Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cleaning wtmp
- Thread starter elias1003
- Start date
RodKnowlton
MIS
- Apr 26, 2000
- 1,005
You can also use the fwtmp command to convert wtmp to ascii, edit down, and use fwtmp to convert it back. Check the man page for location and usage of fwtmp.
If you grok C, the utmp entry format is documented in /usr/include/utmp.h. Document carefully, though. The format can an has changed between AIX versions.
Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L
CompTIA Linux+
CompTIA Security+
If you grok C, the utmp entry format is documented in /usr/include/utmp.h. Document carefully, though. The format can an has changed between AIX versions.
Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L
CompTIA Linux+
CompTIA Security+
oliverbeat
Technical User
wtmp is growing up abnormally, so search which application is responsible of this increased following these instructions.
Generate a file naming for example wtmp.result conains the information of etmp entries:
# /usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/wtmp.result
Edit the file /tmp/wtmp.result and find which program fill in the file wtmp.
Create a new file naming for example wtmp.new in wich all entries of the applicatin causing the problem will be ignore (cons was the problem on this example:
Run the follwing command:
# /usr/lib/acct/fwtmp < /var/adm/wtmp |grep -v application_causing_problem |/usr/lib/acct/fwtmp -ic > /var/adm/wtmp.new
Modify the permissions of wtmp.new, the same as wtmp file:
# chown adm:adm /var/adm/wtmp.new ; chmod 664 /var/adm/wtmp.new
Check the permissions file and size (you will see a big difference)
# ls –ltr /var/adm/wtmp*
Replace the new file wtmp by wtmp.new by renaming wtmp.new in wtmp:
# mv /var/adm/wtmp.new /var/adm/wtmp
Generate a file naming for example wtmp.result conains the information of etmp entries:
# /usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/wtmp.result
Edit the file /tmp/wtmp.result and find which program fill in the file wtmp.
Create a new file naming for example wtmp.new in wich all entries of the applicatin causing the problem will be ignore (cons was the problem on this example:
Run the follwing command:
# /usr/lib/acct/fwtmp < /var/adm/wtmp |grep -v application_causing_problem |/usr/lib/acct/fwtmp -ic > /var/adm/wtmp.new
Modify the permissions of wtmp.new, the same as wtmp file:
# chown adm:adm /var/adm/wtmp.new ; chmod 664 /var/adm/wtmp.new
Check the permissions file and size (you will see a big difference)
# ls –ltr /var/adm/wtmp*
Replace the new file wtmp by wtmp.new by renaming wtmp.new in wtmp:
# mv /var/adm/wtmp.new /var/adm/wtmp
Here's what we're using here :
# Keep the last 100 entries in /var/adm/wtmp in order to keep
# it a good size particularly on batch servers since it grows
# quite fast on them.
/usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/dummy.file$$
tail -100 /tmp/dummy.file$$ | /usr/sbin/acct/fwtmp -ic > /var/adm/wtmp
rm /tmp/dummy.file$$
Enjoy...
# Keep the last 100 entries in /var/adm/wtmp in order to keep
# it a good size particularly on batch servers since it grows
# quite fast on them.
/usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/dummy.file$$
tail -100 /tmp/dummy.file$$ | /usr/sbin/acct/fwtmp -ic > /var/adm/wtmp
rm /tmp/dummy.file$$
Enjoy...
- Thread starter
- #7
I am getting the following message: (I am root.)
ksh: /usr/sbin/acct/fwtmp: 0403-006 Execute permission denied
# ls -lt fwtmp
-r-xr-x--- 1 root adm 5772 Jan 22 2003 fwtmp
Any Ideas? I made root a member of adm group. I change permission on fwtmp to 777 and still same error.
ksh: /usr/sbin/acct/fwtmp: 0403-006 Execute permission denied
# ls -lt fwtmp
-r-xr-x--- 1 root adm 5772 Jan 22 2003 fwtmp
Any Ideas? I made root a member of adm group. I change permission on fwtmp to 777 and still same error.
- Status
Similar threads