If the access log is wiped by using the log wiper, the logs are not displayed by the last command. However, the general log wipers such as "zap" write the null on the specified entry of logfile, so you can check the log files whether the logs are wiped. This utility shows the all entries, you can analyze the logfile.
3d85c540b4466b4f0046f37f7823bf8d909d2cfc7cca3cca4fd844009d00ddb0
/*=============================================================================
Log Viewer&Checker Version 1.30
The Shadow Penguin Security (http://shadowpenguin.backsection.net)
Written by UNYUN (shadowpenguin@backsection.net)
=============================================================================
*/
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/file.h>
#include <fcntl.h>
#include <utmp.h>
#include <utmpx.h>
#include <lastlog.h>
#include <pwd.h>
#define UTMP_NAME "/var/adm/utmp"
#define UTMPX_NAME "/var/adm/utmpx"
#define WTMP_NAME "/var/adm/wtmp"
#define WTMPX_NAME "/var/adm/wtmpx"
#define LASTLOG_NAME "/var/adm/lastlog"
void display_utmp(char *fn)
{
int f;
struct utmp utmp_ent;
char buf[10],buf2[32];
if ((f=open(fn,O_RDONLY))>=0){
printf("\n\n[%s]\n",fn);
printf("%-15s %-6s %-15s %-4s %-15s\n","Name","id","Line","Type","Time");
printf("--------------------------------------------------------------------------\n");
while(read (f, &utmp_ent, sizeof (utmp_ent))>0){
strncpy(buf,utmp_ent.ut_id,4);
buf[4]=0;
strncpy(buf2,utmp_ent.ut_user,8);
buf[8]=0;
printf("%-15s %-6s %-15s %4d %s",buf2,buf,utmp_ent.ut_line,utmp_ent.ut_type,asctime(localtime(&utmp_ent.ut_time)));
}
close(f);
}else
printf("Logfile %s can not be opened\n",WTMP_NAME);
}
void display_utmpx(char *fn)
{
int f;
struct utmpx utmpx_ent;
char buf[10];
if ((f=open(fn,O_RDONLY))>=0){
printf("\n\n[%s]\n",fn);
printf("%-15s %-6s %-15s %-4s %-15s\n","Name","id","Line","Type","Host");
printf("--------------------------------------------------------------\n");
while(read (f, &utmpx_ent, sizeof (utmpx_ent))> 0 ) {
strncpy(buf,utmpx_ent.ut_id,4);
buf[4]=0;
printf("%-15s %-6s %-15s %4d %-15s\n",utmpx_ent.ut_user,buf,utmpx_ent.ut_line,utmpx_ent.ut_type,utmpx_ent.ut_host);
}
close(f);
}else
printf("Logfile %s can not be opened\n",WTMP_NAME);
}
void display_wtmp(char *fn)
{
int f;
struct utmp utmp_ent;
char buf[10],buf2[32];
if ((f=open(fn,O_RDONLY))>=0){
printf("\n\n[%s]\n",fn);
printf("%-15s %-6s %-15s %-4s %-15s\n","Name","id","Line","Type","Time");
printf("--------------------------------------------------------------\n");
while(read (f, &utmp_ent, sizeof (utmp_ent))> 0){
strncpy(buf,utmp_ent.ut_id,4);
buf[4]=0;
strncpy(buf2,utmp_ent.ut_user,8);
buf[8]=0;
printf("%-15s %-6s %-15s %4d %s",buf2,buf,utmp_ent.ut_line,utmp_ent.ut_type,asctime(localtime(&utmp_ent.ut_time)));
}
close(f);
}else
printf("Logfile %s can not be opened\n",WTMP_NAME);
}
void display_wtmpx(char *fn)
{
int f;
struct utmpx utmpx_ent;
char buf[10];
if ((f=open(fn,O_RDONLY))>=0){
printf("\n\n[%s]\n",fn);
printf("%-15s %-6s %-15s %-4s %-15s\n","Name","id","Line","Type","Host");
printf("--------------------------------------------------------------\n");
while(read (f, &utmpx_ent, sizeof (utmpx_ent))>0){
strncpy(buf,utmpx_ent.ut_id,4);
buf[4]=0;
printf("%-15s %-6s %-15s %4d %-15s\n",utmpx_ent.ut_user,buf,utmpx_ent.ut_line,utmpx_ent.ut_type,utmpx_ent.ut_host);
}
close(f);
}else
printf("Logfile %s can not be opened\n",WTMPX_NAME);
}
void display_lastlog(char *fn)
{
int f,uid;
struct lastlog newll;
struct passwd *pwd;
if ((f=open(fn, O_RDONLY)) >= 0) {
printf("\n\n[%s]\n",LASTLOG_NAME);
printf("%-10s : %-15s %-15s %s\n","Name","Host","Line","Time");
printf("-----------------------------------------------------------------------\n");
uid=0;
while(read (f, &newll, sizeof (newll))>0){
uid++;
if (newll.ll_time==0) continue;
pwd=getpwuid(uid-1);
printf("%-10s : %-15s %-15s %s",pwd->pw_name,newll.ll_host,newll.ll_line,asctime(localtime(&newll.ll_time)));
}
close(f);
}else
printf("Logfile %s can not be opened\n",LASTLOG_NAME);
}
main()
{
display_wtmp (WTMP_NAME);
display_wtmpx(WTMPX_NAME);
display_utmp (UTMP_NAME);
display_utmpx(UTMPX_NAME);
display_lastlog(LASTLOG_NAME);
}