is a program that attempts to determine what files
were accessed or modified within a given time frame.
The information is either calculated on the fly (with the
-d flag) or taken from an already calculated database; see
Format of the time is typically month/date/year - e.g. 4/5/2009.
It requires a full four digit year, and the date must be after 1/1/1970.
is a date that should be after
it makes the program look for dates in this range.
use this file as an alternate "body" file (the file that
has all the information about the file system), instead of what
is configured in coroner.cf.
directory. Scans and reports on this directory instead of using the
existing database; e.g. does NOT use the existing body database file.
debugging flag. Lots and lots of output. You don't want this!
flag files listed in file as a different color (HTML only).
uses an alternate group file for printing groups.
emit some simple HTML stuff rather than plain ASCII text.
takes "last" output, sort of, as a time. Last looks like:
zen ttyp2 random.trouble.o Sat Mar 21 16:24 - 11:43 (19:19)
This program wants everything from the date on; in this case, the: "Sat Mar 21 16:24 - 11:43 (19:19)" bit. Note that it calculates the time the user was on from the parenthesized time, not the time after the "-", which doesn't do multiple days, etc. very well. It doesn't understand certain things like "still logged in":
zen ftp 184.108.40.206 Sun Mar 22 13:49 still logged in