Q�=ytty66yf��Q�B�tty11�f��Q�^~~~shutdown3.8.0-26-generics��Q
~~~reboot3.8.0-26-genericZ?�Qغ2~~~runlevel3.8.0-26-genericZ?�Q��tty44LOGINZ?�Q�tty55LOGIN�Z?�Q�tty22LOGIN�Z?�Q�tty33LOGIN�Z?�Q�tty66LOGIN�Z?�Q�tty11LOGIN�[?�Q62~~~runlevel3.8.0-26-generich?�QCtty44h?�Q �tty55�h?�Qm�tty22�h?�Q9�tty33�h?�Q��tty66�h?�Q�tty11�h?�Q��~~~shutdown3.8.0-26-generick?�Q5~~~reboot3.8.0-26-generic��Q�>2~~~runlevel3.8.0-26-generic��Q�4utty44LOGINu��Q{tty55LOGIN{��Q�tty22LOGIN���Q�tty33LOGIN���Q�tty66LOGIN���Q�tty11LOGIN���Q02~~~runlevel3.8.0-26-generic���Q�utty44u���Q�{tty55{���Q��tty22����Q�tty33����Q��tty66����Q�tty11����Q"~~~shutdown3.8.0-26-generic���Q(
                   ~~~reboot3.8.0-26-generic���Q=2~~~runlevel3.8.0-26-generic���Q�;etty44LOGINe���Qjtty55LOGINj���Qttty22LOGINt���Qztty33LOGINz���Q�tty66LOGIN����Q�tty11LOGIN����Q�pts/0/0jai:0.0[j�QE5
                                                            pts/0/0jai�m�Q�pts/0/0jai:0.0�m�Q�pts/0/0jain�Q��62~~~runlevel3.8.0-26-generic0n�Q��etty44e0n�Qjtty55j0n�Q�       ttty22t0n�Q
                                    �  ztty33z0n�Q'� �tty66�0n�Q@� �tty11�0n�Qu�    ~~~shutdown3.8.0-26-generic>n�Q��~~~reboot3.8.0-26-generic�+�Q�S2~~~runlevel3.8.0-26-generic�+�Q�{tty44LOGIN{�+�Q�tty55LOGIN��+�Q�tty22LOGIN��+�Q�tty33LOGIN��+�Q�tty66LOGIN��+�Q�tty11LOGIN��+�Qk  pts/0/0jai:0.0<,�Qpts/0/0jaih��Qv�
                  62~~~runlevel3.8.0-26-generic��Q?�{tty44{��QT
�tty55���Q@U
              �tty22���QPW
                            �tty33���QIY
                                          �tty66���QV[
                                                        �tty11���Q�j
                                                                       ~~~shutdown3.8.0-26-generic�Q~~~reboot3.8.0-26-generic�_�Q��2~~~runlevel3.8.0-26-generic�_�Q9bhtty44LOGINh�_�Qltty55LOGINl�_�Qtty22LOGIN�_�Q�tty33LOGIN��_�Q�tty66LOGIN��_�Q�tty11LOGIN��_�Q02~~~runlevel3.8.0-26-generic�_�Q@htty44h�_�Q�ltty55l�_�QJtty22�_�Q+�tty33��_�Q��tty66��_�Q��tty11��_Y~~~shutdown3.8.0-26-generic�_�Qc�~~~reboot3.8.0-26-generic���Q�D2~~~runlevel3.8.0-26-generic���Q7yktty44LOGINk���Qstty55LOGINs���Q�tty22LOGIN����Q�tty33LOGIN����Q�tty66LOGIN����Q�tty11LOGIN����QG
                                                            pts/0/0jai:0.0�-�Q��ktty44k&D�Q�stty55s&D�Q��tty22�&D�Q��tty33�&D�Q<�tty66�&D�Q4�tty11�&D�Q`e~~~shutdown3.8.0-26-generic)D�Q�m
~~~reboot3.8.0-26-generic�Q&�2~~~runlevel3.8.0-26-generic�Q�4ktty44LOGINk�Qptty55LOGINp�Q{tty22LOGIN{�Q|tty33LOGIN|�Q~tty66LOGIN~�Q�tty11LOGIN��h�Q02~~~runlevel3.8.0-26-generic�k�Q�1
