HPE Community
Operating System - HP-UX
1832274 Members
1960 Online
110041 Solutions
New Discussion

trim wtmp file by date

 
SOLVED
Go to solution
Scott Lindstrom_2
Regular Advisor

‎07-02-2004 03:10 AM

‎07-02-2004 03:10 AM

trim wtmp file by date

I'd like to write a script to trim the wtmp file to only the data for the last three months.

So I first plan to execute "/usr/sbin/acct/fwtmp < /var/adm/wtmp"
to get an ascii version of the file. But the problem I have is that I don't see any easy way to use awk to extract the month and year since the number of fields in the output file can be different.

For example, my output can be:

xxx2923 ta pts/ta 10765 8 0000 0000 1018961181 Apr 16 07:46:21 2002
xxx2923 ts/2 pts/2 17737 7 0000 0000 1018974794 Apr 16 11:33:14 2002 10.0.42.171 10.0.42.171
ts/1 pts/1 8025 8 0000 0000 1018992157 Apr 16 16:22:37 2002
ts/0 pts/0 7717 8 0000 0000 1018992248 Apr 16 16:24:08 2002
ts/2 pts/2 17737 8 0000 0000 1018992250 Apr 16 16:24:10 2002
root remshd 19308 7 0000 0000 1019039404 Apr 17 05:30:04 2002 10.0.48.192 pvdv1d09

(note: lines 3,4,5 are blank in the first field)

I can't just use awk to print field $9 to get the month, since field 9 changes depending on the data.

The month and year are always in the same column positions; is there some way to extract a field based on its position in the record (awk or something else)?

TIA,
Scott
0 Kudos
Reply
5 REPLIES 5
RAC_1
Honored Contributor

‎07-02-2004 03:13 AM

‎07-02-2004 03:13 AM

Solution

Re: trim wtmp file by date

Why not just use egrep??

cat wtmp_ascii_file|egrep "Apr|May|Jun"

Anil
There is no substitute to HARDWORK
Reply
Scott Lindstrom_2
Regular Advisor

‎07-02-2004 03:16 AM

‎07-02-2004 03:16 AM

Re: trim wtmp file by date

I want the script to run every month or so, calculating what 'three months ago' is (using caljd.sh), and then proceed to read the old file/write the new file until it reaches 'three months ago'. So I don't think grepping for a specific set of months would work.

Scott
0 Kudos
Reply
Scott Lindstrom_2
Regular Advisor

‎07-02-2004 03:17 AM

‎07-02-2004 03:17 AM

Re: trim wtmp file by date

Sorry - reverse that. It would skip the data until 'three months ago', then start writing the data to the new file.

Scott
0 Kudos
Reply
RAC_1
Honored Contributor

‎07-02-2004 03:28 AM

‎07-02-2004 03:28 AM

Re: trim wtmp file by date

echo "1=Jan\n2=Feb\n...12=Dec\n" > /tmp/temp.txt

When you want to excecute it do
Current_month=`date "+%b"`
count=`grep "$Current_month" /tmp/temp.txt"|awk -F = '{print $1}'`
count3=`grep $(($count-3)) /tmp/temp.txt|awk -F = '{print $1}'`
count2=`grep $(($count-2)) /tmp/temp.txt|awk -F = '{print $1}'`
count1=`grep $(($count-1)) /tmp/temp.txt|awk -F = '{print $1}'`

fwtmp < /var/adm/wtmp > /tmp/wtmp.txt
egrep "$count3|$count2|$count1" /tmp/wtmp.txt |fwtmp -ic > /var/adm/wtmp

Anil
There is no substitute to HARDWORK
Reply
Scott Lindstrom_2
Regular Advisor

‎07-02-2004 03:53 AM

‎07-02-2004 03:53 AM

Re: trim wtmp file by date

Using cut was suggested, so now I have:

/usr/sbin/acct/fwtmp < /var/adm/wtmp | \
while read RECORD ; do
_month=`print "$RECORD" | cut -c58-60`
_year=`print "$RECORD" | cut -c74-77`
done

but this only works when the first field is not blank.. Any ideas?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.