SUMMARY growth of wtmpx

From: Duncan Laidlaw Solaris Admin (duncan@placer1.wimsey.com)
Date: Thu Apr 13 1995 - 10:46:37 CDT


The original question:

> I have a SS1000 under SOLARIS 2.3 with recommended patches as
> of April 1994 and 101318-68. I am becoming very alarmed at the
> rate at which /var/adm/wtmpx is growing now that many people are
> logging on and off this machine. Is there any way to truncate
> this and associated files wtmp, lastlog etc or do I have to save
> the files then cp /dev/null to the files which seems a bit drastic.

Thanks to all who responed so promptly. Lots of "me toos" so I will
not do a lot of editing on the most interesting responses:

from Neil Rickert <rickert@cs.niu.edu>

I am doing the following:

        mkdir x
        touch x/wtmp x/wtmpx
        chmod 664 x/*
        chown adm x/*
        chgrp adm x/*
        ln wtmpx wtmpx.OLD
        ln wtmp wtmp.OLD
        mv x/* .
        rmdir x
        gzip wtmpx.OLD wtmp.OLD

It seems to work fine.

I put the two new files in a separate directory, and move them
together, so as to minimize the time delay. Ideally, the two files
should be replaced in a single atomic operation. What I do is the
closest thing possible with shell scripts.

-----------------------------------------------------------------------

Several suggested a cron job that rotates the files then copies /dev/null
to wtmp and wtmpx. Of course the old files should be compressed.

Here is an example from: rangern@CIRANO.UMontreal.CA (Normand Ranger)

#
# Rotation of wtmp and wtmpx files
#

        echo "" >> $MONTHLY
        echo "Rotating wtmp files:" >> $MONTHLY
        cd /var/adm
        mv wtmp.5.Z wtmp.6.Z
        mv wtmp.4.Z wtmp.5.Z
        mv wtmp.3.Z wtmp.4.Z
        mv wtmp.2.Z wtmp.3.Z
        mv wtmp.1.Z wtmp.2.Z
        mv wtmp.0.Z wtmp.1.Z
        mv wtmp wtmp.0
        compress -f wtmp.0
        cp /dev/null wtmp
        chmod 644 wtmp

        echo "" >> $MONTHLY
        echo "Rotating wtmpx files:" >> $MONTHLY
        cd /var/adm)
        mv wtmpx.5.Z wtmpx.6.Z
        mv wtmpx.4.Z wtmpx.5.Z
        mv wtmpx.3.Z wtmpx.4.Z
        mv wtmpx.2.Z wtmpx.3.Z
        mv wtmpx.1.Z wtmpx.2.Z
        mv wtmpx.0.Z wtmpx.1.Z
        mv wtmpx wtmpx.0
        compress -f wtmpx.0
        cp /dev/null wtmpx
        chmod 644 wtmpx

-----------------------------------------------------------------------------
 
"Susan M. Menig" <ddq251f@shoes.Bell-Atl.Com> referred me to the man page
for fwtmp

------------------------------------------------------------------------------

The most elegant solution came from David R Courtade <drc@amherst.com>
(Thanks David!) who has programs that will trim /var/adm/wtmp
and /var/adm/wtmpx to a user specified number of days. David has placed
copies of wtmp_trim and wtmpx_trim in /pub/SolarisEXEs on odo.amherst.com.

David provided the following information:

These executables do what their name says. The default
is to trim to 30 days. If you want the number of days to save can be
added as a parameter (e.g. wtmp_trim 5 - will save data newer than 5
days). I can't find the source code for these ( iknow I have it somewhere
on my network :-/). I hope these will be helpful for you.

I have not yet had an opportunity to retrieve and use these programs.

-----------------------------------------------------------------------------------

Thanks also to :

dfalk@sqwest.bc.ca
oberlander@austin.asc.slb.com

Duncan Laidlaw
Placer Dome Inc.
Vancouver, B.C.
Canada



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:21 CDT