                                            ktty44k�k�Q�ptty55p�k�Q�{tty22{�k�Q�|tty33|�k�Q~tty66~�k�Q�tty11��k�Q�~~~shutdown3.8.0-26-generic�k�Q�~~~reboot3.8.0-26-generic���Q|2~~~runlevel3.8.0-26-generic���Q3�tty44LOGIN����Qtty55LOGIN���Q�tty22LOGIN����Q�tty33LOGIN����Q�tty66LOGIN����Q�tty11LOGIN����Qo
�tty44����Qtty55����tty22����Q��tty33����Q��tty66����Q��tty11����Q��~~~shutdown3.8.0-26-generic���Qm�
                                 ~~~reboot3.8.0-26-generic�Q�2~~~runlevel3.8.0-26-generic�Q*�ptty44LOGINp�Qvtty55LOGINv�Q�tty22LOGIN��Q�tty33LOG�tty44LOGIN�Qv�Q�tty55LOGIN�Qv�Q�tty22LOGIN�Qv�Q�tty33LOGIN�Qv�Q�t0#pts/4/4jai:0.0��Qt`�)pts/1/1root:0.0%��Qpts/1/1root~��Q'1pts/4/4jai���Q�02�tty44�i��Q?��tty55�i��Q�tty22�i��Q�tty33�i��Q�tty66�i��Q�tty11�i��Q~~~shutdown3.8.0-26-genericy��Q��~~~reboot3.8.0-26-generic���Q<2~~~runlevel3.8.0-26-generic���Q�Yotty44LOGINo���Qttty55LOGINt���Qztty22LOGINz���Q{tty33LOGIN{���Qtty66LOGIN���Q�tty11LOGIN����Q�
                                                          pts/0/0jai:0.0P(�QDhpts/0/0jaiN*�Q��
              02~~~runlevel3.8.0-26-generic7>�Q֯
                                               otty44o8>�Q�ttty55t8>�Q�ztty22z8>�Q�{tty33{8>�Q5tty668>�Q7�tty11�8>�Qk�~~~shutdown3.8.0-26-genericG>�Q�F~~~reboot3.8.0-26-generic���QZ<2~~~runlevel3.8.0-26-generic���Q�%Ptty44LOGINP���QTtty55LOGINT���QZtty22LOGINZ���Q[tty33LOGIN[���Q^tty66~~~shutdown3.8.0-26-generic��Q��~~~reboot3.8.0-26-generict��Q(sy44P��Q�%
2~~~runlevel3.8.0-26-generict��Q�3
                                   Ptty44LOGINPt��QTtty55LOGINTt��QZtty22LOGINZt��Q[tty33LOGIN[t��Q^tty66LOGIN^t��Q�tty11LOGIN�v��Q�pts/0/0jai:0.0���Qb�pts/1/1jai:0.0���Q��pts/0/0jai���Q��pts/1/1jai���Q�02~~~runlevel3.8.0-26-genericU��Q$:
                Ptty44PV��QTtty55TV��Q�Ztty22ZV��Q[tty33[V��^tty66^V��Q�tty11�V��Q��~~~shutdown3.8.0-26-generice��Q�&~~~reboot3.8.0-26-genericX �Q2~~~runlevel3.8.0-26-genericX �Qf�Ytty44LOGINYX   �Q]tty55LOGIN]X �Qctty22LOGINcX �Qetty33LOGINeX �Qitty66LOGINiX �Q�tty11LOGIN�Y �Qpts/0/0jai:0.0�
�QlU                                             �Q@�pts/1/1jai:0.0
   pts/1/1jaii�Q�L    pts/0/0jaik�Q��n(pts/0/0jai:0.0��Qpts/0/0jai�#�QB02~Ytty44Y�k�Q�(]tty55]�k�Q|1ctty22c�k�Q�Setty33e�k�Q�Witty66i�k�Q�[�tty11��k�Q7�~~~shutdown3.8.0-26-generic�k�QL�~~~reboot3.8.0-26-generic��QMG
2~~~runlevel3.8.0-26-generic��Q�
�tty44LOGIN���Q�tty55LOGIN���Q�tty22LOGIN���Q�tty33LOGIN���Q�tty66LOGIN���QEtty11LOGINE��Q� pts/1/1jai:0.0���Q�h   pts/1/1jaiW��Q.
