growth of wtmpx
2007-12-25 8:59:00
> I have a SS1000 under SOLARIS 2.3 with recommended patches as
> of April 1994 and 101318-68. I am becoming very alarmed at the
> rate at which /var/adm/wtmpx is growing now that many people are
> logging on and off this machine. Is there any way to truncate
> this and associated files wtmp, lastlog etc or do I have to save
> the files then cp /dev/null to the files which seems a bit drastic.
Thanks to all who responed so promptly. Lots of "me toos" so I will
not do a lot of editing on the most interesting responses:
from Neil Rickert <rickert@cs.niu.edu>
I am doing the following:
mkdir x
touch x/wtmp x/wtmpx
chmod 664 x/*
chown adm x/*
chgrp adm x/*
ln wtmpx wtmpx.OLD
ln wtmp wtmp.OLD
mv x/* .
rmdir x
gzip wtmpx.OLD wtmp.OLD
It seems to work fine.
I put the two new files in a separate directory, and move them
together, so as to minimize the time delay. Ideally, the two files
should be replaced in a single atomic operation. What I do is the
closest thing possible with shell scripts.
-----------------------------------------------------------------------
Several suggested a cron job that rotates the files then copies /dev/null
to wtmp and wtmpx. Of course the old files should be compressed.
Here is an example from: rangern@CIRANO.UMontreal.CA (Normand Ranger)
#
# Rotation of wtmp and wtmpx files
#
echo "" >> $MONTHLY
echo "Rotating wtmp files:" >> $MONTHLY
cd /var/adm
mv wtmp.5.Z wtmp.6.Z
mv wtmp.4.Z wtmp.5.Z
mv wtmp.3.Z wtmp.4.Z
mv wtmp.2.Z wtmp.3.Z
mv wtmp.1.Z wtmp.2.Z
mv wtmp.0.Z wtmp.1.Z
mv wtmp wtmp.0
compress -f wtmp.0
cp /dev/null wtmp
chmod 644 wtmp
echo "" >> $MONTHLY
echo "Rotating wtmpx files:" >> $MONTHLY
cd /var/adm)
mv wtmpx.5.Z wtmpx.6.Z
mv wtmpx.4.Z wtmpx.5.Z
mv wtmpx.3.Z wtmpx.4.Z
mv wtmpx.2.Z wtmpx.3.Z
mv wtmpx.1.Z wtmpx.2.Z
mv wtmpx.0.Z wtmpx.1.Z
mv wtmpx wtmpx.0
compress -f wtmpx.0
cp /dev/null wtmpx
chmod 644 wtmpx
-----------------------------------------------------------------------------
"Susan M. Menig" <ddq251f@shoes.Bell-Atl.Com> referred me to the man page
for fwtmp
------------------------------------------------------------------------------
The most elegant solution came from David R Courtade <drc@amherst.com>
(Thanks David!) who has programs that will trim /var/adm/wtmp
and /var/adm/wtmpx to a user specified number of days. David has placed
copies of wtmp_trim and wtmpx_trim in /pub/SolarisEXEs on odo.amherst.com.
David provided the following information:
These executables do what their name says. The default
is to trim to 30 days. If you want the number of days to save can be
added as a parameter (e.g. wtmp_trim 5 - will save data newer than 5
days). I can't find the source code for these ( iknow I have it somewhere
on my network :-/). I hope these will be helpful for you.
I have not yet had an opportunity to retrieve and use these programs.
-----------------------------------------------------------------------------------
Thanks also to :
Duncan Laidlaw
Placer Dome Inc.
Vancouver, B.C.
Canada
Comments
Got something to say?
You must be logged in to post a comment.
