I’m trying to figure out weird entries in /var/log/wtmp.
Running “last” command gives me output like this:
root pts/0 192.168.154.1 Wed Feb 10 07:36 still logged in
(unknown :0 :0 Wed Feb 10 07:35 still logged in
reboot system boot 4.12.14-120-defa Wed Feb 10 07:35 - 07:40 (00:05)
Checking with “who” and “lastb” commands does not reveal anything suspicious regarding user login. When I switch runlevel from graphical.target to multi-user.target there are no more “unknown” entries, so I pressume that graphical user interface is the culprit. This is happening on SLES 12 sp5.
Any ides how to disable/fix these entries?
@Zrinko Hi and welcome to the Forum
Could be either gdm or your user, I’m assuming a
whoami when logged into the desktop session is correct? Or are you using a different login manager or desktop?
Usually I connect over ssh and then there is no strange records.
“whoami” output in desktop session is correct, but login into desktop session also triggers new unknown entry.
Also, unknown entry appears right after every reboot, without any user even trying to login.
@Zrinko Hi, so if you boot to multi-user.target instead of graphical.target does the entry disappear? If so I suspect gdm user…
Yes, when using multi-user.target there is no unknown entries. They appears only when graphical interface is enabled.
@Zrinko Hi, so likely a gdm process/user… are you in a position to open a Support Request, if so that would be the best route to get the issue resolved.
Yes, I can open support request.