12-20-2010
Quote:
Originally Posted by
robroy
[...] /var/adm/wtmp on server01 is ~ 400MB large but it only has ~1200 lines. For example on server02 there are ~85000 lines and the file is ~158MB large. I check lines through 'last | wc -l'. But when I check line directly with 'wc -l /var/adm/wtmp' for server01 I have 22483 lines and for server02 10575 lines. [...]Where is the strange difference comming from?
This might happen if sbdy tried to shrink wtmp in a not supported way. I.e. if you do not blank it (e.g. cating /dev/null onto it) or write data back without using fwtmp you might damage wtmp in a way that only parts of it are usable. The second possibility is that /var got full 100% at the very moment the system logged information in wtmp. Either way you end up with a wtmp file where size and information do not seem to fit together.
How to shrink wtmp correctly has been explained a thousand times before. This procedure might also be used to repair a broken wtmp. You might want to search this group.
10 More Discussions You Might Find Interesting
1. Solaris
As root I have created the loginlog file in /var/adm with permissions (r and w) for root:root only.
Failed attempts(> 5) to log in as root do not get logged in the file.
What am I missing??
I am on a Solaris 8 Box.
:confused: :confused: :confused: (4 Replies)
Discussion started by: encrypted
4 Replies
2. Solaris
Hi experts,
sometimes i notice in my Solaris 9 /var/adm/messages size 0.
It continues for 1/2 days then again /var/adm/messages is start filling up with logs!!!
What could be reason behind it. and if its a problem what could be the solution.
//purple (1 Reply)
Discussion started by: thepurple
1 Replies
3. AIX
In our operating procedures, if a workstation has a space problem in the /var filesystem, one of the most frequent case we were told is the size of the /var/adm/wtmp file.
Someone once told me it is dangerous to do this. Is it ?
I cannot say for certain that whomever wrote that procedure is... (2 Replies)
Discussion started by: Browser_ice
2 Replies
4. Solaris
hi sirs
can u tell the difference between /var/log/syslogs and /var/adm/messages
in my working place i am having two servers.
in one servers messages file is empty and syslog file is going on increasing..
and in another servers message file is going on increasing but syslog file is... (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies
5. Solaris
what is the difference between tha /var/adm and /var/sadm files in solaris 10 Os
please can any one respond quickly
thanking you (2 Replies)
Discussion started by: wkbn86
2 Replies
6. Solaris
Hi,
Is the contents in /var/log/syslog and /var/adm/messages are same??
Regards (3 Replies)
Discussion started by: vks47
3 Replies
7. Shell Programming and Scripting
Hi Experts,
I had to edit (a particular value) in header line of a very huge file so for that i wanted to search & replace a particular value on a file which was of 24 GB in Size. I managed to do it but it took long time to complete. Can anyone please tell me how can we do it in a optimised... (7 Replies)
Discussion started by: manishkomar007
7 Replies
8. AIX
dear all
this attached photo is send to me from Arcsight admin can you please advice
ftpd failed to write /var/adm/wtmp not owner
ftpd failed to write /var/adm/wtmp error 0 (1 Reply)
Discussion started by: thecobra151
1 Replies
9. Solaris
Hi All
I am facing an issue with our new solaris machine.
in /var/adm/messages
root@Prod-App1:/var/tmp#
root@Prod-App1:/var/tmp#
root@Prod-App1:/var/tmp# cat /var/adm//messages
Apr 20 03:10:01 Prod-App1 syslogd: line 25: WARNING: loghost could not be resolved
Apr 20 08:24:18 Prod-App1... (0 Replies)
Discussion started by: javeedkaleem
0 Replies
10. Solaris
Hi All
I am facing an issue with our new solaris machine.
in /var/adm/messages
Apr 22 16:43:05 Prod-App1 in.routed: interface net0 to 172.16.101.1 turned off
Apr 22 16:43:33 Prod-App1 mac: NOTICE: nxge0 link up, 1000 Mbps, full duplex
Apr 22 16:43:34 Prod-App1 mac: NOTICE: nxge0 link... (2 Replies)
Discussion started by: javeedkaleem
2 Replies
LEARN ABOUT OSF1
wtmpconvert
wtmpconvert(8) System Manager's Manual wtmpconvert(8)
NAME
wtmpconvert - Modify connect time accounting records from DIGITAL UNIX releases 4.0x and prior to new format
SYNOPSIS
/usr/lbin/wtmpconvert [-vnrp?h] input_file [output_file]
OPTIONS
Restore new format to old format. Verbose. Display lines while converting. Do not preserve contents of input file. Formatted print only.
Do not convert. (May be used with the -r option). Display usage message.
DESCRIPTION
The wtmpconvert command reads records from a connect time accounting file, such as /var/adm/wtmp, and converts the record format to the
updated struct utmp format. If no output file is specified or if the output file path is identical to the input file path, wtmpconvert
makes a backup copy of the original input file using the following algorithm: If filename.orig exists. Where n is a unique number.
The wtmpconvert command attempts to detect an input file that is in the wrong format (for example, input file is already a new format
file). A warning message is issued in this case, but conversion continues.
EXIT STATUS
Success. An error occurred.
EXAMPLES
To convert an old format accounting file to the new format: wtmpconvert /var/adm/wtmp.prev
Upon completion of this command, /var/adm/wtmp.prev will have been converted to the new format. The original /var/adm/wtmp.prev is
renamed to /var/adm/wtmp.prev.orig. To convert a wtmp file in new format to the old format: wtmpconvert -r /var/adm/wtmp
/var/adm/wtmp.old
FILES
Accounting header files that define the format for the login database file. The active login/logoff database files.
SEE ALSO
Commands: acct(8), acctcon(8), acctmerg(8), date(1), runacct(8)
Functions: getutent(3)
Files: utmp(4), wtmp(4)
wtmpconvert(8)