11-04-2004
>/var/adm/wtmp
Is basically saying "redirect nothing's STDOUT to the file /var/adm/wtmp", which is essentially the same as the longhand "cat /dev/null > /var/adm/wtmp" - this is a fairly common method of truncating a file down to 0 bytes.
As for the list of files.... I only administer HP-UX and Linux, so one of the AIXers here will be able to give more info, but for a start anything under /var/adm (or Linux - /var/log) is game. Also, keep your beady eye on /tmp and /var/tmp as these can quickly fill filesystems if not managed properly. Also keep an eye on wayward mail spools filling up (some /var/mail/* others /var/spool/mail/*). I should probably say that I'd rather use some form of log rotation mechanism so that logs are archived x times, rotated and removed (such as logrotate under linux), rather than blithely wiping things out.
Unfortunately the things that fill up systems the fastest are the users
Cheers
ZB
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I would loke to read the WTMP file. This is a binary file in the /var/logs directory. Is there any utility which will convert this binary file to ASCII format? (1 Reply)
Discussion started by: pgold1
1 Replies
2. UNIX for Dummies Questions & Answers
Here's a usefull perl script to trim the wtmp file,
in case it got too big, which happens sometimes, or got curropted (which also happens often).
You could learn from here how to parse the wtmp file...
but of course for just reading its content always simply use "last" like Neo said....
... (0 Replies)
Discussion started by: me2unix
0 Replies
3. UNIX for Dummies Questions & Answers
When I type last oracle I get dates from Nov 28, 2000 all the way back to the beginning of time it seems. The 11-28-2000 entry states that Oracle is still logged in, but if you type a who, it shows only 1 entry - the currently logged in user (Me as oracle), but I logged in only minutes ago - and... (4 Replies)
Discussion started by: cuppjr
4 Replies
4. UNIX for Dummies Questions & Answers
Hi, is it ok if i delete wtmp on HPUX 11 under /var/adm
It is filling up that filesystem
Cheers (2 Replies)
Discussion started by: dsharples
2 Replies
5. AIX
Hello everyone
I have a problem with the file wtmp that is on /var/adm
This file was not on this directory (adm).
I try creating a new file with the correct rights (644) and owner (adm:adm)
but It doesnt work.
If I type the last command i get this
last
ora10g ... (4 Replies)
Discussion started by: lo-lp-kl
4 Replies
6. AIX
Hello,
Is there a difference between the following commands besides consider the file permissions?
/usr/sbin/acct/nulladm /var/adm/wtmp
>/var/adm/wtmp
cat /dev/null >/var/adm/wtmp
Today I tried the second command and it worked... (2 Replies)
Discussion started by: x_adm
2 Replies
7. Red Hat
Hi,
Can anybody explain wtmp output fields?
A dir was created at 7:11pm and I wanted to find out who was logged in at that time but as you can see there is no ip address listed when I run utmpdump against the wtmp file.....
R,
D. (1 Reply)
Discussion started by: Duffs22
1 Replies
8. AIX
Anyone got experience where wtmp logs get truncated everyday? Though sulog, failedlogin and lastlog seems to be fine.
The server uptime is 18 days running on AIX 5.3. Sorry this seems to be a generic questions but never really encountered before. (6 Replies)
Discussion started by: depam
6 Replies
9. Shell Programming and Scripting
Hi,
Does anyone have a script to truncate the wtmp file.
I want to move older entries in the wtmp to a new file and move it out of var/adm and shrink the size. (4 Replies)
Discussion started by: ElizabethPJ
4 Replies
LEARN ABOUT OSF1
wtmpconvert
wtmpconvert(8) System Manager's Manual wtmpconvert(8)
NAME
wtmpconvert - Modify connect time accounting records from DIGITAL UNIX releases 4.0x and prior to new format
SYNOPSIS
/usr/lbin/wtmpconvert [-vnrp?h] input_file [output_file]
OPTIONS
Restore new format to old format. Verbose. Display lines while converting. Do not preserve contents of input file. Formatted print only.
Do not convert. (May be used with the -r option). Display usage message.
DESCRIPTION
The wtmpconvert command reads records from a connect time accounting file, such as /var/adm/wtmp, and converts the record format to the
updated struct utmp format. If no output file is specified or if the output file path is identical to the input file path, wtmpconvert
makes a backup copy of the original input file using the following algorithm: If filename.orig exists. Where n is a unique number.
The wtmpconvert command attempts to detect an input file that is in the wrong format (for example, input file is already a new format
file). A warning message is issued in this case, but conversion continues.
EXIT STATUS
Success. An error occurred.
EXAMPLES
To convert an old format accounting file to the new format: wtmpconvert /var/adm/wtmp.prev
Upon completion of this command, /var/adm/wtmp.prev will have been converted to the new format. The original /var/adm/wtmp.prev is
renamed to /var/adm/wtmp.prev.orig. To convert a wtmp file in new format to the old format: wtmpconvert -r /var/adm/wtmp
/var/adm/wtmp.old
FILES
Accounting header files that define the format for the login database file. The active login/logoff database files.
SEE ALSO
Commands: acct(8), acctcon(8), acctmerg(8), date(1), runacct(8)
Functions: getutent(3)
Files: utmp(4), wtmp(4)
wtmpconvert(8)