                                                                              �tty55�^��Q�tty22�^��Q�tty33�^��Q�tty66�^��QEtty11E^��Q�~~~shutdown3.8.0-26-genericr��Q�t~~~reboot3.8.0-26-generic��Q!Q
2~~~runlevel3.8.0-26-generic��Qy
rtty44LOGINr��Qvtty55LOGINv��Q|tty22LOGIN|��Q}tty33LOGIN}��Q�tty66LOGIN���Qxtty11LOGINx��Q� pts/1/1jai:0.0�Q��  pts/2/2jai:0.0O&�QiO
    �   pts/3/3jai:0.0�'�Q~pts/2/2jai�,�Q/pts/3/3jai�,�Q��pts/1/1jai2�Qʸ%pts/�/2jai:0.0O;�Q͵pts/2/2jail<�Q
 7pts/2/2jai:0.0�P�Q(w
                      7pts/4/4jai:0.0�Q�Q'�
                                          pts/2/2jai�[�Qpts/4/4jai�[�Q�i02~~~runlevel3.8.0-26-generic�]�Q�rtty44r�]�Q�
vtty55v�]�Q��
|tty22|�]�Qպ
}tty33}�]�Q9�
�tty66��]�Q��
xtty11x�]�Q�
~~~shutdown3.8.0-26-generic�]�Q��~~~reboot3.8.0-26-generic^�Q|� 2~~~runlevel3.8.0-26-generic^�Q��   �tty44LOGIN�^�Q�tty55LOGIN�^�Q�tty22LOGIN�^�Q�tty33LOGIN�^�Q�tty66LOGIN�^�Q�tty11LOGIN�^�Q  
                                                                pts/1/1jai:0.0�b�Qpts/1/1jai�c�Q΋
62~~~runlevel3.8.0-26-generic�c�Q��tty44��c�Q5�tty55��c�Q��tty22��c�Q��tty33��c�Q��tty66��c�Q�tty11��c�Q##~~~shutdown3.8.0-26-generic
                                                                   d�Q�~~~reboot3.8.0-26-genericI}�Q�
2~~~runlevel3.8.0-26-genericI}�Q5<
                                   �tty44LOGIN�I}�Q�tty55LOGIN�I}�Q�tty22LOGIN�I}�Q�tty33LOGIN�I}�Q�tty66LOGIN�I}�Q�tty11LOGIN�P}�Q~~~reboot3.8.0-26-generic1��Q�2~~~runlevel3.8.0-26-generic1��Q6�tty44LOGIN�1��Q�tty55LOGIN�1��Q�tty22LOGIN�1��Q�tty33LOGIN�1��Q�tty66LOGIN�1��Qtty11LOGIN6��QLpts/1/1jai:0.05*�Q��
                      pts/1/1jai�+�Q1m&pts/0/0jai:0.0�4�pts/0/0jai�5�Q��02~~~runlevel3.8.0-26-generic=�Qq#�tty44�=�Q�.
