Ubuntu-Forum & Kubuntu-Forum | www.Ubuntu-Forum.de

Ich versuche mit perl /var/log/wtmp auszulesen. Jedoch bekomme ich das Template nicht hin. Kann mir wer helfen?

Ich bin in der utmp.h den Abschnitt struct utmp durchgegangen und komme auf folgendes

char ut_line, char ut_id, char ut_user, char ut_host müssten A32 A4 A32 A256 sein. Doch den Rest kann ich nicht auslesen.

Folgenden perl Einzeiler habe ich gefunden, der zumindest funktioniert:
perl -we '@type=("Empty","Run Lvl","Boot","New Time","Old Time","Init","Login","Normal","Term","Account");$recs = ""; while (<>) {$recs .= $_};foreach (split(/(.{384})/s,$recs)) {next if length($_) == 0;my ($type,$pid,$line,$inittab,$user,$host,$t1,$t2,$t3,$t4,$t5) = $_ =~/(.{4})(.{4})(.{32})(.{4})(.{32})(.{256})(.{4})(.{4})(.{4})(.{4})(.{4})/s;if (defined $line && $line =~ /\w/) {$line =~ s/\x00+//g;$host =~ s/\x00+//g;$user =~ s/\x00+//g;printf("%s %-8s %-12s %10s %-45s \n",scalar(gmtime(unpack("I4",$t3))),$type[unpack("I4",$type)],$user,$line,$host)}}print"\n"' </var/log/wtmp

Ubuntu Version 12.04

--------------------------------------
mein skript:
#!/usr/bin/perl
#

#use warnings;
#use strict;
use User::Utmp qw(:constants :utmp);

# this is the template we're going to feed to unpack( )
$template = "A32 A32 A256 l";
# this uses pack( ) to help us determine the size (in bytes)
# of a single record
$recordsize = length(pack($template,( )));

# open the file
open(WTMP,"/var/log/wtmp") or die "Unable to open wtmp:$!\n";

# read it in one record at a time
while (read(WTMP,$record,$recordsize)) {
# unpack it, using our template
($tty,$name,$host,$time)=unpack($template,$record);
# handle the records with a null character specially
# (see below)
if ($name and substr($name,0,1) ne "\0"){
print "$tty:$name:$host:" ,
scalar localtime($time),"\n";
}
else {
print "$ttylogout)logout):",
scalar localtime($time),"\n";
}
}

# close the file
close(WTMP);
---------------------------------------------------------
die utmp.h (gekürzt)

#define UT_LINESIZE 32
#define UT_NAMESIZE 32
#define UT_HOSTSIZE 256

/* The structure describing an entry in the database of
previous logins. */
struct lastlog
{
#if __WORDSIZE == 64 && defined __WORDSIZE_COMPAT32
int32_t ll_time;
#else
__time_t ll_time;
#endif
char ll_line[UT_LINESIZE];
char ll_host[UT_HOSTSIZE];
};

/* The structure describing the status of a terminated process. This
type is used in `struct utmp' below. */
struct exit_status
{
short int e_termination; /* Process termination status. */
short int e_exit; /* Process exit status. */
};

/* The structure describing an entry in the user accounting database. */
struct utmp
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
char ut_line[UT_LINESIZE]; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
char ut_user[UT_NAMESIZE]; /* Username. */
char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
32- and 64-bit. This allows data files and shared memory to be
shared between 32- and 64-bit applications. */
#if __WORDSIZE == 64 && defined __WORDSIZE_COMPAT32
int32_t ut_session; /* Session ID, used for windowing. */
struct
{
int32_t tv_sec; /* Seconds. */
int32_t tv_usec; /* Microseconds. */
} ut_tv; /* Time entry was made. */
#else
long int ut_session; /* Session ID, used for windowing. */
struct timeval ut_tv; /* Time entry was made. */
#endif

int32_t ut_addr_v6[4]; /* Internet address of remote host. */
char __unused[20]; /* Reserved for future use. */
};


so habe ich versucht das template nach der utmp zu schreiben

short int ut_type --> s
pid_t ut_pid --> L! oder i
char ut_line[UT_LINESIZE] --> A32
char ut_id[4] --> A4
char ut_user[UT_NAMESIZE] --> A32
char ut_host[UT_HOSTSIZE] --> A256
struct exit_status ut_exit; --> s

int32_t ut_session --> ?

int32_t tv_sec --> ?
int32_t tv_usec --> ?
ut_tv --> ?

long int ut_session --> L
struct timeval ut_tv --> ?

int32_t ut_addr_v6[4] --> ?
char __unused[20] --> A20