Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Script to truncate wtmp files
Top Forums Shell Programming and Scripting Script to truncate wtmp files Post 302903442 by Chubler_XL on Tuesday 27th of May 2014 04:36:34 PM
Old 05-27-2014
Here you keep the last 500 and compress the rest and store in /scratch.

Code:
KEEP=500
DEST=/scratch

# Delete all but last $KEEP lines from wtmp
/usr/lib/acct/fwtmp < /var/adm/wtmp > $DEST/wtmp.out
tail -$KEEP $DEST/wtmp.out | /usr/lib/acct/fwtmp -ci > /var/adm/wtmp

# Keep everything except last $KEEP line in $DEST bzip2 date-stamped file
sed -e :a -e '$d;N;2,'$KEEP'ba' -e 'P;D'  $DEST/wtmp.out | bzip2> $DEST/wtmp_$(date +%Y%m%d).bz2
rm $DEST/wtmp.out

Note: if you don't have bzip2 installed, you could use compress instead
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Need Wtmp Reader

I would loke to read the WTMP file. This is a binary file in the /var/logs directory. Is there any utility which will convert this binary file to ASCII format? (1 Reply)
Discussion started by: pgold1
1 Replies

2. UNIX for Dummies Questions & Answers

Resetting WTMP?

When I type last oracle I get dates from Nov 28, 2000 all the way back to the beginning of time it seems. The 11-28-2000 entry states that Oracle is still logged in, but if you type a who, it shows only 1 entry - the currently logged in user (Me as oracle), but I logged in only minutes ago - and... (4 Replies)
Discussion started by: cuppjr
4 Replies

3. UNIX for Dummies Questions & Answers

wtmp

Hi, is it ok if i delete wtmp on HPUX 11 under /var/adm It is filling up that filesystem Cheers (2 Replies)
Discussion started by: dsharples
2 Replies

4. UNIX for Dummies Questions & Answers

truncate wtmp

I have AIX5.1 I have been trying to learn how to truncate the /var/adm/wtmp file. I have seen several things on google actually but don't quite understand. I also searched your forums but couldn't find it. one says this ">/var/adm/wtmp Is that all I do? I have a seperate question also. I was... (1 Reply)
Discussion started by: rocker40
1 Replies

5. Shell Programming and Scripting

truncate file script is not working

Hi All, I have an application which writes log in to a file. The file size becomes around min of 800 MB a day. So I have written a script which backup the file and truncate the original file. My script is like this cp X.log /backup/X.log1 > X.log But the second truncate command... (3 Replies)
Discussion started by: mvenkat_in
3 Replies

6. Shell Programming and Scripting

Truncate Log files

Hi Gurus, I have several log files running in real time and needs to be truncated 50% or all but has to keep the logs piling up. Any ideas? For example: /var/adm/messages and others apps log files Thanks in advance! (7 Replies)
Discussion started by: anonymous1
7 Replies

7. UNIX for Dummies Questions & Answers

Script required to truncate all the lines except a specific snippet.

Hi, I have a file with the following structure. XXXXX........... YYYYY........... ................. .................. ZZZZZZ...... qwerty_start.............. .................. ................. .................. querty_end................ .............................. (3 Replies)
Discussion started by: abinash
3 Replies

8. Shell Programming and Scripting

Making wtmp files readable one at a time

New Unix user/scripter here. Been trying to solve a problem for two days now with no luck. Hoping someone here has an answer. Essentially I have a list of wtmp files which I have decompressed and copied to a temporary directory. Using the following command I can turn them into a file than can... (4 Replies)
Discussion started by: Stryfe16
4 Replies

9. Red Hat

wtmp output

Hi, Can anybody explain wtmp output fields? A dir was created at 7:11pm and I wanted to find out who was logged in at that time but as you can see there is no ip address listed when I run utmpdump against the wtmp file..... R, D. (1 Reply)
Discussion started by: Duffs22
1 Replies

LEARN ABOUT DEBIAN

rawtmp

RAWTMP(1)						      General Commands Manual							 RAWTMP(1)

NAME

       rawtmp - display wtmp entries in raw form.

SYNOPSIS

       rawtmp [-da] [-w wtmp|-] [-X[3|4]d] [-s start] [-e end] [-b H:M:S] [--help] [--version]

DESCRIPTION

       Rawtmp is a utility to dump the raw data in a wtmp or utmp file to the screen for viewing.  It may be useful to anyone who wishes to divine
       the nature of the data stored in the wtmp or utmp files.  It may also be useful to extract special wtmp entries	that  are  not	documented
       anywhere (like those netdate puts in the wtmp file).

       If on a logout, when the username is encoded in the ut_user field by replacing the first character of the username with a null, rawtmp will
       print the contents of the user field with a leading dot '.' to denote the null character. Only agetty and tacacs control software are  cur-
       rently known to use this logging method.

OPTIONS

       Rawtmp understands the following command line switches:

       --help Outputs a verbose usage listing.

       --version
	      Displays the version of rawtmp.

       -w wtmp
	      Select a different input file instead of the default (/var/log/wtmp).

       -X[3]  Read a wtmp file maintained by versions 3.3 or 3.4 Tacacs terminal server access control software.

       -X4    Read a wtmp file maintained by version 4.0 of Tacacs terminal server access control software.

       -d     Output  the  time in MMM DD HH:MM:SS format instead of raw time for a more human readable form (and to actually know what day you're
	      looking at!).

       -a     Print the contents of the ut_addr field (in quad-dotted notation) instead of using the ut_host field.  Note: ut_addr is almost never
	      used and more than likely contains garbage information.

       -b hours[:minutes[:seconds]]
	      Consider only those utmp entries that fall within the last few hours/minutes/seconds from the current time, disregarding the rest.

       -s start
	      Selects the starting date of the report, in mm/dd/yy format.

       -e end Selects the ending date of the report, in mm/dd/yy format.

FILES

       /var/log/wtmp	    login database.

AUTHOR

       Steve Baker (ice@mama.indstate.edu)

BUGS

       Could use some filtering options.

SEE ALSO

       last(1), sac(8)

UNIX Manual																 RAWTMP(1)
All times are GMT -4. The time now is 12:50 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy