HPE Community
Operating System - HP-UX
1824488 Members
3437 Online
109672 Solutions
New Discussion юеВ

Merge the wtmp log

 
SOLVED
Go to solution
peterchu
Super Advisor

тАО04-13-2005 10:34 PM

тАО04-13-2005 10:34 PM

Merge the wtmp log

I have 5 wtmp log which stored last login information from November last year to March this year ( I have backup it every month ) . Now I want to check the user last login date , if I put the March wtmp log to /var/adm/wtmp , it only check the March , in this case , I need to check 5 times .
Therefore , is it possible to merge all logs into one file , so that I can check one time ?
thx in advance.
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

тАО04-13-2005 10:46 PM

тАО04-13-2005 10:46 PM

Re: Merge the wtmp log

Once in a while, you should get rid of this data or it will fill up /var

cat wtmp.old >> wtmp

for each older file, followed by a delete should do the job.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Eric Antunes
Honored Contributor

тАО04-13-2005 11:50 PM

тАО04-13-2005 11:50 PM

Solution

Re: Merge the wtmp log

Hi,

You can also do this on SAM (for wtmp and lots of other log files...):

SAM -> Routine Tasks -> System Log Files -> (select the wtmp file) -> Action -> Trim -> Trim to Zero

Best Regards,

Eric Antunes
Each and every day is a good day to learn.
Reply
Pete Randall
Outstanding Contributor

тАО04-13-2005 11:57 PM

тАО04-13-2005 11:57 PM

Re: Merge the wtmp log

First, the question was how to merge, not how to trim. Second, can you cat these files together and get something meaningful? They are not plain ascii text. I'm not sure that would work.


Pete

Pete
Reply
Eric Antunes
Honored Contributor

тАО04-14-2005 12:15 AM

тАО04-14-2005 12:15 AM

Re: Merge the wtmp log

Sorry, I didn't read the full question...
Each and every day is a good day to learn.
Reply
Ermin Borovac
Honored Contributor

тАО04-14-2005 12:19 AM

тАО04-14-2005 12:19 AM

Re: Merge the wtmp log

I think you can simply concatentate all 5 wtmp files together. 'last' command can be told to scan wtmp from any location with '-f' option.

$ cat wtmp.1 wtmp.2 wtmp.3 wtmp.4 wtmp.5 > /tmp/wtmp
$ last -f /tmp/wtmp

Otherwise you can use fwtmp to convert wtmp files into ASCII format, 'cat' them together and convert it back into binary format.

$ /usr/sbin/acct/fwtmp < wtmp.1 > /tmp/wtmp.ascii
$ /usr/sbin/acct/fwtmp < wtmp.2 >> /tmp/wtmp.ascii
...
$ /usr/sbin/acct/fwtmp -ic < /tmp/wtmp.ascii > /tmp/wtmp
$ last -f /tmp/wtmp
Reply
MarkSyder
Honored Contributor

тАО04-14-2005 12:27 AM

тАО04-14-2005 12:27 AM

Re: Merge the wtmp log

If you want the most recent login, can't you just check the wtmp file first and if the user isn't in that try the most recent backup and so on? Or are there a lot of users to check?

Furthermore, do you really need to go back as far as November? If the user hasn't logged in for over two months or so, do you really need to know the exact date?

My strategy is different from yours. Once every six months I produce a list of users who haven't logged in so I can ask their managers if I can delete them from the system. Then and only then do I trim the wtmp file - unless it's growing very large, there's really no need.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.