What information does WTMP logs provide in a UNIX/Linux environment?

The WTMP log in a UNIX/Linux environment is primarily used to maintain a historical record of user logins and logouts on the system. This log tracks when users have accessed the system, including abrupt terminations of their sessions. The logs serve as a crucial auditing tool, allowing administrators to review past user activity.

The information contained within WTMP includes details such as the usernames, the terminal from which they accessed the system, the date and time of each login and logout session, and the duration of those sessions. This is different from the current users who are actively logged into the system, which would be recorded by different commands or logs, such as the output from the 'who' or 'w' commands. Hence, this makes it unique to track historical login information rather than just the real-time snapshot of who is logged in.

Understanding WTMP logs is vital for security monitoring and can help administrators detect unauthorized access or other security issues over time.