NAME

       chkwtmp - check wtmp file deleted entries

SYNOPSIS

       chkwtmp looks for data deleted from wtmp

DESCRIPTION

       chkwtmp  examines  the  file /var/log/wtmp for entries which have been overwritten (containing only null-
       bytes). If such entries are found the program displays the timestamps of the entries before and after the
       deleted entry, providing an idea of when the entry was deleted.

       chkwtmp needs to be able to read /var/log/wtmp.  Normally this  file  is  world-readable  so  no  special
       privileges are required.

FILES

       /var/log/wtmp
              database of logins and logouts.

SEE ALSO

       wtmp(4), who(1)

LIMITATIONS

       An entry is recognized as overwritten if the time-information has been overwritten with null-bytes.

       This  program  was  originally  designed  to  run  on  SunOS  4.x systems. On other systems the output is
       undefined.

                                                  Oct 23, 2021                                        CHKWTMP(8)