HPE Community
Operating System - HP-UX
1758565 Members
1758 Online
108872 Solutions
New Discussion юеВ

Resizing the wtmp file

 
SOLVED
Go to solution
Marty Metras
Super Advisor

тАО06-26-2003 04:57 AM

тАО06-26-2003 04:57 AM

Resizing the wtmp file

Good morning,
I see my wtmp file has data over one year.( 33 Megs) Also btmp. My goal is to run a script that shows the last login of all the users to see if there are users that do not log in offen and deal with them. Since this just returns the month-daty I can not be sure if it is this year or last.
Is there a setting I can do to this file so it does not grow over x size?
Or knowing this is a binery file how do I resize it?

Marty
The only thing that always remain the same are the changes.
0 Kudos
Reply
11 REPLIES 11
Ken Hubnik_2
Honored Contributor

тАО06-26-2003 04:59 AM

тАО06-26-2003 04:59 AM

Re: Resizing the wtmp file

Use SAM to resize it.

SAM
Routine Task
System log files
Reply
Bruno Vidal
Respected Contributor

тАО06-26-2003 05:03 AM

тАО06-26-2003 05:03 AM

Re: Resizing the wtmp file

Hi,
As far i know, SAM is not able to resize it, it will trim it (resize it to 0). The best to do that
is to use /usr/sbin/acct/fwtmp.
This command can convert your wtmp/btmp files to ascii, you can then modify it/resize it to some 20 last record, and then use the same command to convert it back to binary.
Take a look man fwtmp.

Cheers.
Reply
Pete Randall
Outstanding Contributor

тАО06-26-2003 05:06 AM

тАО06-26-2003 05:06 AM

Solution

Re: Resizing the wtmp file

Marty,

We use this cron entry:
00 01 1 * * /apps/bin/ts/wtmp_shrink 1>/dev/null 2>&1


and this script:

#!/bin/ksh
################################################################################
# wtmp_shrink - Reduce the size of /etc/wtmp. Currently run from
# /etc/rc, also left as executable in /usr/bin.
#

################################################################################
if [ -s /var/adm/wtmp ]
then
echo "Shrinking /var/adm/wtmp"
/usr/lib/acct/fwtmp < /var/adm/wtmp | tail -10 | /usr/lib/acct/fwtmp -ic > /
var/adm/wtmp
else
echo "\n\tWtmp file does not exist"
echo "\tCreating /var/adm/wtmp"
> /var/adm/wtmp
fi


to keep the size of the wtmp file in check.


Pete



Pete
Reply
Enrico P.
Honored Contributor

тАО06-26-2003 05:06 AM

тАО06-26-2003 05:06 AM

Re: Resizing the wtmp file

Hi,
you can empty this file if not useful:

>wtmp
>btmp

Enrico.
0 Kudos
Reply
Umapathy S
Honored Contributor

тАО06-26-2003 05:08 AM

тАО06-26-2003 05:08 AM

Re: Resizing the wtmp file

Marty,
Normally I nullify/empty the contents of the wtmp file in regular intervals (say once in 15 days). Write a cron job to do that. To empty the contents use this.

$cat /dev/null >wtmp

HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Jean-Louis Phelix
Honored Contributor

тАО06-26-2003 05:08 AM

тАО06-26-2003 05:08 AM

Re: Resizing the wtmp file

Hi,

Bruno is right. The exact procedure is :

# cat /var/adm/wtmp | /usr/sbin/acct/fwtmp > file
...
modify the file (using a script or vi)
...
# cat file | /usr/sbin/acct/fwtmp -ic > /var/adm/wtmp

Regards.
It works for me (┬й Bill McNAMARA ...)
Reply
Marty Metras
Super Advisor

тАО06-26-2003 05:11 AM

тАО06-26-2003 05:11 AM

Re: Resizing the wtmp file

Pete,
I see in your script it is handling the binery stuff. Am I reading it right you are only saving 10 lines with the 'tail -10'?
I could just change that to whatwhat ever I need.
Marty
The only thing that always remain the same are the changes.
0 Kudos
Reply
Marty Metras
Super Advisor

тАО06-26-2003 05:20 AM

тАО06-26-2003 05:20 AM

Re: Resizing the wtmp file

I got it.
Thanks jean I like what you showed me because I can pull the information from the ASCII file.
Then reload the wtmp with the new data.
Thanks Pete because I can automate the process with yours.
Thanks the rest of you because you opened my eyes to other thoughts.
Marty
The only thing that always remain the same are the changes.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО06-26-2003 05:36 AM

тАО06-26-2003 05:36 AM

Re: Resizing the wtmp file

Itr's important to note that wtmp, btmp (and utmp) have no year stored in the file so entries older than 1 year will cause strange behavior with programs trying to match up login and logout events. So trimming wtmp and btmp is an important sysadmin task. fwtmp can be used to convert to ASCII and then select the records to keep, or the file can simply be copied and the original zeroed out, perhaps once a month using cron. Note that doing this while running will leave an incomplete history since a login record may be in the old file and logout for the same session in the new file.

Another solution is to use a start/stop script in /sbin/init.d to take care of logfile trimming and archiving. Since most systems will need patches a couple of times during the year, the startup sequence can be used to archive the logs without problems due to users that are already logged in.


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.