Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Huge lastlog file

Status
Not open for further replies.
thedaver

thedaver

IS-IT--Management
Jul 12, 2001
2,741
US
I just fired up a dedicated server from a colo company. The /var/log/lastlog file is over 19MB on a new server?! I've only two logged-in users and there are only 30 users in the system.

My guess is that this file's size is a result of the colo firm using a default image to bring up the RedHat 7.3 server.

Any guidance on how to essentially "reset" the lastlog without upsetting syslogd/klog???
 
Sort by date Sort by votes
Why not tail out the log and send a hup to syslogd?
 
Upvote 0 Downvote
'/var/log/lastlog' on Redhat (other linux?) is a binary file. I cannot `tail` it and HUP to syslog. That's kind of why I asked for help.

Still need help!
 
Upvote 0 Downvote
Well, I never cared about it much, so you surprised me. I did a tiny research a found out that /var/log/lastlog's size should depend on number of users you have. It shouldn't grow in time without adding new users. Something is probably wrong with your system. Syslog is not supposed to write into this file, login does it. So removing the file (or zeroing it) should't do any damage. But I suggest further investigation.
 
Upvote 0 Downvote

It's not a syslog file as pupu pointed out. Do '>/var/log/lastlog'

Where do you get the idea that it depends on the number of users?? I've never heard that before.

Cheers Henrik Morsing
Certified AIX 4.3 Systems Administration
& p690 Technical Support
 
Upvote 0 Downvote
Well, in the interest of science ;-) here's what I did.

I did `echo > /var/log/lastlog; /etc/rc.d/init.d/syslog restart`

This is obviously belt-and-suspenders based upon pupu's logic that syslog isn't related, but what the heck...

Anyhow, a day later my output from `lastlog | wc -l` is now 37 lines long and the '/var/log/lastlog' file is 146K. Same number of users, much less "history" being retained. Whatever.

I saved 19MB of disk and I still don't know what the heck the problem was. System is happy and so am I - no further issue IMO.

Thanks for the input guys/gals!
D.
 
Upvote 0 Downvote
Analyzing this could be interesting, but I don't have the time for it. So I've used google.


...
The lastlog file provided on most Unix-like systems stores information about when each user on the system last logged in. The file is sequential and indexed on the UID (that is to say a user with UID 500 will have the 500th record in the file).
...
Some systems (notoriously Red Hat Linux) may mistakenly rotate the lastlog file periodically - there is no benefit in doing this as the file will only grow if new users are added to the system and in the authors opinion it is important to keep an accurate record of all users last logins however long ago for audit and security purposes. If you are on such a system and care about this you should disable the rotation of this file. On a Red Hat system this will involve editing /etc/logrotate.conf to remove the file from the rotation.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

spamjim
  • Locked
  • Question
Sorting out NTFS filesystem issues
Replies
0
Views
239
spamjim
spamjim
kevinds
  • Locked
  • Question
Help With Per File/Folder Restriction Based on HTTPS Client Certificate's CN
Replies
0
Views
139
kevinds
kevinds
bazil2
  • Locked
  • Question
Silently replacing characters in XML file using sed - can you help? 2
Replies
2
Views
140
SamBones
SamBones
Pablonhd
  • Locked
  • Question
Empty file
Replies
1
Views
88
ChrisHirst
ChrisHirst
southbeach
  • Locked
  • Question
No such file or directory - yet, file is there
Replies
6
Views
319
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top