System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Last Logins /var/adm/wtmp getting wiped out

Last Logins /var/adm/wtmp getting wiped out


I'm trying to use a perl script to look at accounts that haven't logged in the system in ages. The problem is the last logins are being cleared out. I assume it's the /var/adm/wtmp file. The problem is I need it to retain that information. What is it that's clearing that out? That or I need a sure-fire way of determining the last login time. The issue is I"m trying to do it on different platforms and the finger command works great unless you have a problem like this that the information is destroyed.

Michael
5 REPLIES
Jeff_Traigle
Honored Contributor

Re: Last Logins /var/adm/wtmp getting wiped out

If you're running in trusted mode on HP-UX, you can use the following command:

/usr/lbin/getprpw -m slogint username
--
Jeff Traigle
Jeff_Traigle
Honored Contributor

Re: Last Logins /var/adm/wtmp getting wiped out

Oh... and as for what's clearing you wtmp file... you probably have a cron job running that's doing it as part of a cleanup/log rotation process. By default, HP-UX has nothing like that in place and wtmp will keep growing.
--
Jeff Traigle
sysad_boy
Frequent Advisor

Re: Last Logins /var/adm/wtmp getting wiped out

is this file safe to be deleted?

or

can i do this to the file?

cat blank.txt > /var/adm/wtmp

I am actually looking for files under /var to be zipped since may /var is already at 100%.

James R. Ferguson
Acclaimed Contributor

Re: Last Logins /var/adm/wtmp getting wiped out

Hi:

> sysad_boy: You should open your own thread so that replies can be properly assessed by _you_.

...JRF...
Mel Burslan
Honored Contributor

Re: Last Logins /var/adm/wtmp getting wiped out

Normally, system does not clear the last and lastb files on its own. Whatever is happening to clear them out is man made and it might not be very easy to find.

The first place to look at is your rc scripts.

(quick and dirty way)

for file in `find /sbin/rc*d`
do
grep -e wtmp -e btmp ${file}
done

this might tell you, in which rc script your wtmp and btmp is getting cleared.

Also it is a good idea to check root's crontab to see if a job in cron is periodically clearing them out

Hope this helps
________________________________
UNIX because I majored in cryptology...