                                          �tty55�=�Q�1
                                                       �tty22�=�QD4
                                                                    �tty33�=�Q�6
 �tty66�=�9
            tty11=�Q$F
                      ~~~shutdown3.8.0-26-generic=�Q��~~~shutdown3.8.0-26-generic=�Q�%~~~reboot3.8.0-26-generic}��Q)|   2~~~runlevel3.8.0-26-generic}��Q4D
�tty44LOGIN�}��Q�tty55LOGIN�}��Q�tty22LOGIN�}��Q�tty33LOGIN�}��Q�tty66LOGIN�}��Qtty11LOGIN���Q� pts/1/1jai:0.0V��Qpts/1/1jai6��QT�~~~reboot3.8.0-26-generic=��Q2~~~runlevel3.8.0-26-generic=��Q:P   �tty44LOGIN�=��Q�tty55LOGIN�=��Qtty22LOGIN=��Qtty33LOGIN=��Q�tty66LOGIN�=��Q�tty11LOGIN�C��Q02~~~runlevel3.8.0-26-generic���Q��tty44����Q�tty55����Q>tty22���Qtty33���Q~~~shutdown3.8.0-26-generic���Ql�~~~reboot3.8.0-26-genericf�Q%p  2~~~runlevel3.8.0-26-genericf�Q
�   �tty44LOGIN�f�Q�tty55LOGIN�f�Q�tty22LOGIN�f�Q�tty33LOGIN�f�Q�tty66LOGIN�f�Q�tty11LOGIN�k�Q�pts/0/0jai:0.0�{�QFQjai@frank-Jai:~$ 



jai@frank-Jai:~$ sudo cat /var/log/btmp

答案1

您要读取的所有三个文件都以二进制格式存储。它们不是纯文本文件,无法使用普通文本编辑器或使用命令读取cat。这样做会导致输出乱码,正如您所注意到的。

以下是这三个文件各自的功能:

  • 该文件/var/log/btmp记录了失败的登录尝试。
  • 该文件/var/run/utmp允许人们发现有关当前正在使用系统的用户的信息。该文件将包含有关用户登录的信息:在哪些终端上登录、注销、系统事件和系统的当前状态、系统启动时间(正常运行时间所用)等。
  • 该文件/var/log/wtmp提供了utmp数据的历史记录。

您可以使用last命令来读取每个文件。

例如:

sudo last /var/log/btmp` (note: this command needs to be run using sudo)

johndoe@computer:~$ last -f /var/run/utmp
 johndoe   tty7                          Fri Jul 26 17:58   still logged in   
 reboot   system boot  3.5.0-37-generic Fri Jul 26 17:57 - 20:10 (1+02:13)  

johndoe@computer::~$ last -f /var/log/wtmp
 reboot   system boot  3.5.0-37-generic Fri Jul 26 17:57 - 20:16 (1+02:19)   
 johndoe   pts/2        :0               Fri Jul 26 17:52 - 17:55  (00:03)    
 johndoe   pts/5        :0               Fri Jul 26 12:00 - 17:55  (05:55)    
 johndoe   pts/0        :0.0             Fri Jul 26 07:11 - 11:58  (04:46)
 <snip>...

更多信息请参阅:Linux 显示登录日期和时间命令“last”的手册页

答案2

使用 Perl 5

#!/usr/bin/env perl
#
# ripped from https://www.hcidata.info/wtmp.htm

use warnings;

@type=("Empty","Run Lvl","Boot","New Time","Old Time","Init","Login","Normal","Term","Account");
$recs = "";

while (<>) {
    $recs .= $_
};

foreach (split(/(.{384})/s, $recs)) {
    next if length($_) == 0;
    my ($type, $pid, $line, $inittab, $user, $host, $t1, $t2, $t3, $t4, $t5) = $_ =~/(.{4})(.{4})(.{32})(.{4})(.{32})(.{256})(.{4})(.{4})(.{4})(.{4})(.{4})/s;
    if (defined $line && $line =~ /\w/) {
        $line =~ s/\x00+//g;
        $host =~ s/\x00+//g;
        $user =~ s/\x00+//g;
        printf("%s %-8s %-12s %10s %-45s\n",
            scalar(gmtime(unpack("I4", $t3))),
            $type[unpack("I4", $type)],
            $user,
            $line,
            $host,
        )
    };
};

输出内容如下

Tue Dec 20 08:08:25 2022 Term                       pts/0
Mon Dec 26 02:19:58 2022 Normal   root              pts/0 131.191.30.152
Mon Dec 26 17:27:51 2022 Term                       pts/0
Mon Dec 26 18:23:54 2022 Normal   root              pts/0 131.191.30.152
Mon Dec 26 20:06:19 2022 Term                       pts/0
Wed Dec 28 07:07:29 2022 Normal   root              pts/0 131.191.30.152

last是读取 wtmp 文件的规范方法。但是这个 perl 脚本暗示了wtmp 文件格式

摘自这里

相关内容