HPE Community
Operating System - HP-UX
1821539 Members
2138 Online
109633 Solutions
New Discussion юеВ

restore wtmp file to view

 
SOLVED
Go to solution
Coolmar
Esteemed Contributor

тАО02-21-2006 04:15 AM

тАО02-21-2006 04:15 AM

restore wtmp file to view

Hi,

I have restored an old wtmp file to another directory because we have to view it. I used the following command to view it and got this error. Is there something I am missing? Do I have to restore more than that file?

last -R -f /home/name/restore/var/adm/wtmp
pid exceeds MAXPID: wtmp file corrupted
0 Kudos
Reply
10 REPLIES 10
Jeff Schussele
Honored Contributor

тАО02-21-2006 04:18 AM

тАО02-21-2006 04:18 AM

Re: restore wtmp file to view

Hi Sally,

fwtmp is your huckleberry.
It'll write an ASCII file that you can view with any editor.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Pete Randall
Outstanding Contributor

тАО02-21-2006 04:20 AM

тАО02-21-2006 04:20 AM

Re: restore wtmp file to view

"huckleberry"???

Never heard that one, Schuss. Midwestern slang?


Pete

Pete
0 Kudos
Reply
Coolmar
Esteemed Contributor

тАО02-21-2006 04:21 AM

тАО02-21-2006 04:21 AM

Re: restore wtmp file to view

I tried this:

/usr/sbin/acct/wtmpfix /home/pf10396/restore/var/adm/wtmp
Bad file at offset 2117280
pts/ta 942946352 Thu Nov 18 11:32:32 1999
0 Kudos
Reply
Coolmar
Esteemed Contributor

тАО02-21-2006 04:23 AM

тАО02-21-2006 04:23 AM

Re: restore wtmp file to view

I did the following with fwtmp and got:

cat /home/name/restore/var/adm/wtmp | /usr/sbin/acct/fwtmp


The first half of the file was fine and the rest was all full of ascii chars.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО02-21-2006 04:31 AM

тАО02-21-2006 04:31 AM

Re: restore wtmp file to view

I'm not entirely surprised that cat didn't work well since wtmp is a binary file.

Try this instead:

# fwtmp < /home/name/restore/var/adm/wtmp > /home/name/restore/var/adm/wtmp.ascii

and see if you have any better luck.

Reply
Jeff Schussele
Honored Contributor

тАО02-21-2006 04:33 AM

тАО02-21-2006 04:33 AM

Re: restore wtmp file to view

Patrick,

What???
Never seen Tombstone?
The seen where Doc Holliday intervenes in Wyatt's gunplay with Ringo???
And yes, it's kinda MW slang....just because huckleberrys are SO good, but they only grow above 3K feet - which kinda rules us out.
So we have to import 'em from the Rockies.

OK - my lesson's done,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Coolmar
Esteemed Contributor

тАО02-21-2006 04:35 AM

тАО02-21-2006 04:35 AM

Re: restore wtmp file to view

Thanks patrick but same result. It starts out great and then just prints ascii chars all over the place. I wonder if the file is corrupt?
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО02-21-2006 04:36 AM

тАО02-21-2006 04:36 AM

Re: restore wtmp file to view

Wow.....need more COFFEE!!!!
seen != scene
Tells me just what part of my brain I type from &~))

Embarrasingly,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Kent Ostby
Honored Contributor

тАО02-21-2006 05:16 AM

тАО02-21-2006 05:16 AM

Re: restore wtmp file to view

Sally -- fwtmp is your best bet. If that's not working I don't think you're probably going to be able to get anything.

***********************************

Pete... the line is when Ringo is looking for someone to pick a fight with:

Ringo: Wretched slugs, don't any of you have the guts to play for blood?
Doc: I'm your huckleberry.

You can even hear him say it here:
http://www.moviesoundscentral.com/sounds/tombstone/huckleberry.wav
"Well, actually, she is a rocket scientist" -- Steve Martin in "Roxanne"
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО02-21-2006 05:24 AM

тАО02-21-2006 05:24 AM

Solution

Re: restore wtmp file to view

Hi Sally:

Corruption of a 'wtmp' file does occur. If you are of that opinion, your best recourse is to convert the binary 'wtmp' file to ASCII with 'fwtmp' as has already been suggested. If you encounter a clearly bad record, disregard and/or delete it.

This is the technique needed if you want to fix and restore a corrupt 'wtmp' (or 'btmp') file:

# /usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/wtmp

...edit...

# /usr/sbin/acct/fwtmp -ic < /tmp/wtmp > /var/adm/wtmp

Regards!

...JRF...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.