Last command doesn`t show all connections

In your WHM, top left, type in the word rotation. Click the single result shown to check your log rotation settings the system handles for you. Your logs may simply have been rotated.

Older backed up logs for many things can be found in /var/log/ for example messages log is backed up to be messages.1 (or .2 .3 or .4)

 

The symptoms described are normal and indicates that your OS' logrotate configuration was (by default) setup to automatically rotate (archive and optionally compress) old wtmp log data. You can check if you have older copies of the wtmp log using the following command via root SSH access:

Code:

# ls -al /var/log/wtmp*

cPanel/WHM uses "cpanellogd" for its own log rotation features and does not change your OS' logrotate configuration. You may, however, view or modify your OS' logrotate configuration at any time, preferably after making appropriate backup copies.

Here is the path to logrotate's configuration file(s):
/etc/logrotate.conf
/etc/logrotate.d/

On a test system with CentOS v4, the wtmp log file is configured for rotation directly within logrotate.conf, but to help check where it may be on your system you can run the following command:

Code:

# grep -HinR "wtmp" /etc/logrotate.*

Please reference the following related "man" (manual) pages for more verbose documentation:

Code:

# man last
# man wtmp
# man logrotate

 

The quoted logrotate configuration is normal and comes with your OS installation and specifically the logrotate software package, (not cPanel/WHM). The specific entry for "/var/log/wtmp" indicates your logrotate configuration is set to rotate the log data used by "last" on a monthly basis; this is why when using "last" it appeared to reset or only go back as far as the 1st day of the month.