HPE Community
Operating System - HP-UX
1847052 Members
5163 Online
110261 Solutions
New Discussion

last command / wtmp file

 
John Jimenez
Super Advisor

‎12-16-2003 06:09 AM

‎12-16-2003 06:09 AM

last command / wtmp file

This is a 4 part question. A SQL programmer who has access to my HP UX/11i system is currently using "rexec" via NFS to update data on the SQL servers. As of a couple of weeks ago thi proccess runs every 2 mintues. I would like to do some house cleaning, so I wanted to see what users had not logged in for several months and delete them the problem is I have pages of
i1317 rexecd Tue Dec 16 11:00 still logged in
i1317 rexecd Tue Dec 16 11:00 still logged in
i1317 rexecd Tue Dec 16 10:58 still logged in
i1317 rexecd Tue Dec 16 10:58 still logged in
i1317 rexecd Tue Dec 16 10:58 still logged in
i1317 rexecd Tue Dec 16 10:58 still logged in

1) Even though the NT servers show that these commands were completed, I show them still logged in. Will this cause problems?
2) Is there any way of purging this file and keeping only 3 months.
3) Is there any way of purging the user i1317 out of this file?
4) Is there a way to extract only the last login of every user, instead of extracting every login of every user?
Hustle Makes things happen
0 Kudos
Reply
4 REPLIES 4
RAC_1
Honored Contributor

‎12-16-2003 06:17 AM

‎12-16-2003 06:17 AM

Re: last command / wtmp file

1. It may happen that, user does a abrupt close from nnt, the server will still have that session open. IF there is no graceful logout, it may result inot this problem. It may also corrupt wtmp file and last will also give problems.

2. The file /var/adm/wtmp, /var/adm/btmp should be purged periodically. You can SAM for this. These files can be nulled out as follows.
cp /dev/null /var/adm/wtmp
cp /dev/null /var/adm/btmp

3.Purge user i1317 out of wtmp
last|grep -v i1317.
OR
check man page of fwtmp. With this you can create a text file from wtmp, view/modify it and again convert it to wtmp again.

4.last|grep "user_name"|head -1
and similar command combinations to view what you want.
There is no substitute to HARDWORK
0 Kudos
Reply
Michael Tully
Honored Contributor

‎12-16-2003 06:22 AM

‎12-16-2003 06:22 AM

Re: last command / wtmp file

The cleaning part can be done at reboot time, as long as you have PHCO_24829 loaded and the special instructions loaded. We have a similar problem with some users not logging out properly and this is how it can be managed. There is no way to purge specific records, but there is a way of excluding them if you know who they are in your reporting script. In your script you could supply a list of each user from the password file and filter out each duplicate entry.
Anyone for a Mutiny ?
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎12-16-2003 07:39 AM

‎12-16-2003 07:39 AM

Re: last command / wtmp file

John

Further to what has already been said get your sql programmer to sort out his script and do an elegant logout.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
john korterman
Honored Contributor

‎12-16-2003 07:48 AM

‎12-16-2003 07:48 AM

Re: last command / wtmp file

Hi,
to add a little to question no. 3: you can edit the wtmp file by extracting an ascii version of it and perform the editing in that version. After editing, the modified ascii version can be read in as current wtmp file. An example, execute as root:

# /usr/sbin/acct/fwtmp < /etc/wtmp > /tmp/wtmp.txt

which retrieves an ascii version of /etc/wtmp to /tmp/wtmp.txt
Modify this file with your favourite vi-editor. When finished, read in the modified /tmp/wtmp.txt as current i/etc/wtmp file:

# /usr/sbin/acct/fwtmp -ic < /tmp/wtmp.txt > /etc/wtmp

regards,
John K.
it would be nice if you always got a second chance
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.