I have 2 boxes running HP-UX B.11.23 U ia64, one production, one development.
I just found out that "last" is not working on the production machine. After some investigation, I find that the /var/adm/wtmps file has been allowed to grow and then has not been touched since Dec 2007. /var/adm/wtmp shows a recent date but no history.
Production:
Everything works fine on the development machine.
Development:
I'm assuming all I need to do in production is cat /dev/null > /var/adm/wtmps to fix this. Is that correct?
But I'm more concerned going forward. Evidently, I need to set up some sort of archive and clean up process for this file.
I've looked around here but have some questions I couldn't find answers to.
1) what is the difference between /var/adm/wtmp and var/adm/wtmps?
2) what is the best way to copy off this log? Can I still use the command last on a copy?
3) I'm trying some commands on the development box and am getting bad results. If I use the command last, it works fine. If I try to use the command last with the -f switch I get the error: pid exceeds MAXPID: wtmp file corrupted.
4) Whatever the answers are for wtmps is the same true for btmps?
Last edited by Yogesh Sawant; 06-20-2009 at 01:21 PM..
Reason: added code tags
1) man 4 wtmps
2) To copy the wtmps or btmps, just use ordinary "cp -p" to a new filename. Then null as you describe.
You can use "last -f" or "lastb -f" respectively on an uncorrupted copy.
3) Your wtmps file on the production server is perilously close to 2Gb and may already be corrupted. The timestamp suggests that it broke in December.
See "man wtmpfix", but beware that the text version of wtmps files is bigger than the original and it may be better to filter repair data by date.
4) Use program "last" on a wtmps file and program "lastb" on a btmps file. Otherwise all comments apply to both.
Footnotes:
Your "btmps" file on the production server is remarkably large. Well worth analyzing with btmp to find out why there are so many failed logins. last time I saw this it was a frequent cron for an expired account!
We archive these files weekly and keep a few weeks for analysis.
Last edited by methyl; 04-23-2009 at 11:38 AM..
Reason: Corrections.
grep \"^`date "+%b %d %T"`\" /var/adm/messages | egrep \"emerg|alert|crit|err|warning\
but get an output like this
ksh: alert: not found
ksh: crit: not found
ksh: err: not found
ksh: warning": not found
grep: can't open "19"
grep: can't open "16:27:16"" (1 Reply)
hi sirs
can u tell the difference between /var/log/syslogs and /var/adm/messages
in my working place i am having two servers.
in one servers messages file is empty and syslog file is going on increasing..
and in another servers message file is going on increasing but syslog file is... (2 Replies)
I'm running a Solaris 9 box with Oracle databases on it.
I'm getting the following messages in my /var/adm/messages log
"Jun 24 12:30:32 sundb01 bootpd: IP address not found: xxx.xxx.xxx.xxx"
...where xxx.xxx.xxx.xxx is DHCP IP addresses of Windows 2000 workstations in the organisation. ... (2 Replies)
Hi,
Here im using WinSCP and looking into the remote dir var/adm/cron and I get the following error.Is this bcoz i dont have admin privileges:
Cannot get real path for '/var/adm/cron'.
Unexpected OK response.
Error code: 0
Error message from server: Success
Request code: 16
BTW im... (1 Reply)
As root I have created the loginlog file in /var/adm with permissions (r and w) for root:root only.
Failed attempts(> 5) to log in as root do not get logged in the file.
What am I missing??
I am on a Solaris 8 Box.
:confused: :confused: :confused: (4 Replies)
Solaris 8/ sun 420R
Checked /var/adm/messages file and got the following message:
Dec 4 16:40:05 serverXYZ ConfigProvider: get_pkg_instdate: getdate failed for the standard C locale (7)
Does anyone know what this means? Looked up getdate but do not understand....
Thanks. (1 Reply)
Just want to check with all of you out there what does the following warning means in my "messages" file in /var/adm
the warning is Prevous Time Adjustment Incomplete , does it mean my hard ware is faulty if so which piece of hardware it is ? (1 Reply)