cancel
Showing results for 
Search instead for 
Did you mean: 

wtmp file shows incorrect dates

 
Highlighted

wtmp file shows incorrect dates

I am running HP-UX 11iv2 (11.23) on several Itanium boxes. I have a job that runs on a daily basis to trim the wtmp and btmp files to keep only the last 30 days. The script has always run fine on the PA-RISC systems and on most of the Itanium systems. Just these half-dozen or so. Output from "last" looks fine, but when I convert wtmp to ASCII using /usr/sbin/acct/fwtmp, the dates for the entries are all "Dec 31 18:00:00 1969" with a bogus IP address for the connection. Anyone know why the epoch date is showing up instead of the current dates? It kind of messes with the script that trims by dates, KWIM?
3 REPLIES 3
Highlighted
Acclaimed Contributor

Re: wtmp file shows incorrect dates

Hi Karen:

If this is one of the servers on which you trimmed the file, I would guess that your trimming corrupted the file. You might want to empty the file and start again:

# cat /dev/null > /var/adm/wtmp

You might also provide more details (a script) that shows *how* you trim.

Regards!

...JRF...
Highlighted

Re: wtmp file shows incorrect dates

I've already zero-ed out the wtmp file and when I checked it again, it was set to the epoch:

root >last
user pts/1 Wed Jul 30 11:22 still logged in

WTMPS_FILE begins at Wed Jul 30 11:22:03
root >/usr/sbin/acct/fwtmp < /var/adm/wtmp
user 1 pts/1 1961 7 0000 0000 0 Dec 31 18:00:00 1969 99.112.115.45
Highlighted
Acclaimed Contributor

Re: wtmp file shows incorrect dates

>I've already zero-ed out the wtmp file and when I checked it again

You may have to kill utmpd(1m), trim then restart it.