Something is removing/deleting my wtmpx file?

Login or Register to Ask a Question and Join Our Community

Something is removing/deleting my wtmpx file?

Tags

Operating Systems Solaris Something is removing/deleting my wtmpx file?

Prev Next

03-06-2013

Registered User

5, 0

Join Date: Jun 2005

Last Activity: 19 March 2013, 9:29 PM EDT

Posts: 5

Thanks Given: 2

Thanked 0 Times in 0 Posts

Something is removing/deleting my wtmpx file?

hi,

we have a solaris 10 box that was handled by a different sysadmin before & now it is turned over to us for system administration. our concern is that if we issue the "last" command, it usually says "wtmp begins current day current month date 02:30". just like this "wtmp begins Thu Mar 7 02:30"

we suspect that there is a cronjob that runs & deletes the wtmpx file. when i run the crontab -l (as root) command, there is no job that is scheduled on 2:30am. what we would like is to retain the wtmpx file at least for 1 week so that we can have a historical log of users then we will just manually delete/rotate wtmpx.
can you help me figure out which in my crontab entry is doing the deletion of the wtmpx. here's what is in the crontab file:

Code:

#ident  "@(#)root       1.21    04/03/23 SMI"
#
# The root crontab should be used to perform accounting data collection.
#
#
10 3 * * * /usr/sbin/logadm
15 3 * * 0 /usr/lib/fs/nfs/nfsfind
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean
#10 3 * * * /usr/lib/krb5/kprop_script ___slave_kdcs___
00 06 * * * /usr/bin/metacheck.ksh
0 2 * * 4 /usr/lib/acct/dodisk

logadm uses the /etc/logadm.conf file & here is what is inside logadm.conf:

Code:

/var/log/syslog -C 8 -P 'Sun Mar  3 19:10:00 2013' -a 'kill -HUP `cat /var/run/syslog.pid`'
/var/adm/messages -C 4 -P 'Sun Mar  3 19:10:00 2013' -a 'kill -HUP `cat /var/run/syslog.pid`'
/var/cron/log -P 'Wed Mar  6 19:10:00 2013' -c -s 10240k -t /var/cron/olog
/var/lp/logs/lpsched -C 2 -N -P 'Tue Mar  5 19:10:00 2013' -t '$file.$N'
/var/fm/fmd/errlog -M '/usr/sbin/fmadm -q rotate errlog && mv /var/fm/fmd/errlog.0- $nfile' -N -s 2m
/var/fm/fmd/fltlog -A 6m -M '/usr/sbin/fmadm -q rotate fltlog && mv /var/fm/fmd/fltlog.0- $nfile' -N -s 10m
smf_logs -C 8 -s 1m /var/svc/log/*.log
#
# The entry below is used by turnacct(1M)
#
/var/adm/pacct -C 0 -N -P 'Thu Mar  7 03:00:00 2013' -a '/usr/lib/acct/accton pacct' -g adm -m 664 -o adm -p never
#
# The entry below manages the Dynamic Resource Pools daemon (poold(1M)) logfile.
#
/var/log/pool/poold -N -a 'pkill -HUP poold; true' -s 512k
/var/svc/log/application-management-sunmcagent:default.log -P 'Wed Mar  6 19:10:00 2013'

thanks.

booghaw

View Public Profile for booghaw

Find all posts by booghaw

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Getting information from the wtmpx file

Hi, I tried running the command "last" in the server to check the users that were last logged into the system. However, I get this error : root@csidblog:# last /var/adm/wtmpx: Value too large for defined data type How do I proceed to get this info? I read some forums suggesting to use...

2. Solaris

Wtmpx File Permissions Question

Hi all, I have been tasked to change permissions on the wtmpx file to 640. Currently the permissions are at 644. My question is will anything be affected if I change the permissions as shown? Thanks in advance. Derek

3. Solaris

WTMPX File corrupted

Hi All I work on solaris 8, 9 and 10 platforms and have encountered an error which is my wtmpx files appear to be corrupted as all entries contain the date 1970 (the birth of unix). Now this is obviously not the case, so my query is: 1 - Can the existing wtmpx files be manipulated to...

4. Shell Programming and Scripting

Deleting pattern without removing line

I am trying to delete a pattern without removing line. I searched a lot in this forum and using those I could come up with sed command but it seems that command does not work. Here's how my file looks like: 1 ./63990 7 1171 ./63990 2 2425 ./63990 9 2539 ./63990 1 3125 ./63990 1 10141...

5. UNIX for Dummies Questions & Answers

Deleting/Removing sentence from .txt

Hi, now i need to remove the entires i inserted into my .txt file. echo -n "Title: " read Title echo -n "Author: " read Author if grep -q "$Title: $Author" "BookDB.txt"; then sed '$Title: $Author' BookDB.txt echo "Book Title '$Title' removed successfully!" ...

6. Solaris

wtmpx file

What could possibly happen if wtmpx file got deleted by mistake? Thanks,

7. UNIX for Advanced & Expert Users

wtmpx file is not updating

Hi in my solaris 9 system wmptx file is not updating so it is not recording any login or logout or any other entry. can any one tell me how to solve this problem

8. Solaris

wtmpx file is too big

Hi, I am using Sun Solaris 5.9 OS. I have found a file called wtmpx having a size of 5.0 GB. I want to clear this file using :>/var/adm/wtmpx. My query is, would it cause any problem to the running live system. Could anyone suggest the best method to clear the file without causing problem to...

9. UNIX for Dummies Questions & Answers

wtmpx file

Hello everybody: the wtmpx file on my Sol8 machine, got so big (2GB), that my root partition is almost full now, can I empty that file, I read about it that it contains database of user access and auditing, so in case I emptied it will it affect my system?? Thanks alot

10. UNIX for Advanced & Expert Users

how to delete entry in file "wtmpx"(/var/adm/wtmpx)

Do someone know how to delete entry(some lines) in file "wtmpx" that command "last" use it. this file is binary so I cannot edit directy. ========================= #last root pts/1 noc Fri Mar 3 22:04 still logged in root pts/1 noc Fri Mar 3 22:01 - 22:02 ...

Login or Register to Ask a Question