Originally Posted by vaaub
I want to know how I can find the user login record if the /var/log/wtmp is deleted. What I want to know is who log into the system and the user's ip if he is using putty to access remotely.
Thanks a lot!
You won't be able to tell what terminal emulator he's using remotely, no matter what, only what port they connect to, such as SSH or telnet.
If wtmp is gone, your only other option is to look at the system logs, and see if login messages are getting saved there.