Subject: Re: Text form of wtmp
To: Ignatios Souvatzis <>
From: Valentin Nechayev <>
List: tech-userlevel
Date: 02/16/2005 16:08:26
 Wed, Feb 16, 2005 at 14:18:27, is wrote about "Re: Text form of wtmp": 

>> Does faster processing really gives anything important in that particular
>> case? There are too few tasks which require automatic reading of wtmp.
>> First law of optimization says "Don't optimize unless really needed".
> I hope you're aware how those records are searched, displayed, and updated.
> E.g. lastlog is mostly searched _backwards_.

Huh? If you say about /var/log/lastlog[x], it isn't searched, it is database.
I say nothing to change utmp and lastlog: they must keep to be binary.
Only for wtmp. wtmp records are _never_ updated (unless a hacker intruded).

> Not good without record sizes 
> at the end of the line... or fixed sizes records.
Well, how /usr/bin/tail displays file? It has good but very simple method.
> Also, you should consider that not all machines are single-effective-user
> desktop machines.

Well, in real practice I had to parse wtmp files first converting them to text
and then using standard text processing tools as Perl scripts.
Only in this direction (binary->text), not backwards.
Why to force admins to reinvent their parsers?