Hi
This explains it
10.1.3.1 Pruning the wtmp file
The wtmp file will continue to grow until you have no space left on your computer's hard disk. For this reason, many vendors include shell scripts with their UNIX releases that zero the wtmp file automatically on a regular basis (such as once a week or once a month). These scripts are run automatically by the cron program.
For example, many monthly shell scripts contain a statement that looks like this:
# zero the log file
cat /dev/null >/var/adm/wtmp
Instead of this simple-minded approach, you may wish to make a copy of the wtmp file first, so you'll be able to refer to logins in the previous month. To do so, you must locate the shell script that zeros your log file and add the following lines:
# make a copy of the log file and zero the old one
rm /var/adm/wtmp.old
ln /var/adm/wtmp /var/adm/wtmp.old
cp /dev/null /var/adm/wtmp.nul
mv /var/adm/wtmp.nul /var/adm/wtmp
Most versions of the last command allow you to specify a file to use other than wtmp by using the -f option. For example:
% last -f /var/adm/wtmp.old
Some versions of the last command do not allow you to specify a different wtmp file to search through. If you need to check this previous copy and you are using one of these systems, you will need to momentarily place the copy of the wtmp file back into its original location. For example, you might use the following shell script to do the trick:
#!/bin/sh
mv /var/adm/wtmp /var/adm/wtmp.real
mv /var/adm/wtmp.old /var/adm/wtmp
last $*
mv /var/adm/wtmp /var/adm/wtmp.old
mv /var/adm/wtmp.real /var/adm/wtmp
This approach is not without its problems, however. Any logins and logouts will be logged to the wtmp.old file while the command is running.
Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
