utmp log file, Linux/glibc version: format specification

KS implementation details

License: CC0-1.0

References

This page hosts a formal specification of utmp log file, Linux/glibc version using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.

Block diagram

Format specification in Kaitai Struct YAML

meta:
  id: glibc_utmp
  title: utmp log file, Linux/glibc version
  xref:
    wikidata: Q3570128
  tags:
    - linux
    - log
  license: CC0-1.0
  endian: le
seq:
  - id: records
    size: 0x180
    type: record
    repeat: eos
types:
  record:
    seq:
      - id: ut_type
        type: s4
        doc: Type of login
        enum: entry_type
      - id: pid
        type: u4
        doc: Process ID of login process
      - id: line
        type: str
        encoding: UTF-8
        size: 32
        doc: Devicename
      - id: id
        type: str
        encoding: UTF-8
        size: 4
        doc: Inittab ID
      - id: user
        type: str
        encoding: UTF-8
        size: 32
        doc: Username
      - id: host
        type: str
        encoding: UTF-8
        size: 256
        doc: Hostname for remote login
      - id: exit
        type: u4
        doc: Exit status of a process marked as DEAD_PROCESS
      - id: session
        type: s4
        doc: Session ID, used for windowing
      - id: tv
        type: timeval
        doc: Time entry was made
      - id: addr_v6
        size: 16
        doc: Internet address of remote host
      - id: reserved
        size: 20
  timeval:
    seq:
      - id: sec
        type: s4
        doc: Seconds
      - id: usec
        type: s4
        doc: Microseconds
enums:
  entry_type:
    0: empty
    1: run_lvl
    2: boot_time
    3: new_time
    4: old_time
    5: init_process
    6: login_process
    7: user_process
    8: dead_process
    9: accounting