Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: WTMPX File corrupted
Operating Systems Solaris WTMPX File corrupted Post 302585828 by jim mcnamara on Thursday 29th of December 2011 10:30:29 AM
Old 12-29-2011
I have seen data "messed up" on boxes that have excessively large utmpx or wtmpx files.
Or there are disk space issues.

There is no known bug (or patch) for this problem (AFAIK), so I would look at your file sizes, and maybe use dd to rescue the good data from earlier in the file.

The utmpd daemon writes to utmpx and wtmpx, so you can stop the daemon for a minute while you rename the old files.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

how to delete entry in file "wtmpx"(/var/adm/wtmpx)

Do someone know how to delete entry(some lines) in file "wtmpx" that command "last" use it. this file is binary so I cannot edit directy. ========================= #last root pts/1 noc Fri Mar 3 22:04 still logged in root pts/1 noc Fri Mar 3 22:01 - 22:02 ... (4 Replies)
Discussion started by: arm_naja
4 Replies

2. UNIX for Dummies Questions & Answers

wtmpx file

Hello everybody: the wtmpx file on my Sol8 machine, got so big (2GB), that my root partition is almost full now, can I empty that file, I read about it that it contains database of user access and auditing, so in case I emptied it will it affect my system?? Thanks alot (3 Replies)
Discussion started by: aladdin
3 Replies

3. Solaris

wtmpx file is too big

Hi, I am using Sun Solaris 5.9 OS. I have found a file called wtmpx having a size of 5.0 GB. I want to clear this file using :>/var/adm/wtmpx. My query is, would it cause any problem to the running live system. Could anyone suggest the best method to clear the file without causing problem to... (6 Replies)
Discussion started by: Vijayakumarpc
6 Replies

4. UNIX for Advanced & Expert Users

wtmpx file is not updating

Hi in my solaris 9 system wmptx file is not updating so it is not recording any login or logout or any other entry. can any one tell me how to solve this problem (0 Replies)
Discussion started by: aaysa123
0 Replies

5. Solaris

wtmpx file

What could possibly happen if wtmpx file got deleted by mistake? Thanks, (8 Replies)
Discussion started by: Pouchie1
8 Replies

6. Solaris

wtmpx corrupted ? fix ...

Hi, saw couple threads about wtmpx corruption, I had this problem on many servers, last command was not working or displaying old output, found good information on a thread on this site and wrote a perl script to fix, thought it might help some people. I found that using wtmpfix I lost many... (0 Replies)
Discussion started by: yannm
0 Replies

7. UNIX for Advanced & Expert Users

Not logging ftp connections in /var/adm/wtmpx file (in last command output)

Hi all, I have F5 load balancer on my system and checking service status by opening an ftp session in every 30 seconds. These ftp sessions are being logged in /var/adm/wtmpx and filling up the file. when i run the last command most of the output is this ftp session. I was wondering if there is a... (1 Reply)
Discussion started by: cepxat
1 Replies

8. Solaris

Something is removing/deleting my wtmpx file?

hi, we have a solaris 10 box that was handled by a different sysadmin before & now it is turned over to us for system administration. our concern is that if we issue the "last" command, it usually says "wtmp begins current day current month date 02:30". just like this "wtmp begins Thu Mar 7... (6 Replies)
Discussion started by: booghaw
6 Replies

9. Solaris

Wtmpx File Permissions Question

Hi all, I have been tasked to change permissions on the wtmpx file to 640. Currently the permissions are at 644. My question is will anything be affected if I change the permissions as shown? Thanks in advance. Derek (2 Replies)
Discussion started by: Derk Berk
2 Replies

10. UNIX for Advanced & Expert Users

Getting information from the wtmpx file

Hi, I tried running the command "last" in the server to check the users that were last logged into the system. However, I get this error : root@csidblog:# last /var/adm/wtmpx: Value too large for defined data type How do I proceed to get this info? I read some forums suggesting to use... (2 Replies)
Discussion started by: anaigini45
2 Replies

LEARN ABOUT SUNOS

utmpd

utmpd(1M)																 utmpd(1M)

NAME

       utmpd - utmpx monitoring daemon

SYNOPSIS

       utmpd [-debug]

       The utmpd daemon monitors the /var/adm/utmpx file. See utmpx(4) (and utmp(4) for historical information).

       utmpd  receives	requests  from pututxline(3C) by way of a named pipe. It maintains a table of processes and uses poll(2) on /proc files to
       detect process termination. When utmpd detects that a process has terminated, it checks that the process has removed its utmpx  entry  from
       /var/adm/utmpx.	If  the  process'  utmpx  entry has not been removed, utmpd removes the entry. By periodically scanning the /var/adm/utmpx
       file, utmpd also monitors processes that are not in its table.

       -debug	Run in debug mode, leaving the process connected to the controlling terminal. Write debugging information to standard output.

       The following exit values are returned:

       0	Successful completion.

       >0	An error occurred.

       /etc/default/utmpd

	   You can set default values for the flags listed below. For example: SCAN_PERIOD=600

	   SCAN_PERIOD

	       The number of seconds that utmpd sleeps between checks of /proc to see if monitored processes are still alive. The default is 300.

	   MAX_FDS

	       The maximum number of processes that utmpd attempts to monitor. The default value is 4096.

	   WTMPX_UPDATE_FREQ

	       The number of seconds that utmpd sleeps between read accesses of the wtmpx file. The wtmpx file's  last	access	time  is  used	by
	       init(1M) on reboot to determine when the operating system became unavailable. The default is 60.

       /var/adm/utmpx

	   File containing user and accounting information for commands such as who(1), write(1), and login(1).

       /proc

	   Directory containing files for processes whose utmpx entries are being monitored.

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

       svcs(1), init(1M), svcadm(1M), poll(2), pututxline(3C), proc(4), utmp(4), utmpx(4), attributes(5), smf(5)

NOTES

       If  the	filesystem  holding  /var/adm/wtmpx is mounted with options which inhibit or defer access time updates, an unknown amount of error
       will be introduced into the utmp DOWN_TIME record's timestamp in the event of an uncontrolled shutdown (for example, a  crash  or  loss	of
       power ). Controlled shutdowns will update the modify time of /var/adm/wtmpx, which will be used on the next boot to determine when the pre-
       vious shutdown ocurred, regardless of access time deferral or inhibition.

       The utmpd service is managed by the service management facility, smf(5), under the service identifier:

       svc:/system/filesystem/utmp:default

       Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed  using  svcadm(1M).  The  ser-
       vice's status can be queried using the svcs(1) command.

								    12 Sep 2005 							 utmpd(1M)
All times are GMT -4. The time now is 04:18 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy