Apparently the hostname information is recorded at login if available, otherwise the IP is recorded. Therefore, if a reverse DNS lookup succeeded then there is no way to access to the IP address of the connecting system after the fact. > Does anyone know of a script/tool to parse the utmpx file from a > Solaris 8 system besides last? > > We're trying to do some auditing after a possible compromise but > last does a lookup on the src IP address so we're getting a bum > domain name rather then something more useful. > > > Thanks for any pointers. > Keith. > > -- > _______________________________________________ > sunmanagers mailing list > sunmanagers@sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers -- _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Mon Feb 7 17:20:50 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:43 EST