Operating System - HP-UX
1747980 Members
3640 Online
108756 Solutions
New Discussion

Re: wtmps file size increases rapidly

 
chindi
Respected Contributor

wtmps file size increases rapidly

Hi Guys ,

 

We have a rx6600 server with hpux 11i v2 .

We have observed tht wtmps file size gets increased rapidly .

As a result the server takes long time to login .

Within 7 days it goes to 100 MB , how do i check whats the reason behind it ?

7 REPLIES 7
chindi
Respected Contributor

Re: wtmps file size increases rapidly

Hi ,

 

What i have observed is there are many ftp entrries in syslog.log as shown below ;

 

Sep 18 17:43:08 sidd ftpd[10961]: Data port : 20
Sep 18 17:43:08 sidd ftpd[10961]: FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_34698) Fri Nov 10 10:21:03 GMT 2006) ready.

Is it best practice to log ftp entries in syslog ?

Its acting as internal ftp server .

We have a application which logs in through a user called test and takes file from this server proceses it and transfers back to another server .

Is it filling up my wtmps ?

Can i stop it by running inetd -l ?

 

 

 

Matti_Kurkela
Honored Contributor

Re: wtmps file size increases rapidly

>What i have observed is there are many ftp entrries in syslog.log as shown below ;


Those look like normal messages when ftpd is starting up.

 

There are typically two ways to run ftpd. The HP-UX default configuration makes inetd start ftpd each time a FTP connection comes in. But on high-volume FTP servers with a large number of connections, it might be more appropriate to run ftpd in "standalone mode": i.e. the ftpd daemon process would run all the time, and would process any incoming connections independent from inetd.

 

>We have a application which logs in through a user called test and takes file from this server proceses it and transfers back to another server .

>Is it filling up my wtmps ?

 

Definitely. The ftpd daemon logs all FTP logins to wtmps; this is completely independent from inetd.

 

> Can i stop it by running inetd -l ?

No. By running inetd -l, you might get even more information about incoming connections logged to syslog.log. You would see the IP address of each incoming connection.

 

If you had an unknown host connecting to your TCP port 21 (causing a ftpd process to start), but never actually completing a FTP login, then 'inetd -l' might be useful in identifying the source of that connection.

 

You might want to think about setting up a proper log rotation procedure: for example, a cron job that would archive wtmps and syslog.log once a week automatically and then truncate the active log files immediately after the archiving is complete. The archived versions could be compressed with "gzip -9"; on typical log files, this can achieve a huge compression ratio (a compression ratio of 50-to-1 is fairly common), making the archived logs much easier to handle.

MK
chindi
Respected Contributor

Re: wtmps file size increases rapidly

Hi Matti ,
Can u share log rotation script , if you have it .
Dennis Handly
Acclaimed Contributor

Re: wtmps file size increases rapidly

>We have observed the wtmps file size gets increased rapidly.

 

Have you looked at the last(1) output to see all your ftp logins?

chindi
Respected Contributor

Re: wtmps file size increases rapidly

Hi Dennis ,

 

Yes we have a ftp user called  eft , its filled with the same .

Ajin_1
Valued Contributor

Re: wtmps file size increases rapidly

 

 

find $BKDIR -name 'wtmps.*' -type f -mtime +$RM_LIMIT -exec ls -l {} \;

 

first define $BKDIR  $RM_LIMIT

WTMP_FILE="/var/adm/wtmps"

Thanks & Regards
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Dennis Handly
Acclaimed Contributor

Re: wtmps file size increases rapidly

>find $BKDIR -name 'wtmps.*' -type f -mtime +$RM_LIMIT -exec ls -l {} +

 

I'm not sure how useful this is?  It just finds "backup" copies of wtmps, older than $RM_LIMIT.  Possibly useful to remove the older copies of wtmps.