5.10 Log files
A summary of accounting information is kept in the file /var/adm/savacct.
The program, /usr/ucb/lastcomm, is used to show all commands run since accounting was started (/var/adm/pacct was created).
Statistics on each process, e.g. number of times called, CPU minutes, total elapsed time, etc., is given by the /usr/etc/sa command. It gets this information from /var/adm/pacct and puts it into /var/adm/savacct.
A record of all logins and logouts is kept in /var/adm/wtmp.
The record of current users is kept in /etc/utmp.
To list all user logins since /var/adm/wtmp was created use the /usr/ucb/last command, e.g.:
amit ttyp0 ivy Tue May 15 16:54 - 16:55 (00:01)
chohan ttyp7 galifrey.acs.oh Tue May 15 13:04 - 17:05 (04:00)
amit ttyp7 slippry1.acs.oh Tue May 15 12:49 - 12:51 (00:01)
chohan ttyp8 charm.acs.ohio- Tue May 15 12:19 - 12:21 (00:01)
To show the connect time of all users since /var/adm/wtmp was created use /usr/etc/ac or /usr/lib/acct/acctcon.
The file /var/adm/lastlog keeps the last login record for each user.
The general system message and error log file is /var/adm/messages and /var/log/syslog, as specified in /etc/syslog.conf.
The script, /usr/lib/newsyslog, is run periodically by cron to clean up /var/adm/messages and /var/log/syslog. You should modify this script, or write your own, to properly update all your log files.