HPE Community
Operating System - HP-UX
1820390 Members
3854 Online
109623 Solutions
New Discussion юеВ

corrupted btmp wtmp

 
SOLVED
Go to solution
aparna challagulla
Valued Contributor

тАО11-19-2003 06:20 PM

тАО11-19-2003 06:20 PM

corrupted btmp wtmp

hi all,

i have corrupted btmp,wtmp files on HP-ux 11i A class machine. how do i rectify this problem?

The error that i get is
#last
pid exceeds MAXPID: wtmp file corrupted

please help me
aparna
If you don't have time to do it right you must have time to do it over
0 Kudos
Reply
6 REPLIES 6
Brian Markus
Valued Contributor

тАО11-19-2003 06:23 PM

тАО11-19-2003 06:23 PM

Re: corrupted btmp wtmp

Try recreating the files. (backup the old ones)

> btmp
> wtmp

It should just start writing the new entrys in the clean file.

Hope this helps.

-Brian
When a sys-admin say's maybe, they don't mean 'yes'!
0 Kudos
Reply
RAC_1
Honored Contributor

тАО11-19-2003 06:24 PM

тАО11-19-2003 06:24 PM

Re: corrupted btmp wtmp

Check man page of fwtmp. It will read wtmp,btmp file put it in acsii files and read it back to wtmp and btmp files.

OR

just

>wtmp
>btmp
There is no substitute to HARDWORK
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

тАО11-19-2003 06:37 PM

тАО11-19-2003 06:37 PM

Solution

Re: corrupted btmp wtmp

Hi Aparna,

You can attempt to fix this by using /usr/sbin/acct/fwtmp.

The files can be viewed with:

# cat /var/adm/wtmp | /usr/sbin/acct/fwtmp
# cat /etc/utmp | /usr/sbin/acct/fwtmp

If you want to attempt to fix the files, use the following steps to manually
correct /etc/utmp:

1. Extract the ASCII version of the utmp file:
# /usr/sbin/acct/fwtmp < /etc/utmp >/tmp/utmpa

2. Edit the ASCII verion of vi and remove the incorrect entry or entries:
# vi /tmp/utmpa

3. Replace /etc/utmp with the corrected version:
# /usr/sbin/acct/fwtmp -ic < /tmp/utmpa > /etc/utmp

The same procedure will work with /var/adm/wtmp, specifying a temporary copy
in /tmp/wtmpa.

Regards,
Robert-Jan.
Reply
G. Vrijhoeven
Honored Contributor

тАО11-19-2003 06:39 PM

тАО11-19-2003 06:39 PM

Re: corrupted btmp wtmp

Hi,

Clean the files >btmp && >wtmp
also check /etc/utmp ( try logging in with telnet, or ssh )
Do you have accountnames availible on the server, that exceed 8 characters?

The btmp wtmp and utmp files have only so many characters reserved for names etc.

Gideon

Gideon
0 Kudos
Reply
john korterman
Honored Contributor

тАО11-19-2003 06:53 PM

тАО11-19-2003 06:53 PM

Re: corrupted btmp wtmp

Hi,
I think the proper way of setting these files to zero is by catting dev/null to them, e.g.:
# cat /dev/null >/var/adm/btmp

An alternative is to use SAM for triming these files: SAM->Routine Tasks->System Log Files; I think SAM does it with the cat /dev/null.

regards,
John K.
it would be nice if you always got a second chance
0 Kudos
Reply
aparna challagulla
Valued Contributor

тАО11-19-2003 07:03 PM

тАО11-19-2003 07:03 PM

Re: corrupted btmp wtmp

hi all,

Thank you all for the quick replies.
I copied the old contents and cleaned up these files.
I will try to fix the backup file later. thx Robert.
hi Vrijhoeven,
no we do not have login names exceeding 8 characters.

cheers
aparna
If you don't have time to do it right you must have time to do it over
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.