Re: filling wtmp

 
Anders Gullberg
Frequent Advisor

filling wtmp

Hi all,
I have some problems something that filling up wtmp.
When i run strings /var/adm/wtmp i got a lot of mess that says:

mxlogmgrcms4
?TUp

First i thought it be something with SCM (service control manager) so unstall it, but the problem still exist.

Anyone that have clue what it could be?

Regards Anders
9 REPLIES 9
Tim Adamson_1
Honored Contributor

Re: filling wtmp

The wtmp file is a binary file. The strings command may produce some garbage output. If you want to check the contents, use the fmtmp command and if it needs fixing use fwtmpfix.

Refer to the fwtmp(1M) man page for more information.


Tim
Yesterday is history, tomorrow is a mystery, today is a gift. That's why it's called the present.
T G Manikandan
Honored Contributor

Re: filling wtmp

convert to ascii format and view the enttries # /usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/wtmp
Elena Leontieva
Esteemed Contributor

Re: filling wtmp

To read wtmp:

cat /var/adm/wtmp | /usr/sbin/acct/fwtmp

To clear it out, do a copy first and then clear it:

cp /var/adm/wtmp /var/adm/wtmp.old
> /var/adm/wtmp

Elena.
Anders Gullberg
Frequent Advisor

Re: filling wtmp

Hi all
Thanks for your quick response!
I know its a binaryfile and so on. My question was really if anyone could recognize the message to any command,demon, process, applikation or what ever.

Iv still dont figured out what it is that writing this in the file.

//Anders
Elena Leontieva
Esteemed Contributor

Re: filling wtmp

Andres,

Just in case you do not have this document that shows the steps to remove it:
Document description: How do I remove Service Control Manager (SCM) from the CMS.
Document id: KBRC00002536

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000065556675

Elena.
John Dvorchak
Honored Contributor

Re: filling wtmp

To answer your question you can man wtmp. Here is the first couple of lines from that man page. Wtmp is filled with data by the login process. You can't stop it from being populated but you can and should trim it occasionally but using the tips given by the other respondents.

utmp(4) utmp(4)

NAME
utmp, wtmp, btmp - utmp, wtmp, btmp entry format

SYNOPSIS
#include
#include

DESCRIPTION
These files, which hold user and accounting information for such
commands as last, who, write, and login (see last(1), who(1),
write(1), and login(1)), have the following structure as defined by
:

If it has wheels or a skirt, you can't afford it.
Darrell Allen
Honored Contributor

Re: filling wtmp

I presume mxlogmgr is not running on your system. Could it be running on another host(s) and logging to your host? Just a guess since I'm not familiar with SCM.

You might try these commands to see if you get any clues as to where the access is from:

last -R
who -a /var/adm/wtmp

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Paddy_1
Valued Contributor

Re: filling wtmp

man getutline

will give you all the tools necessary to perform your task.its fairly simple.

The sufficiency of my merit is to know that my merit is NOT sufficient