HPE Community
Operating System - HP-UX
1833294 Members
3226 Online
110051 Solutions
New Discussion

Re: Core Dump - last command

 
Soumen Ghosh_1
Occasional Advisor

‎09-18-2002 09:40 PM

‎09-18-2002 09:40 PM

Core Dump - last command

Hello,

On HP-UX 11, last command is giving core dump. wtmp file exists under /var/adm directory. There is no problem regarding access permission of wtmp file and last was executed as root. I can also issue file command to check the type of wtmp file. It shows - data.

Any idea what could go wrong?

I can issue lastb command to get the login history from btmp file.

Thanks in advance.

Soumen Ghosh
0 Kudos
Reply
4 REPLIES 4
T G Manikandan
Honored Contributor

‎09-18-2002 09:48 PM

‎09-18-2002 09:48 PM

Re: Core Dump - last command

check this hp doc

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&admit=-682735245+1032414807216+28353475&docId=200000058668889


Thanks
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎09-18-2002 09:49 PM

‎09-18-2002 09:49 PM

Re: Core Dump - last command

you can do a
cat /dev/null > /var/adm/wtmp

Before you do this copy the original file to wtmp.old

You can extract the contents by
#/usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/wtmpfile


Thanks
0 Kudos
Reply
Animesh Chakraborty
Honored Contributor

‎09-18-2002 09:53 PM

‎09-18-2002 09:53 PM

Re: Core Dump - last command

Hi,
The file /var/adm/btmp contains bad login entries for each invalid logon
attempt and the file /var/adm/wtmp contains a record of all logins and
logouts. See the man page utmp(4) for more information.

They are binary data files, so they cannot be read directly. The can however
be read with the following commands:

# /usr/sbin/acct/fwtmp < /var/adm/wtmp
# /usr/sbin/acct/fwtmp < /var/adm/btmp

The "last" and "lastb" commands display the information is a readable format.

The files can be zeroed or removed but if they are removed they need to be
manually recreated as they not created by the programs that maintain them.
Thus, if these files are removed, record-keeping is turned off.

If you want to recreate them note the ownerships and permissions before
removing them and reset the ownerships and permissions after recreating the
files (usually with touch to create an empty files). This is EXTREMELY
important -> especially for the btmp file.


In your case i think wtmp file is corrupted .pls recreate it.
Did you take a backup?
0 Kudos
Reply
Ravi_8
Honored Contributor

‎09-18-2002 10:21 PM

‎09-18-2002 10:21 PM

Re: Core Dump - last command

Hi ghosh

/var/adm/wtmp file may be corrupted,
#cd /var/adm
#cp wtmp wtmp.old
# rm wtmp
#touch wtmp
#mv wtmp.old wtmp
#chmod 0644 wtmp
#last
should work now.
never give up
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.