I've used dd to read "records " up to a certain point in the old file and move them to a new file, discarding the rest.
/usr/lib/acct/wtmpfix - this will attempt correct dates, it does not always work. The fact that is exists testifies to wtmpx corruption being an old problem.
methyl is right about rotating accounting files, very important to do.
I made up the 100000 in the dd example below, you have to determine where the line in the file goes south and you can't fix it:
You want to keep as many records as possible.
And I don't think it is a bug, per se. Sun used to explicitly tell you to rotate accounting logs to avoid corruption. And fwtmp was made for sysadmins who did not read that warning, I guess they got tired of hearing about it.
Last edited by jim mcnamara; 12-29-2011 at 02:28 PM..
This User Gave Thanks to jim mcnamara For This Post:
Do someone know how to delete entry(some lines)
in file "wtmpx" that command "last" use it.
this file is binary so I cannot edit directy.
=========================
#last
root pts/1 noc Fri Mar 3 22:04 still logged in
root pts/1 noc Fri Mar 3 22:01 - 22:02 ... (4 Replies)
Hello everybody:
the wtmpx file on my Sol8 machine, got so big (2GB), that my root partition is almost full now, can I empty that file, I read about it that it contains database of user access and auditing, so in case I emptied it will it affect my system??
Thanks alot (3 Replies)
Hi,
I am using Sun Solaris 5.9 OS. I have found a file called wtmpx having a size of 5.0 GB. I want to clear this file using :>/var/adm/wtmpx. My query is, would it cause any problem to the running live system.
Could anyone suggest the best method to clear the file without causing problem to... (6 Replies)
Hi
in my solaris 9 system wmptx file is not updating so it is not recording any login or logout or any other entry.
can any one tell me how to solve this problem (0 Replies)
Hi, saw couple threads about wtmpx corruption, I had this problem on many servers, last command was not working or displaying old output, found good information on a thread on this site and wrote a perl script to fix, thought it might help some people.
I found that using wtmpfix I lost many... (0 Replies)
Hi all,
I have F5 load balancer on my system and checking service status by opening an ftp session in every 30 seconds. These ftp sessions are being logged in /var/adm/wtmpx and filling up the file. when i run the last command most of the output is this ftp session. I was wondering if there is a... (1 Reply)
hi,
we have a solaris 10 box that was handled by a different sysadmin before & now it is turned over to us for system administration. our concern is that if we issue the "last" command, it usually says "wtmp begins current day current month date 02:30". just like this "wtmp begins Thu Mar 7... (6 Replies)
Hi all,
I have been tasked to change permissions on the wtmpx file to 640. Currently the permissions are at 644. My question is will anything be affected if I change the permissions as shown? Thanks in advance.
Derek (2 Replies)
Hi,
I tried running the command "last" in the server to check the users that were last logged into the system.
However, I get this error :
root@csidblog:# last
/var/adm/wtmpx: Value too large for defined data type
How do I proceed to get this info?
I read some forums suggesting to use... (2 Replies)
Discussion started by: anaigini45
2 Replies
LEARN ABOUT OPENSOLARIS
wtmpfix
fwtmp(1M) System Administration Commands fwtmp(1M)NAME
fwtmp, wtmpfix - manipulate connect accounting records
SYNOPSIS
/usr/lib/acct/fwtmp [-ic]
/usr/lib/acct/wtmpfix [file]...
DESCRIPTION
fwtmp reads from the standard input and writes to the standard output, converting binary records of the type found in /var/adm/wtmpx to
formatted ASCII records. The ASCII version is useful when it is necessary to edit bad records.
wtmpfix examines the standard input or named files in utmpx format, corrects the time/date stamps to make the entries consistent, and
writes to the standard output. A hyphen (-) can be used in place of file to indicate the standard input. If time/date corrections are not
performed, acctcon(1M) will fault when it encounters certain date-change records.
Each time the date is set, a pair of date change records are written to /var/adm/wtmpx. The first record is the old date denoted by the
string "old time" placed in the line field and the flag OLD_TIME placed in the type field of the utmpx structure. The second record speci-
fies the new date and is denoted by the string new time placed in the line field and the flag NEW_TIME placed in the type field. wtmpfix
uses these records to synchronize all time stamps in the file.
In addition to correcting time/date stamps, wtmpfix will check the validity of the name field to ensure that it consists solely of alphanu-
meric characters or spaces. If it encounters a name that is considered invalid, it will change the login name to INVALID and write a diag-
nostic to the standard error. In this way, wtmpfix reduces the chance that acctcon will fail when processing connect accounting records.
OPTIONS -ic Denotes that input is in ASCII form, and output is to be written in binary form.
FILES
/var/adm/wtmpx history of user access and administration information
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWaccu |
+-----------------------------+-----------------------------+
SEE ALSO acctcom(1), ed(1), acct(1M), acctcms(1M), acctcon(1M), acctmerg(1M), acctprc(1M), acctsh(1M), runacct(1M), acct(2), acct.h(3HEAD),
utmpx(4), attributes(5)SunOS 5.11 22 Feb 1999 fwtmp(1M)