HPE Community
Operating System - HP-UX
1753417 Members
5122 Online
108793 Solutions
New Discussion

Re: how to clean up /var/adm/wtmp and btmp log files

 
bgwest
Occasional Advisor

‎04-14-2017 11:11 AM - edited ‎04-14-2017 11:52 AM

‎04-14-2017 11:11 AM - edited ‎04-14-2017 11:52 AM

Re: how to clean up /var/adm/wtmp and btmp log files

I'm familiar with the binary to ascii conversion (/var/adm/wtmp | /usr/sbin/acct/fwtmp) with tail to shrink the accounting files. What does '$ # > /var/adm/wtmp' actually do? Does it perform that conversion and shrink it to a set number of lines?

Benjamin G. West

"... I pass the hated wasteland with a grin, cause in the end I got my passions." -Aesop Rock
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎04-15-2017 02:55 PM

‎04-15-2017 02:55 PM

Re: how to clean up /var/adm/wtmp and btmp log files

>What does '# > /var/adm/wtmp' actually do?

 

Sets EOF to zero.

0 Kudos
Reply
bgwest
Occasional Advisor

‎04-17-2017 09:09 AM

‎04-17-2017 09:09 AM

Re: how to clean up /var/adm/wtmp and btmp log files

Dennis,

Thanks for the quick reply. Want to make sure I am understanding that correctly. Here are the results of use of this on ascii text file. Does it need to be binary for it to work? Can you point me to the correct man page?

+server$ vi trtest.txt
"trtest.txt" [New file]
is the end of file 0 now?
yes?
no?
checking
testing
checking
test...
~
(...)
"trtest.txt" [New file] 7 lines, 69 characters
+server$
+server$ awk '{print NR}' trtest.txt
1
2
3
4
5
6
7
+server$
+server$ # > trtest.txt
+server$ awk '{print NR}' trtest.txt
1
2
3
4
5
6
7
+server$ # > trtest.txt
+server$ awk 'END{print NR}' trtest.txt
7
+server$ file trtest.txt
trtest.txt:     ascii text
+server$

Thank you again,

Benjamin G. West

"... I pass the hated wasteland with a grin, cause in the end I got my passions." -Aesop Rock
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎04-17-2017 10:50 AM

‎04-17-2017 10:50 AM

Re: how to clean up /var/adm/wtmp and btmp log files

> +server$ # > trtest.txt

 

That "#" was an indication of root's prompt.  In your use, remove it, otherwise it's a comment.

0 Kudos
Reply
bgwest
Occasional Advisor

‎04-17-2017 11:02 AM

‎04-17-2017 11:02 AM

Re: how to clean up /var/adm/wtmp and btmp log files

Silly misinterpretation on my end. Thanks for the clarification.

Benjamin G. West

"... I pass the hated wasteland with a grin, cause in the end I got my passions." -Aesop Rock
0 Kudos
Reply
bgwest
Occasional Advisor

‎06-04-2018 09:00 AM - edited ‎06-04-2018 09:03 AM

‎06-04-2018 09:00 AM - edited ‎06-04-2018 09:03 AM

Re: how to clean up /var/adm/wtmp and btmp log files

This year we ran into issues again with slow logins. This time I wrote a script to handle this every 6-months. 

#!/usr/local/bin/bash
# wtmps / btmps - 6 month backup and trimming routine
# bgw 05/2018
#

liveFilesDir="/var/adm"
# fwtmp, wtmpfix - manipulate connect accounting records
ftwmpCmd=`/usr/lib/acct/fwtmp`
todaysDate=`date +%m%d%y`
backupDir="/logs_ext/login_files"

[[ ! -d "$backupDir" ]] &&
echo -e "\nBackup dir missing -- creating backup dir @$backupDir" &&
mkdir -p $backupDir

chown root:group $backupDir
chmod 750 $backupDir

# backup file names to write into ASCII format
wtmpFile="wtmp.$todaysDate"
wtmpsFile="wtmps.$todaysDate"
btmpFile="btmp.$todaysDate"
btmpsFile="btmps.$todaysDate"

# save each file records in ASCII format
cd $liveFilesDir
$ftwmpCmd < wtmp > $backupDir/$wtmpFile
$ftwmpCmd < wtmps > $backupDir/$wtmpsFile
$ftwmpCmd < btmp > $backupDir/$btmpFile
$ftwmpCmd < btmps > $backupDir/$btmpsFile

# ensure files are still with original permission state
chown adm:adm wtmp wtmps
chmod 664 wtmp wtmps

chown root:other btmp btmps
chmod 600 btmp btmps

# tar trimmed accounting files
tar -cvf $backupDir/acctfiles.$todaysDate.tar $backupDir/[wb]tmp*.$todaysDate*

# compress accounting files
gzip $backupDir/acctfiles.$todaysDate.tar

# now that we have a backup, null out the files
# I've found keeping records in only one file breaks the 'last' and 'lastb' commands
> wtmp
> wtmps
> btmp
> btmps

# if the ascii version of the files needed to be reverted back to binary
# this command can be used for that
# /usr/lib/acct/fwtmp -ic < /logs_ext/wtmps.05252018.tail100 > wtmps.new


I found that from all the suggestions, the best way is to backup and null out both files. Otherwise, the ‘last’ and ‘lastb’ commands break. After running this, both servers have fast logins and our accounting commands are fixed.

Thanks again to everyone’s info! Hopefully this helps someone get quickly on their way someday.

Benjamin G. West

"... I pass the hated wasteland with a grin, cause in the end I got my passions." -Aesop Rock
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.