Before you start just blanking these files, you should first understand what they are for.
Someone said" they trim these logs weekly to keep a constant check on things". Since these are the system accounting logs, anyone who Just trims them really has not a clue of what is going on on their system!!!
If you want to know what is going on on your system I recommend to Administrators to enable accounting, and view accounting results before just removing them.
If you process accounting, the accounting processes zero out these files for you, convert to C format, and make some nice readable text for you. To setup accounting, do this.
>vi /etc/rc.config.d/acct
change START_ACCT=0 to START_ACCT=1
* this starts accounting at boot time.
Next, run "/usr/sbin/acct/startup" This will set things up, and turn on the accounting systems.
Next, vi /etc/acct/holidays. Probably only have to change the year, but you can setup quite a bit there.
Next add this entry to cron
01 00 * * * * /usr/sbin/acct/runacct;/usr/sbin/acct/ckpacct
runacct will run your daily accounting. ckpacct will check to see if disk is full, and disable accounting if it is.
Your easiest data to process by printing or paging is under /var/adm/acct/sum and will be called rprt$MM$DD where $MM is the 2 digit month, and $DD is the 2 digit day of the month.
It is recommended that you enable the accounting as the user "adm" and also have the user "adm" launch the accounting process scripts.
Of course, read the man pages, because the accounting is very powerfull, and provides a lot of information about activity on your system. Most of this information is in the reports, but there is alot in the raw C files too!
I find it quite amazing how many admins just blow away the accounting files, oblivious to the data they can provide! Especially when they can never say why things happen on their servers and complain about the OS!
Regards,
Shannon
Microsoft. When do you want a virus today?
