(1): Runaway growth of /var/adm/wtmpx
2007-12-25 9:30:00
> Maybe the answer is out there on the 'net somewhere, but my
access is > so slow today, and my time so short, I'm putting this
out to y'all
> directly in hopes of a to-the-point answer:
> Under Solaris 2.5 on a SparcStation 20, the files, /var/adm/wtmp
and
> /var/adm/wtmpx (especially), are growing constantly and quickly
(wtmpx > grew over 2MB in an hour). They appear to have something
to do with
> the login daemon logging activity (telnetting to this system
usually
> involves waiting 2-4 minutes before getting the login: prompt --
it is > running the Horizon library holdings system with Sybase
for its DBM,
> and there may be a half-dozen clients running from the
OS/2-based
> Horizon client software, but with 192 MB of RAM, 132MB of swap
-- 85MB > free right now -- it should not be loaded that heavily
... right?).
>
> When the /var fs got filled up this morning, the wtmpx file was
over > 160MB! I mv'ed it to another drive/fs; was that OK? Do I
need to
> keep these files? Can I set something to slow their growth
rate, or > dispense with them altogether? Any pointers/ideas/info
greatly
> appreciated. Will summarize.
>
> I just took over this system, so I don't know much about its
My thanks to all. Herewith a "summary":
The short answer:
/var/adm/wtm and /var/adm/wtmx are files in which are stored
the logins records. The "last" command uses their entries.
Yes, you can delete them move them, or whatever you want, and
regenerate th
em
with filesize=0
(use "touch").
Ramsn Castillo, QED Communication Staff.
________________________________________________ Moras 655-B
SUPPORT CONTACT INFORMATION: Col. Del Valle Mail:
ramon@qed.Com.MX Benito Juarez Tel: (525) 524 0772
03100 (525) 524 0803 Mixico City
Fax: (525) 524 7293 Mixico
http://www.qed.com.mx ________________________________________________
PLEASE SEND SUPPORT MAIL TO Soporte@qed.Com.MX
A management technique:
What we do is a daily, weekly and monthly cron job of every machine.
The monthly cron job, among other things, does the following:
echo "Script Revised: @(#)monthly 1.2 91/10/14 13:00:34" echo ""
echo "Rotating wtmp file:"
cd /var/adm
mv wtmp.5 wtmp.6
mv wtmp.4 wtmp.5
mv wtmp.3 wtmp.4
mv wtmp.2 wtmp.3
mv wtmp.1 wtmp.2
mv wtmp.0 wtmp.1
mv wtmp wtmp.0
cp /dev/null wtmp
chmod 644 wtmp
It doesn't look like we rotate the wtmpx at all - but we should!
cheers,
duncan
----------------------------------------------------------------------
-------- Duncan C. White, Senior Computing Officer, Dept of Maths and
Computing Science,
University of Surrey, Guildford, Surrey GU2 5XH, UK.
Email: D.White@mcs.surrey.ac.uk Phone: +441 483
259632
URL: http://www.mcs.surrey.ac.uk/showstaff?D.White Fax: +441
483 259385
PGPkey: http://www.mcs.surrey.ac.uk/Personal/D.White/pgpkey.html Key
fingerprint = 91 93 0D 90 D0 5E 62 BF 57 39 08 56 43 FC E5 C8
----------------------------------------------------------------------
-------- "After all, this is a species whose principal means of
population control are
famine, abortion, a high infant death rate and war."
Intervention (page 442) - Julian May
----------------------------------------------------------------------
Another Pointer:
Make sure you have utmpd running. Try the following lines in
/etc/default/utmpd:
SCAN_PERIOD=30
MAX_FDS = 3
> Not sure what these do; I sent this response to Karl:
> Thanks for the pointers. Question: what do those settings
> (SCAN_PERIOD -- ours is 300, and MAX_FDS -- not present) in
> /etc/default/utmpd (yes, it is running) do?
> Rory O'Connor
--
Karl Vogel
vogelke@c17.wpafb.af.mil ASC/YCOA, Wright-Patterson AFB, OH 45433
937-255-3688
Nature is blind. We are merely short-sighted. That's an improvement.
--Henry Spencer
Another Point:
I can't give you a solution, but I can give you an idea of what to
look at. Is this perchance a machine running CDE but without a
monitor? If this is the case and you have CDE configured to put a
graphical login box up on the (nonexistent) graphics console, you will
get exactly this
behaviour. Unfortunately I don't remember how I fixed this; something
to do in /usr/dt. But if your machine meets these criteria this'll
give you somewhere to start, anyway...
+---------------------------------------------------------------------
--+ | Christopher L. Barnard O When I was a boy I was told
that | | cbarnard@tsg.cbot.com / \ anybody could become
president. | | (312) 347-4901 O---O Now I'm beginning
to believe it. | | http://www.cs.uchicago.edu/~cbarnard
--Clarence Darrow | +----------PGP public key available via finger or
PGP keyserver---------+
And this:
Well, if you say "man wtmpx" you'll see this:
| utmpx(4) File Formats utmpx(4) |
|
|
| NAME
| utmpx, wtmpx - utmpx and wtmpx entry formats |
| SYNOPSIS
| #include <utmpx.h>
|
| DESCRIPTION
| utmpx(4) is an extended version of utmp(4). |
| utmpx and wtmpx hold user and accounting information for |
commands such as who, write, and login. These files have |
the following structure as defined by <utmpx.h>:
|
> However, that man page doesn't really tell how to manage wtmp/x ;-}
If you use the "last" command and wait for it to finish, the last 3
lines of output will look like this:
| reboot system boot Mon Oct 21 18:05 |
| wtmp begins Mon Oct 21 18:05
So nothing crucial is lost by deleting the [wu]tmp[x] files; just the
record of who logged in when and suchlike.
--
Frank Pardo <fpardo@tisny.com>
Transaction Information Systems
New York City
The scholar's ink outlasts the martyr's blood. -- Irish proverb
--------------- Start RFC822 Headers ---------------
And:
rotation of the wtmp files is a common sysadmin task. I can't find
it in the Solaris 2 faq per se but its common to put somehting in cron
that does a cat /dev/null > /var/adm/wtmp and /var/adm/wtmpx
boss
---
__
_ / /_ Todd Boss, Consultant Virtualogic Incorporated
| |/ / / Unix Sysadmin/Sybase DBA 6707 Democracy Blvd,
Suite 202 | / /__ tboss@virtualogic.com Bethesda,
Maryland 20817 |__/____/ boss@netcom.com (301)
571-5100 x173
Comments
Got something to say?
You must be logged in to post a comment.
