/etc/wtmp

 
SOLVED
Go to solution

/etc/wtmp

What is the best way to trim the /etc/wtmp file?

Thanks,

-Chris D.
6 REPLIES 6
Sanjay_6
Honored Contributor
Solution

Re: /etc/wtmp

Hi,

The easy way is to do a cat

cat /dev/null >/etc/wtmp

here is a thread for some additional info.

http://us-support.external.hp.com/cki/bin/doc.pl/sid=6831053f02947ad6b6/screen=ckiDisplayDocument?docId=200000053199208

Hope this helps.

thanks
Craig Rants
Honored Contributor

Re: /etc/wtmp

Trim or delete? You may want to save a few old wtmp files for reference later. I would do something like this:

DATE=`date +%m%d%Y`
cp wtmp wtmp.$DATE
cat /dev/null > wtmp
gzip wtmp.$DATE (This may depend on the size of the file)

Just my thoughts
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
James R. Ferguson
Acclaimed Contributor

Re: /etc/wtmp

Hi:

If you want to completely null the file, then:

# cat /dev/null > /var/adm/wtmp

Note that /etc/wtmp is a link to /var/adm/wtmp.

If, on the otherhand, you want to keep some of its contents, you must do something like this:

# /usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/wtmp

This converts the binary file to an ASCII formatted one which you may edit and convert back to binary:

# /usr/sbin/acct/fwtmp -ic < /tmp/wtmp > /var/adm/wtmp

You can perform similar manipulations with the 'btmp' data for "bad" logins.

If you wish to totally stop logging to either the 'wtmp' or 'btmp' file, *remove* the file(s) you don't want.

Regards!

...JRF...
Roger Baptiste
Honored Contributor

Re: /etc/wtmp

Hi,

wtmp holds useful info
on user login/logout activity.
So, instead of deleting or
trimming it, make a copy
of the file and then zero it.

#cp /etc/wtmp /etc/wtmp.OLD
#>/etc/wtmp

-raj
Take it easy.
Dan Decker
Frequent Advisor

Re: /etc/wtmp

Hello

Another way not mentioned is to go into Sam and edit you system files under Routine task when you highlight the individual line than click your tab key select actions, trim, you can choose to trim it back to zero or to a percentage so you do have some documentation on logins

Hope this helps
DKD
It's not done Till I am satisfied
Dan Decker
Frequent Advisor

Re: /etc/wtmp

I just realized there is no percentage option for wtmp it will only allow you to trim back to zero in SAM, for other log files this option is available. Sorry for the wrong info
It's not done Till I am satisfied