HPE Community
Operating System - HP-UX
1758754 Members
3295 Online
108875 Solutions
New Discussion юеВ

How do I prune wtmp and btmp?

 
SOLVED
Go to solution
Kathi Garrison
New Member

тАО08-31-2001 01:19 PM

тАО08-31-2001 01:19 PM

How do I prune wtmp and btmp?

The man page suggests that these files can get quite large and should be checked regularly and information no longer useful should be removed. Although I check them regularly, I don't know how to remove information. Entries on my system go back over a year now.

Ideally, I would like to remove information that is older than a month or so. If it is a simple command line I could use cron.
0 Kudos
Reply
8 REPLIES 8
Marc Ahrendt
Super Advisor

тАО08-31-2001 01:26 PM

тАО08-31-2001 01:26 PM

Re: How do I prune wtmp and btmp?

i just use the following
cat /dev/null > /var/adm/wtmp
cat /dev/null > /var/adm/btmp
i do this after copying wtmp and btmp elsewhere for backup/history purposes

hola
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО08-31-2001 01:35 PM

тАО08-31-2001 01:35 PM

Solution

Re: How do I prune wtmp and btmp?

Hi Kathi:

To null the file entirely and start fresh:

# cat /dev/null > /var/adm/wtmp

To trim it to your liking, retaining some data do:

# /usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/wtmp

At this point, you may edit the /tmp/wtmp file, since it is a ASCII file and then convert it back to binary.

# /usr/sbin/acct/fwtmp -ic < /tmp/wtmp > /var/adm/wtmp

You can do the same for the 'btmp' data.

Regards!

...JRF...
Reply
Sridhar Bhaskarla
Honored Contributor

тАО08-31-2001 01:36 PM

тАО08-31-2001 01:36 PM

Re: How do I prune wtmp and btmp?

I am not sure if you can trim these log files to a selected size. You can copy them to a different directory and then zero them.

#cp /var/adm/btmp /your_backup_dir/
#compress /your_backup_dir/btmp
If you want you can use log rotation method.
The same case for wtmp

#cat /dev/null > /var/adm/btmp
#cat /dev/null > /var/adm/wtmp

-Sri




You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО08-31-2001 01:38 PM

тАО08-31-2001 01:38 PM

Re: How do I prune wtmp and btmp?

There goes the champion!!!

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Sanjay_6
Honored Contributor

тАО08-31-2001 01:41 PM

тАО08-31-2001 01:41 PM

Re: How do I prune wtmp and btmp?

Hi,

I also do the same as mark does.

cat /dev/null > /var/adm/wtmp
cat /dev/null > /var/adm/btmp

Thanks

0 Kudos
Reply
Kathi Garrison
New Member

тАО08-31-2001 01:43 PM

тАО08-31-2001 01:43 PM

Re: How do I prune wtmp and btmp?

Thanks. I suspected I could just use cat /dev/null, but hoped there might be a more graceful way to do it. It looks like the least trouble would be to zero them now, and maintain them more often with cron.

-Kathi
0 Kudos
Reply
someone_4
Honored Contributor

тАО08-31-2001 02:26 PM

тАО08-31-2001 02:26 PM

Re: How do I prune wtmp and btmp?

Hello
Here is a script that I use that clears allot of the main logs. wtmp btmp cron log syslog.log
mail.log I set up in cron like this with crontab -e

58 23 * * * /usr/local/bin/dailylogs.sh TRACE# Daily log clear script


Richard
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО09-01-2001 10:56 AM

тАО09-01-2001 10:56 AM

Re: How do I prune wtmp and btmp?

It's important to note that the wtmp and btmp files can only handle 1 year's worth of data (or more accurately, there is no year stored in the file). Thus, is wtmp is more than a year old, there will be old entries that don't apply as they may be one or more years old.

It's best to scan wtmp and btmp with last abd lastb (respectively) and save off any useful information. Then zero these binary files, probably every 6 months is useful.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.