/var/adm/wtmp - few entries & huge size. Post: 302481890

Sponsored Content

Operating Systems AIX /var/adm/wtmp - few entries & huge size. Post 302481890 by shockneck on Monday 20th of December 2010 06:08:31 AM

12-20-2010

Registered User

Quote:

Originally Posted by robroy

[...] /var/adm/wtmp on server01 is ~ 400MB large but it only has ~1200 lines. For example on server02 there are ~85000 lines and the file is ~158MB large. I check lines through 'last | wc -l'. But when I check line directly with 'wc -l /var/adm/wtmp' for server01 I have 22483 lines and for server02 10575 lines. [...]Where is the strange difference comming from?

This might happen if sbdy tried to shrink wtmp in a not supported way. I.e. if you do not blank it (e.g. cating /dev/null onto it) or write data back without using fwtmp you might damage wtmp in a way that only parts of it are usable. The second possibility is that /var got full 100% at the very moment the system logged information in wtmp. Either way you end up with a wtmp file where size and information do not seem to fit together.

How to shrink wtmp correctly has been explained a thousand times before. This procedure might also be used to repair a broken wtmp. You might want to search this group.

shockneck

View Public Profile for shockneck

Find all posts by shockneck

10 More Discussions You Might Find Interesting

1. Solaris

/var/adm/loginlog

As root I have created the loginlog file in /var/adm with permissions (r and w) for root:root only. Failed attempts(> 5) to log in as root do not get logged in the file. What am I missing?? I am on a Solaris 8 Box. :confused: :confused: :confused:

2. Solaris

sometime /var/adm/messages size 0

Hi experts, sometimes i notice in my Solaris 9 /var/adm/messages size 0. It continues for 1/2 days then again /var/adm/messages is start filling up with logs!!! What could be reason behind it. and if its a problem what could be the solution. //purple

3. AIX

Impacts of emptying /var/adm/wtmp file ?

In our operating procedures, if a workstation has a space problem in the /var filesystem, one of the most frequent case we were told is the size of the /var/adm/wtmp file. Someone once told me it is dangerous to do this. Is it ? I cannot say for certain that whomever wrote that procedure is...

4. Solaris

diff b/w /var/log/syslog and /var/adm/messages

hi sirs can u tell the difference between /var/log/syslogs and /var/adm/messages in my working place i am having two servers. in one servers messages file is empty and syslog file is going on increasing.. and in another servers message file is going on increasing but syslog file is...

5. Solaris

/var/adm & /var/sadm

what is the difference between tha /var/adm and /var/sadm files in solaris 10 Os please can any one respond quickly thanking you

6. Solaris

Difference between /var/log/syslog and /var/adm/messages

Hi, Is the contents in /var/log/syslog and /var/adm/messages are same?? Regards

7. Shell Programming and Scripting

Optimised way for search & replace a value on one line in a very huge file (File Size is 24 GB).

Hi Experts, I had to edit (a particular value) in header line of a very huge file so for that i wanted to search & replace a particular value on a file which was of 24 GB in Size. I managed to do it but it took long time to complete. Can anyone please tell me how can we do it in a optimised...

8. AIX

ftpd failed to write /var/adm/wtmp not owner

dear all this attached photo is send to me from Arcsight admin can you please advice ftpd failed to write /var/adm/wtmp not owner ftpd failed to write /var/adm/wtmp error 0

9. Solaris

/var/adm/messages (interface turned off/restored) and link up & link down message.

Hi All I am facing an issue with our new solaris machine. in /var/adm/messages root@Prod-App1:/var/tmp# root@Prod-App1:/var/tmp# root@Prod-App1:/var/tmp# cat /var/adm//messages Apr 20 03:10:01 Prod-App1 syslogd: line 25: WARNING: loghost could not be resolved Apr 20 08:24:18 Prod-App1...

10. Solaris

/var/adm/messages (insterface turned off/restored) and link up & link down message.

Hi All I am facing an issue with our new solaris machine. in /var/adm/messages Apr 22 16:43:05 Prod-App1 in.routed: interface net0 to 172.16.101.1 turned off Apr 22 16:43:33 Prod-App1 mac: NOTICE: nxge0 link up, 1000 Mbps, full duplex Apr 22 16:43:34 Prod-App1 mac: NOTICE: nxge0 link...

LEARN ABOUT DEBIAN

wcat

WCAT(1) 							   User Commands							   WCAT(1)

NAME

       wcat - printout wtmp entries

SYNOPSIS

       wcat [-w wtmp|-] [-adX[3|4]] [-s start] [-e end] [-b H[:M[:S]]] [--help] [--version]

SYNOPSIS

       Wcat provides an easy way to recover trimmed information from wtmp binary files. This tool can be useful for scripts that need only partial
       information from them.

       Notice that wcat output is binary wtmp entries so if this information is printed out to a terminal or screen it might mess it up. A  better
       use of wcat would be: wcat | rawtmp -w -

OPTIONS

       -w wtmp|-
	      Read alternate wtmp file.

       -X[3]  Read tacacs 3.x wtmp format.

       -X4    Read tacacs 4.0 wtmp format.

       -d     Output time in MMM DD HH:MM:SS date format.

       -a     Print contents of ut_addr (if it exists) instead of ut_host.

       -s start
	      Display accounting info from `start'.

       -e end Display accounting info up to `end'.

       -b H:M:S
	      Show accounting info from the last few hours/minutes/seconds.

       --help Print this help message.

       --version
	      Print the version of rawtmp.

SEE ALSO

       sac(8), ac(1), last(1), rawtmp(1), wtmp(5), netdate(8L)

FILES

       /var/log/wtmp		      login database
       /usr/adm/radacct/.../detail    Radius accounting logs

AUTHOR

       The upstream author of wcat is Steve Baker (ice@mama.indstate.edu)

       This manpage was written by Javier Fernandez-Sanguino based on help2man for the Debian GNU/Linux distribution (but can be used by others).

wcat v1.0 (c) 2001 by Steve Baker				   January 2003 							   WCAT(1)