man uaklogin
NAME
uaklogin - Reports login terminal and process information
SYNOPSIS
uaklogin -options
DESCRIPTION
The uaklogin command reports terminal information from the utmp or
wtmp files, terminal access (read) and modify (write) times obtained
from the terminal device special file (such as /dev/tty*), and
optionally process tree information from a 'ps' variant.
This began as a utility to dump the contents of the utmp or wtmp
files which grew to include options to select or filter specific
information. When reading the utmp file, terminal access (keyboard
input) and modify (terminal output) times are also displayed and
options and filters also exist for displaying process tree informa-
tion. The uaklogin command provides in a single command the ability
to display terminal and process information often gathered through a
combination of finger and multiple ps commands. Because of the vol-
ume of information displayed, a 132 column screen is effectively
required.
ACTIONS (only one may be specified)
-utmp
Utilize the utmp file. This is the default. Where availabe (IRIX,
etc.) the extended utmpx file format is used. Process tree display
and command filters are applicable only with the utmp file.
-wtmp Utilize the wtmp file.
-both Utilize both the utmp and wtmp files.
-files filename[s]
To specify an input filename(s) which must be in ?tmp for-
mat. Multiple files can be white space (in quotes) or comma
separated.
!x For IRIX (sgi), use utmp|wtmp file and utmp record format.
instead of default extended utmpx format and files.
OPTIONS (general)
-ps To include a process tree of matching records. Can only be
used with -utmp. Implies -User if no record type filter was
specified. The -ps option is implied with -comm, +comm,
-Parents, -pid or =pid.
-Parents
To includes parent and ancestor processes. Implies -ps.
-terminal
To generate stdout lines in format "pid # user # tname #
idle time" which can be piped into an xargs kill or into
ua_killer.ksh. Written to stdout, use -output to isolate off
the logging output.
+terminal
To skip utmp record display, this option is really only per-
tinent with -pid or =pid options, you might as well use a 'ps
-p list'.
-output filename
To specify an output file (other than stdout).
-binary filename
To specify a binary output file for selected records.
-verbose
To include display of command options and some debugging
information.
-debug To include additional debugging information with ps.
-Width characters
To specify line width, default 132 maximum 512 characters.
-Replay filename
To replay captured ps output.
-res options
To specify alternate or additional resource options to ps.
For example: -r etime,time,pcpu
!utmp To ignore utmp or wtmp files and only report ps entries.
-? Display terse help message.
OPTIONS (filters)
If multiple filter options are specified the result is a logical
'and'.
-pid pid1[,pid2...]
To display tree of a specific pid. Implies -Parents. Can-
not be used with -line because will set line to that of pid.
If pid does not correspond to a terminal the proces tree is
displayed regardless of any other filter criteria.
=pid pid1[,pid2...]
To display particular pid(s) without complete tree(s).
=ppid ppid1[,ppid2...]
To display particular ppid(s) without complete tree(s).
-idle minutes
To select only utmp entries where the corresponding
/dev/tty* access time (keyboard input) is greater than the
specified number of minutes.
-newer time|date
To select records newer than specified:
hh:mm[:ss]
mm/dd[/yyyy]
[yyyy]-mm-dd
deltaX from current, where X is:
s seconds
m minutes
h hours
d days
w weeks
y years
-older time|date
To select records older than specified (see above).
-name user1[,user2...]
To select one or more users to report on.
-userid user1[,user2...]
To select one or more users to report on, alias of -name.
+name user1[,user2...]
To exclude specific users.
+userid user1[,user2...]
To exclude specific users, alias of +name.
-line tty1[,tty2...]
To select one or more terminal names to report on.
The * and ? wildcards can be used.
+line tty1[,tty2...]
To exclude specific terminal names.
-command command1[,command2...]
To select one or more commands to report on. The * and ?
wildcards can be used. Implies the -ps option and will
report the process tree if the command is found anywhere in
the tree. The command string includes any options (up to 64
bytes) so an implied wildcard is added to the specified com-
mand(s). A leading * may be required if the command was
invoked with full path. Leading wildcards require the com-
mand string be enclosed in quotes.
+command command1[,command2...]
