HPE Community
Operating System - HP-UX
1833759 Members
2379 Online
110063 Solutions
New Discussion

wtmp gets filled

 
jim bidebo
Regular Advisor

‎01-29-2002 05:39 AM

‎01-29-2002 05:39 AM

wtmp gets filled

have a problem... /var/adm/wtmp gets filled...
it looks like this when i use the "last" command:
root pts/0 Tue Jan 29 14:35 - 14:35 (00:00)
root pts/0 Tue Jan 29 14:35 - 14:35 (00:00)
root pts/0 Tue Jan 29 14:35 - 14:35 (00:00)
root pts/0 Tue Jan 29 14:35 - 14:35 (00:00)
root pts/0 Tue Jan 29 14:35 - 14:35 (00:00)
root pts/0 Tue Jan 29 14:35 - 14:35 (00:00)
root pts/0 Tue Jan 29 14:35 - 14:35 (00:00)
....

ps -edf |grep pts/0 doesnt give any information...
does anyone know what this can be?
0 Kudos
Reply
8 REPLIES 8
Sebastian Galeski_1
Trusted Contributor

‎01-29-2002 06:59 AM

‎01-29-2002 06:59 AM

Re: wtmp gets filled

Hi
perform;
# > /var/adm/wtmp
or SAM-> Routine Tasks ->System Log Files and trim to zero /var/adm/wtmp by menu action->trim -. trim to zero

hope it help
0 Kudos
Reply
Helen French
Honored Contributor

‎01-29-2002 07:15 AM

‎01-29-2002 07:15 AM

Re: wtmp gets filled

Hi Jim,

Which OS version ? which server ? Do you have any cron job running which causes this ? Do you use Reflection for logging in ?

Try 'fuser' command to see what processes are running on pts/0. Also

# touch /var/adm/wtmp

HTH,
Shiju
Life is a promise, fulfill it!
0 Kudos
Reply
Corthouts Carlo
Valued Contributor

‎02-01-2002 02:55 AM

‎02-01-2002 02:55 AM

Re: wtmp gets filled

The file /var/adm/wtmp contains a record of all logins and logouts.

The files can be zeroed or removed but if they are removed they need to be
manually recreated as they are not created by the programs that maintain them.

If you want to recreate them note the ownerships and permissions before removing them and reset the ownerships and permissions after recreating the files (usually with touch to create an empty files). This is EXTREMELY
important

0 Kudos
Reply
Trond Haugen
Honored Contributor

‎02-01-2002 03:25 AM

‎02-01-2002 03:25 AM

Re: wtmp gets filled

The problem here is not actually wtmp filling up but finding what is filling it up.
The entries you describe show that root has logged in (and out again) 7 times within a minute. You will not find the pty in the ps list unless the line reads something like:
root console Mon Feb 21 10:30 still logged in

So your detective work will be to figure out what is causing this. Could be a cron job, a script or ..anything.
I would suggest starting by trying to find a pattern in when and how many entries there are.
In my view nilling out the wtmp file will only clear the symptom unless of course there is a valid reason for the entries.
Regards,
Trond Haugen
LinkedIn
0 Kudos
Reply
federico_3
Honored Contributor

‎02-01-2002 04:45 AM

‎02-01-2002 04:45 AM

Re: wtmp gets filled

use the /usr/sbin/acct/fwtmp command in order to read the wtmp file. The form you should use is:

/usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/filetemp

Then you can read the informations (you would have seen with last ) in the file /tmp/filetemp.

Bye
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎02-01-2002 05:25 AM

‎02-01-2002 05:25 AM

Re: wtmp gets filled

Jim

I you can stop the cron for long enough to examine the wtmp and see if this is cron related.

/sbin/init.d/cron stop
/sbin/init.d/cron start



HTH

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Corthouts Carlo
Valued Contributor

‎02-01-2002 05:52 AM

‎02-01-2002 05:52 AM

Re: wtmp gets filled

Could you tell us what version of HP-UX you are using?

0 Kudos
Reply
jim bidebo
Regular Advisor

‎10-21-2002 07:33 AM

‎10-21-2002 07:33 AM

Re: wtmp gets filled

Not as hard as it seamed, the problem was that it tried to start a dtlogin session at the local display, but no local display was attached.
Solved now.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.