Recipe 8.24 Program: tailwtmp

Every time a user logs into or out of a Unix system, a record is added to the wtmp file. You can't use the normal tail program on it, because the file is in binary format. The tailwtmp program in Example 8-7 knows the format of the binary file and shows every new record as it appears. You'll have to adjust the pack format for your own system.

Example 8-7. tailwtmp

  #!/usr/bin/perl -w
  # tailwtmp - watch for logins and logouts; 
  # uses linux utmp structure, from utmp(5)
  $typedef = "s x2 i A12 A4 l A8 A16 l";
  $sizeof = length pack($typedef, ( ) );
  use IO::File;
  open(WTMP, "< :raw", "/var/log/wtmp") or die "can't open /var/log/wtmp: $!";
  seek(WTMP, 0, SEEK_END);
  for (;;) { 
          while (read(WTMP, $buffer, $sizeof) =  = $sizeof) {
          ($type, $pid,  $line, $id, $time, $user, $host, $addr) 
              = unpack($typedef, $buffer);
          next unless $user && ord($user) && $time;
          printf "%1d %-8s %-12s %2s %-24s %-16s %5d %08x\n", 
              $type,$user,$line,$id,scalar(localtime($time)), 
              $host,$pid,$addr;
      } 
      for ($size = -s WTMP; $size =  = -s WTMP; sleep 1) {  }
      WTMP->clearerr( );
  }