HPE Community
Operating System - HP-UX
1833767 Members
2193 Online
110063 Solutions
New Discussion

Re: trimming /var/adm/wtmps

 
sapan
Occasional Contributor

‎03-05-2007 11:57 PM

‎03-05-2007 11:57 PM

trimming /var/adm/wtmps

Hi all,

/var/adm/wtmps become large, and because of that /var become full.

I tried following procedure to trim it , but it didn't work perfectly :


# ls -l /var/adm/wtmps
-rw-rw-r-- 1 adm adm 83574264 Jan 27 12:13 /var/adm/wtmps
#
#
# /usr/lib/acct/fwtmp < /var/adm/wtmps > /usr/wtmps.030507
# tail wtmps.030507
ftp ftp10077 10077 7 0000 0000 1169876226 Sat Jan 27 00:37:06 2007
ftp ftp10075 10075 7 0000 0000 1169876226 Sat Jan 27 00:37:06 2007
logsadm ftp ftp10112 10112 7 0000 0000 1169876273 Sat Jan 27 00:37:53 2007
ftp ftp10112 10112 7 0000 0000 1169876274 Sat Jan 27 00:37:54 2007
logsadm ftp ftp10114 10114 7 0000 0000 1169876277 Sat Jan 27 00:37:57 2007
ftp ftp10114 10114 7 0000 0000 1169876278 Sat Jan 27 00:37:58 2007
s/15 pts/15 1139 8 0000 0000 1169907863 Sat Jan 27 09:24:23 2007
root s/12 pts/12 27706 7 0000 0000 1169912048 Sat Jan 27 10:34:08 2007
s/12 pts/12 27706 8 0000 0000 1169912791 Sat Jan 27 10:46:31 2007
root s/12 pts/12 12241 7 0000 0000 1169917990 Sat Jan 27 12:13:10 2007
# tail -100 /usr/wtmps.030507> /usr/wtmps.030507.new
#
# ls -l /var/adm/wtmps
-rw-rw-r-- 1 adm adm 83574264 Jan 27 12:13 /var/adm/wtmpx
#
# rm /var/adm/wtmps
#
# /usr/lib/acct/fwtmp -icX < /usr/wtmps.030507.new > /var/adm/wtmps
#
# file /var/adm/wtmps
/var/adm/wtmps: data
#
# ls -l /var/adm/wtmpx
-rw-rw-r-- 1 root other 18600 Jan 27 12:40 /var/adm/wtmpx
# chown adm:adm /var/adm/wtmpx
#
# rm /usr/wtmps.030507.new /usr/wtmps.030507


after this i tried # last but it was not executing perfectly ,

please suggest !

0 Kudos
7 REPLIES 7
MarkSyder
Honored Contributor

‎03-06-2007 12:05 AM

‎03-06-2007 12:05 AM

Re: trimming /var/adm/wtmps

> /var/adm/wtmp will empty the file without removing it. It will render last temporarily inaccurate, but this is a small price to pay for /var no longer being 100% full.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
0 Kudos
Sunny Jaisinghani
Trusted Contributor

‎03-06-2007 12:09 AM

‎03-06-2007 12:09 AM

Re: trimming /var/adm/wtmps

Hi,

what was the output of last command?

also for trimming u can simply
1. backup your file
2. trim it using ">"
0 Kudos
sapan
Occasional Contributor

‎03-06-2007 01:56 AM

‎03-06-2007 01:56 AM

Re: trimming /var/adm/wtmps

I can't make it empty, because it is aproduction box, and latest accounting information is required.

the last command was not executing properly,
it was giving some entries and after that it went hung ,

right now i do not have that output
0 Kudos
Peter Nikitka
Honored Contributor

‎03-06-2007 02:16 AM

‎03-06-2007 02:16 AM

Re: trimming /var/adm/wtmps

Hi,

copy the corresponding utmp-file to its wtmp pendant (utmp, utmpx), so the 'last'-info of the currently running system since its boot will be preserved: that's enough information you actually want to carry with.
The before(!) extracted data of the wtmpx - if required - should be archived elsewhere - no need to put it to /usr or /var.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Ralph Grothe
Honored Contributor

‎03-06-2007 02:27 AM

‎03-06-2007 02:27 AM

Re: trimming /var/adm/wtmps

You could have a look at man utmp or /usr/include/utmp.h to find out the binary format of a record of that file.
You only need to know the types and sum them up as visible from the struct definition.
You could then write a small Perl script that uses unpack() and seek() to read from a certain offset to eof and write them to another file accordingly pack()-ed.
After that you could simply swap the files.
This may sound a bit fussy but I would be careful with just truncating wtmp by redirecting stdin because you loose all accounting information, and other programs may still depend on data from wtmp.
Maybe a rough "guesstimation" of a record size of the HP-UX wtmp file would also suffice if you find it too cumbersome to sum up the struct's entries?
Find out the size of the file, and run wc -l over it.
Subtract two lines (presumably for the empty newline and the begin since message) and devide the file size by the Nos. of lines.
Then run a dd with if=/var/adm/wtmp of=/some/place/where_s/still_space_left, a bs=result_of_devision and skip=Nos_of_records_to_discard.
Then test with last -f /some/place/where_s/still_space_left
if that crudely trimmed file is readable.
If so, you may safely swap the files to give space to /var/adm.

Madness, thy name is system administration
0 Kudos
sapan
Occasional Contributor

‎03-06-2007 02:57 AM

‎03-06-2007 02:57 AM

Re: trimming /var/adm/wtmps

Hi All,

Thanks for your valuable suggestions , but i just figured out flaw in my procedure.

i missed -X option with fwtmp , while converting from binary to ascii , that's why it was showing junk.

just now i went through man fwtmp and got the option.

problem resolved now ,

Thank you very much.
0 Kudos
sapan
Occasional Contributor

‎03-06-2007 02:59 AM

‎03-06-2007 02:59 AM

Re: trimming /var/adm/wtmps

Thanks for your help
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.