01-24-2012
Corrupt wtmpx fixing
In my experience, a corrupt wtmpx (or wtmp) file is ususally due to a write to the file being interrupted in the middle of writing a record. This means that log entries after this event will be shifted a number of bytes which are not a whole record.
The file has fixed-lenghth records. When reading the file from start, and the file is corrupted, there is somewhere a record which is shorter than the record length, and the reading program gets out of synch with the records.
So the way to fix the file is to find and remove the incomplete record. This can be done in a binary-capable editor such as Emacs (I have used that), where you look for recurring patterns to find the start of records, and when you find the short record you remove that and save the file. Formatting it with fwtmp will aid you in finding the number of records you need to pass before reaching the faulty record.
Possibly a simpler method would be to use dd in intelligent ways to first read the uncorrupted part of the file and then skip an offset of a number of bytes until you get output which can be formatted correctly by fwtmp.
What I am getting at is that you don't have to throw away the last part of the file, the information can be recovered by using my method.
Last edited by sebofo; 01-24-2012 at 05:56 AM..
Reason: Added info
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Do someone know how to delete entry(some lines)
in file "wtmpx" that command "last" use it.
this file is binary so I cannot edit directy.
=========================
#last
root pts/1 noc Fri Mar 3 22:04 still logged in
root pts/1 noc Fri Mar 3 22:01 - 22:02 ... (4 Replies)
Discussion started by: arm_naja
4 Replies
2. UNIX for Dummies Questions & Answers
Hello everybody:
the wtmpx file on my Sol8 machine, got so big (2GB), that my root partition is almost full now, can I empty that file, I read about it that it contains database of user access and auditing, so in case I emptied it will it affect my system??
Thanks alot (3 Replies)
Discussion started by: aladdin
3 Replies
3. Solaris
Hi,
I am using Sun Solaris 5.9 OS. I have found a file called wtmpx having a size of 5.0 GB. I want to clear this file using :>/var/adm/wtmpx. My query is, would it cause any problem to the running live system.
Could anyone suggest the best method to clear the file without causing problem to... (6 Replies)
Discussion started by: Vijayakumarpc
6 Replies
4. UNIX for Advanced & Expert Users
Hi
in my solaris 9 system wmptx file is not updating so it is not recording any login or logout or any other entry.
can any one tell me how to solve this problem (0 Replies)
Discussion started by: aaysa123
0 Replies
5. Solaris
What could possibly happen if wtmpx file got deleted by mistake?
Thanks, (8 Replies)
Discussion started by: Pouchie1
8 Replies
6. Solaris
Hi, saw couple threads about wtmpx corruption, I had this problem on many servers, last command was not working or displaying old output, found good information on a thread on this site and wrote a perl script to fix, thought it might help some people.
I found that using wtmpfix I lost many... (0 Replies)
Discussion started by: yannm
0 Replies
7. UNIX for Advanced & Expert Users
Hi all,
I have F5 load balancer on my system and checking service status by opening an ftp session in every 30 seconds. These ftp sessions are being logged in /var/adm/wtmpx and filling up the file. when i run the last command most of the output is this ftp session. I was wondering if there is a... (1 Reply)
Discussion started by: cepxat
1 Replies
8. Solaris
hi,
we have a solaris 10 box that was handled by a different sysadmin before & now it is turned over to us for system administration. our concern is that if we issue the "last" command, it usually says "wtmp begins current day current month date 02:30". just like this "wtmp begins Thu Mar 7... (6 Replies)
Discussion started by: booghaw
6 Replies
9. Solaris
Hi all,
I have been tasked to change permissions on the wtmpx file to 640. Currently the permissions are at 644. My question is will anything be affected if I change the permissions as shown? Thanks in advance.
Derek (2 Replies)
Discussion started by: Derk Berk
2 Replies
10. UNIX for Advanced & Expert Users
Hi,
I tried running the command "last" in the server to check the users that were last logged into the system.
However, I get this error :
root@csidblog:# last
/var/adm/wtmpx: Value too large for defined data type
How do I proceed to get this info?
I read some forums suggesting to use... (2 Replies)
Discussion started by: anaigini45
2 Replies
LEARN ABOUT DEBIAN
install-solaris
install-solaris(1M) install-solaris(1M)
NAME
install-solaris - install the Solaris operating system
SYNOPSIS
install-solaris
install-solaris invokes the Solaris Install program. Depending on graphical capability and available memory at the time of invocation,
install-solaris invokes either a text-based installer or a graphical installer.
The following minimum requirements for physical memory dictate which features are available during installation:
For SPARC machines:
128 MB
Minimum physical memory for all installation types
128 MB
Minimum physical memory required for windowing system
384 MB
Minimum physical memory required for graphical-based installation
For x86 machines:
256 MB
Minimum physical memory for all installation types
256 MB
Minimum physical memory required for windowing system
512 MB
Minimum physical memory required for graphical-based installation
In some cases, even if the minimum physical memory is present, available virtual memory after system startup can limit the number of fea-
tures available.
install-solaris exists only on the Solaris installation media (CD or DVD) and should be invoked only from there. Refer to the for more
details.
install-solaris allows installation of the operating system onto any standalone system. install-solaris loads the software available on the
installation media. Refer to the for disk space requirements.
Refer to the for more information on the various menus and selections.
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcdrom (Solaris instal- |
| |lation media) |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
pkginfo(1), install(1M), pkgadd(1M), attributes(5)
It is advisable to exit install-solaris by means of the exit options in the install-solaris menus.
23 Sep 2005 install-solaris(1M)