To exclude specific commands.
OPTIONS (record type)
With -ps or any option which implies -ps, the default is -User if
nothing is specified. Otherwise, the default is -All record types.
Any specifications of record type are logically or'd.
-User To select only user records.
-Dead To select only 'dead' records.
-Login To select only login records.
-Other To select only 'other' records (e.g., boot, run-level,
etc.).
-All To select all record types.
EXAMPLES
Note, terminal access time reflects keyboard input and terminal mod-
ify time reflects output to terminal. Prior to the pid display is a
digit indicating the level of the process in the tree from init. In
the case of non-terminal processes the level is displayed as nega-
tive numbers.
Standard format:
iceberg2: uaklogin -u abennett
# 2006-05-17@13:55:15
#_Entry_Time_:_pid__:__user_:_Access__:_Mod-
ify__:_id___:__line:__type:trm_ext:_login_host
#
05/17@083109_:_97986:aben-
net:_05.24.05:_05.24.05:pts/6_:pts/6_:User__:_0,_0:blot.uaf.edu
With the -ps option:
iceberg2: uaklogin -p 708794
# 2006-05-17@13:57:10
# pid ppid user ELAPSED TIME |__Command__
#
0 1 0 root 22:12:08 00:00:14 |/etc/init
-1 20976 1 root 22:11:46 00:00:00 |/usr/sbin/srcmstr
-2 28936 20976 root 22:11:36 00:00:02 |/usr/sbin/inetd
-3 72422 28936 root 04:17:46 00:00:01 |klogind -c5He
-4 78794 72422 root 04:17:45 00:00:00 |login -p -h arctur
-5 85330 78794 kcar 04:17:45 00:00:01 |-ksh
-6 83880 85330 kcar 00:00 00:00:00 |uaklogin -p 708794
-7 92762 83880 kcar 00:00 00:00:00 |ps -A -o tty,user,
#
#_Entry_Time_:__pid_:__user_:_Access__:_Mod-
ify__:_id_:__line:__type:trm_ext:_login_host
#
05/17@093925_:_78794:kcar___:_00.00.01:_00.00.00:k00_:pts/0_:User__:_9,2b94:arc-
tur
RESTRICTIONS / NOTES
uaklogin has been tested under a variety of UNIX and Linux implemen-
tations. Suggestions for enhancements or bug reports can be
directed to fnkac@uaf.edu.
uaklogin exits:
0 if any records displayed
1 if no matching records
2+ if any error in command syntax
uaklogin utilizes the cci command parser utilized by non-UNIX oper-
ating systems instead of the traditional UNIX getopt() parsing.
Actions and options have been defined to "look like" UNIX style
options, but can be spelled out or abbreviated. For example '-n' is
the same as '-name'. Because of this, multiple options must be
space separated and the hyphen is part of the option name.
The -ps option to generate process tree information utilizes an
internally piped ps command in the format similar to (varies by UNIX
flavor):
ps -A -o user,pid,ppid,etime,cputime,pcpu,args
which is internally parsed. On a system with thousands of pro-
cesses, this can make execution slow like a "ps -ef" command, have
patience.
On IRIX 6.2 'ps -A' returns tty name in the form of pts/* instead of
tty* returned by a 'ps' (without -A) and as retained in the utmp
file. Because of that, uaklogin on __sgi systems matches -pid
requests against the userid instead of tty name and does a secondary
match against the pid. The IRIX 6.2 utmpxname()|getutxent() func-
tions are broken, getutxsgi() is provided as a replacement... see
the comments in the routine.
On Macintosh OSX the utmp record format is rather bare (no record
type and no pid) so all record types are unknown.
ACKNOWLEDGEMENTS
The uaklogin utility was written at the University of Alaska.
Concepts for constructing the process tree information were obtained
from pstree v1.4 provided by Fred Hucht (hal6000.Uni-Duisburg.DE).
The re-written pstree code is available as a function for other
applications, look at uaps_get() within the distribution.
RELATED INFORMATION
Files: utmp(4), wtmp(4), utmpx(4), wtmpx(4).
Commands:
ps(1), finger(1), uakpacct(1), uaps(1), last(1).