Why do the psuedousers
reboot,
shutdown, and
runlevel, show foreign IP
network addresses in the host column of output from the "
last -x" command?
For example, the following are excerpts from the output from "
last -adix". Note that the non-priviliged users that logged on locally have IP addresses of 0.0.0.0, while the output from "
last -adx" would have shown those entries as "
localhost" instead.
Code:
runlevel (to lvl 3) Wed Aug 22 08:53 - 16:28 (3+07:35) 16.208.13.0
reboot system boot Wed Aug 22 08:53 (3+07:35) 161.205.13.0
shutdown system down Tue Aug 21 17:15 - 16:28 (3+23:12) 45.217.2.0
runlevel (to lvl 0) Tue Aug 21 17:15 - 17:15 (00:00) 114.20.10.0
johndoe2 pts/16 Tue Aug 21 17:07 - 17:08 (00:01) 0.0.0.0
janedoe2 pts/16 Tue Aug 21 16:23 - 16:33 (00:09) 0.0.0.0
runlevel (to lvl 3) Tue Aug 21 12:12 - 17:15 (05:03) 25.236.10.0
reboot system boot Tue Aug 21 12:12 (05:03) 217.233.10.0
shutdown system down Tue Aug 21 12:11 - 17:15 (05:04) 127.101.2.0
runlevel (to lvl 6) Tue Aug 21 12:10 - 12:11 (00:00) 35.54.10.0
runlevel (to lvl 3) Tue Aug 21 12:05 - 12:10 (00:05) 96.49.0.0
reboot system boot Tue Aug 21 12:05 (00:05) 69.47.0.0
shutdown system down Tue Aug 21 08:46 - 12:10 (03:23) 34.226.8.0
runlevel (to lvl 0) Tue Aug 21 08:45 - 08:46 (00:01) 19.201.12.0
Here's another example of those foreign IPs, or '
hosts' as they're
supposed to be, according to the man pages.
Excerpts from "
last -adx" shows some
?network names? in the host entries column:
Code:
runlevel (to lvl 3) Thu Nov 8 17:56 - 13:41 (6+19:44) 41-84-11-0-0.available.africainx.net
reboot system boot Thu Nov 8 17:56 (6+19:44) 213.81.11.0
runlevel (to lvl 3) Thu Nov 8 12:39 - 17:56 (05:17) 228.65.14.0
reboot system boot Thu Nov 8 12:39 (7+01:01) 0-14.63-188.cust.bluewin.ch
shutdown system down Thu Nov 8 12:38 - 13:41 (7+01:02) 2.6.33.4
runlevel (to lvl 6) Thu Nov 8 12:38 - 12:38 (00:00) 249.87.1.0
root tty1 Thu Nov 8 12:34 - down (00:03) localhost
runlevel (to lvl 3) Sat Sep 1 15:51 - 17:10 (31+01:18) 207.228.13.0
reboot system boot Sat Sep 1 15:51 (31+01:18) 162.226.13.0
shutdown system down Sat Sep 1 15:50 - 17:10 (31+01:19) d58-104-12-0.sbr802.nsw.optusnet.com.au
runlevel (to lvl 6) Sat Sep 1 15:50 - 15:50 (00:00) 207.57.8.0
While the output from "
last -adix" shows only
network numbers, in the
hosts column for these same events:
Code:
runlevel (to lvl 3) Thu Nov 8 17:56 - 13:41 (6+19:44) 41.84.11.0
reboot system boot Thu Nov 8 17:56 (6+19:44) 213.81.11.0
runlevel (to lvl 3) Thu Nov 8 12:39 - 17:56 (05:17) 228.65.14.0
reboot system boot Thu Nov 8 12:39 (7+01:01) 188.63.14.0
shutdown system down Thu Nov 8 12:38 - 13:41 (7+01:02) 192.77.9.0
runlevel (to lvl 6) Thu Nov 8 12:38 - 12:38 (00:00) 249.87.1.0
root tty1 Thu Nov 8 12:34 - down (00:03) 0.0.0.0
runlevel (to lvl 3) Sat Sep 1 15:51 - 17:10 (31+01:18) 207.228.13.0
reboot system boot Sat Sep 1 15:51 (31+01:18) 162.226.13.0
shutdown system down Sat Sep 1 15:50 - 17:10 (31+01:19) 58.104.12.0
runlevel (to lvl 6) Sat Sep 1 15:50 - 15:50 (00:00) 207.57.8.0
Why are there foreign IP network addresses in the output from "last -adix"???
