HPE Community
Operating System - HP-UX
1753435 Members
4488 Online
108794 Solutions
New Discussion юеВ

Re: how to clean up /var/adm/wtmp and btmp log files

 
Yan Wong
Frequent Advisor

тАО01-13-2003 06:57 PM

тАО01-13-2003 06:57 PM

how to clean up /var/adm/wtmp and btmp log files

Hi folks,

My system is having a large file size for /var/adm/wtmp and /var/adm/btmp. As these are keeping records for login information, can I just empty the data content?

Any better commands on automation?

thanks in advance
0 Kudos
Reply
15 REPLIES 15
John Poff
Honored Contributor

тАО01-13-2003 07:04 PM

тАО01-13-2003 07:04 PM

Re: how to clean up /var/adm/wtmp and btmp log files

Hi,

You can just null out those files like this:

cat /dev/null >/var/adm/wtmp
cat /dev/null >/var/adm/btmp


Here is a thread that talks about pruning the files, saving the information, and also automating the task:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xb9855220af9bd5118ff10090279cd0f9,00.html

JP

0 Kudos
Reply
Michael Tully
Honored Contributor

тАО01-13-2003 07:07 PM

тАО01-13-2003 07:07 PM

Re: how to clean up /var/adm/wtmp and btmp log files

Hi,

You can place these in cron, or do them from the command line.

0 22 1 * * cat /var/adm/wtmp | /usr/sbin/acct/fwtmp > /tmp/ascii_wtmp
5 22 1 * * cat /tmp/ascii_wtmp | /usr/sbin/acct/fwtmp > /var/adm/wtmp

Have a look at the man page for 'fwtmp'

or

# cat /dev/null > /var/adm/wtmp
# cat /dev/null > /var/adm/btmp

HTH
Michael

Anyone for a Mutiny ?
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО01-13-2003 07:15 PM

тАО01-13-2003 07:15 PM

Re: how to clean up /var/adm/wtmp and btmp log files

You can zero out the files but since they contain information about past, current and failed logins, you may want to scan them for abnormalities. The tools are last (for wtmp) and lastb (for btmp). Excessive failures to login (especially root) could be a security problem.

Once you scan (and extract) for useful info, you can zero out the files (they are binary so vi and ASCII tools won't work). Note that wtmp amd btmp are only good for one year as they do not have the year stored. If these files have data longer than one year, there will appear to be ghost sessions present.


Bill Hassell, sysadmin
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО01-13-2003 07:23 PM

тАО01-13-2003 07:23 PM

Re: how to clean up /var/adm/wtmp and btmp log files

Hi:

If for any reason you do not wish to log either successful logins ('/var/adm/wtmp') or unsuccessful ones (in 'var/adm/btmp') then remove the file(s).

The absence of a the file disables the corresponding logging. To re-enable the capture, recreate (touch) the appropriate file(s).

Regards!

...JRF...
0 Kudos
Reply
Sritharan
Valued Contributor

тАО01-13-2003 07:30 PM

тАО01-13-2003 07:30 PM

Re: how to clean up /var/adm/wtmp and btmp log files

Hi,

you no need to empty the files , you just have to trim it down

# > /var/adm/wtmp

# > /var/adm/btmp

or

you can use sam

Routine Tasks -> System Log Files -> /var/adm/btmp and /var/adm/wtmp

here you can also trim other log files.


Thanks & regards
Sri
Known is a drop...unknown is an ocean -> quote from a movie
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

тАО01-13-2003 07:34 PM

тАО01-13-2003 07:34 PM

Re: how to clean up /var/adm/wtmp and btmp log files

You can null this files, but from practice i have seen its better to preserve these files for few weeks.
Best is to write a housekeeping script put it in the cron, which copies these files to some date stamp like btmp.14Jan2002 and then make them zero
> btmp
Also search for old files and keep deleting them.

Cheers
Rajeev
0 Kudos
Reply
T G Manikandan
Honored Contributor

тАО01-13-2003 09:03 PM

тАО01-13-2003 09:03 PM

Re: how to clean up /var/adm/wtmp and btmp log files

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062904760
http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062908330
0 Kudos
Reply
Ravi_8
Honored Contributor

тАО01-13-2003 10:07 PM

тАО01-13-2003 10:07 PM

Re: how to clean up /var/adm/wtmp and btmp log files

Hi,

Yes you can empty the file.

to automate it you can place the command in crontab file to clean the files weekly or monthly.
never give up
0 Kudos
Reply
eran maor
Honored Contributor

тАО01-14-2003 01:16 AM

тАО01-14-2003 01:16 AM

Re: how to clean up /var/adm/wtmp and btmp log files

Hi

you can clean them up with command line :
cat /dev/null >/var/adm/wtmp
cat /dev/null >/var/adm/btmp

SAM :

or you can go to SAM -> routine Task -> systel log files .

over there you can choose to trim any system log file that you want .
love computers
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.