- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: wtmps file size increases rapidly
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2013 02:41 AM
09-18-2013 02:41 AM
wtmps file size increases rapidly
Hi Guys ,
We have a rx6600 server with hpux 11i v2 .
We have observed tht wtmps file size gets increased rapidly .
As a result the server takes long time to login .
Within 7 days it goes to 100 MB , how do i check whats the reason behind it ?
- Tags:
- wtmps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2013 05:07 AM
09-18-2013 05:07 AM
Re: wtmps file size increases rapidly
Hi ,
What i have observed is there are many ftp entrries in syslog.log as shown below ;
Sep 18 17:43:08 sidd ftpd[10961]: Data port : 20
Sep 18 17:43:08 sidd ftpd[10961]: FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_34698) Fri Nov 10 10:21:03 GMT 2006) ready.
Is it best practice to log ftp entries in syslog ?
Its acting as internal ftp server .
We have a application which logs in through a user called test and takes file from this server proceses it and transfers back to another server .
Is it filling up my wtmps ?
Can i stop it by running inetd -l ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2013 07:00 AM
09-18-2013 07:00 AM
Re: wtmps file size increases rapidly
>What i have observed is there are many ftp entrries in syslog.log as shown below ;
Those look like normal messages when ftpd is starting up.
There are typically two ways to run ftpd. The HP-UX default configuration makes inetd start ftpd each time a FTP connection comes in. But on high-volume FTP servers with a large number of connections, it might be more appropriate to run ftpd in "standalone mode": i.e. the ftpd daemon process would run all the time, and would process any incoming connections independent from inetd.
>We have a application which logs in through a user called test and takes file from this server proceses it and transfers back to another server .
>Is it filling up my wtmps ?
Definitely. The ftpd daemon logs all FTP logins to wtmps; this is completely independent from inetd.
> Can i stop it by running inetd -l ?
No. By running inetd -l, you might get even more information about incoming connections logged to syslog.log. You would see the IP address of each incoming connection.
If you had an unknown host connecting to your TCP port 21 (causing a ftpd process to start), but never actually completing a FTP login, then 'inetd -l' might be useful in identifying the source of that connection.
You might want to think about setting up a proper log rotation procedure: for example, a cron job that would archive wtmps and syslog.log once a week automatically and then truncate the active log files immediately after the archiving is complete. The archived versions could be compressed with "gzip -9"; on typical log files, this can achieve a huge compression ratio (a compression ratio of 50-to-1 is fairly common), making the archived logs much easier to handle.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2013 08:26 AM
09-18-2013 08:26 AM
Re: wtmps file size increases rapidly
Can u share log rotation script , if you have it .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2013 12:10 PM
09-18-2013 12:10 PM
Re: wtmps file size increases rapidly
>We have observed the wtmps file size gets increased rapidly.
Have you looked at the last(1) output to see all your ftp logins?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2013 10:06 PM
09-18-2013 10:06 PM
Re: wtmps file size increases rapidly
Hi Dennis ,
Yes we have a ftp user called eft , its filled with the same .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2013 06:27 AM
09-19-2013 06:27 AM
Re: wtmps file size increases rapidly
find $BKDIR -name 'wtmps.*' -type f -mtime +$RM_LIMIT -exec ls -l {} \;
first define $BKDIR $RM_LIMIT
WTMP_FILE="/var/adm/wtmps"
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2013 12:21 PM
09-19-2013 12:21 PM
Re: wtmps file size increases rapidly
>find $BKDIR -name 'wtmps.*' -type f -mtime +$RM_LIMIT -exec ls -l {} +
I'm not sure how useful this is? It just finds "backup" copies of wtmps, older than $RM_LIMIT. Possibly useful to remove the older copies of wtmps.