What do the wtmp and wtmp.1 files do?
Where is user login information stored in the Unix agent directory structure?
Where are the wtmp and wtmp.1 files stored?
VigilEnt Security Agent for Unix 5.0
In some Unix operating system environments, the user login information stored in the wtmp file (wtmpx for IRIX and Solaris) is frequently cleared. In these environments, the dormant account and other user account reports that return last login information can be incorrect. This may be the case especially if the wtmp/wtmpx file reset interval is much shorter than the interval set for the report to generate information.
To offset this potential for incorrect information, you can configure the wtmp rule group in Unix Manager to allow for login information from the operating system to be stored in the agent directory structure. The wtmp and wtmp.1 files hold this configuration information, and are located in the InstallationDirectory/vsau/local/log directory on the Unix agent computer. For information on how to configure this setting, see NETIQKB45882: "How do I set up the wmtp rolling log file mechanism in the wtmp Rule Group?" at www.netiq.com/kb/esupport/consumer/solutionarea.asp?id=NETIQKB45882.