Last command displays wrong information


 
Thread Tools Search this Thread
Operating Systems Solaris Last command displays wrong information
# 8  
Old 07-30-2011
Might be worth a look at the raw records with the "fwtmp" command to make sure that they are from this year:
Code:
cat /var/adm/wtmpx | fwtmp | grep "boot"

Further to jlliagre the process turns itself off if there is not enought disc space and fails if the file reaches 2 Gb. Actually 6 Mb seems small unless there is little activity on the server or a maintenance script in place. It is possible for a badly written maintenance script to corrupt this file or disassociate this file from the active logging process or even change the permissions so that the logging process does not work.
Have you had a disc space crisis in the disc partition containing directory /var/adm ?
This User Gave Thanks to methyl For This Post:
# 9  
Old 07-31-2011
# df -h /var
Filesystem size used avail capacity Mounted on
/dev/md/dsk/d3 4.9G 2.9G 2.0G 60% /var

Possibly /var could be full or out of space when wtmpx and utmpx event logging happened.

---------- Post updated at 02:29 AM ---------- Previous update was at 01:32 AM ----------

Hi Bartus11
after performing the steps u mentioned it seems like wtmpx file got nullified and last reboot was giving this output,
# last reboot
wtmp begins Sun Jul 31 00:41
Thanks we have taken backup and i got my datas back.

---------- Post updated at 02:30 AM ---------- Previous update was at 02:29 AM ----------

Hi Bartus11
after performing the steps u mentioned it seems like wtmpx file got nullified and last reboot was giving this output,
# last reboot
wtmp begins Sun Jul 31 00:41
Thanks we have taken backup and i got my datas back.
# 10  
Old 08-04-2011
Hi,

Author of the ckwtmpx program mentioned above here.

Quote:
wtmpfix does actually fix truncated entries too
This is correct. However there were a couple of things that I found sub-optimal:

1. wtmpfix(1M) is too aggressive. I have a test corrupt wtmpx file as "found in the wild" of 6.7M. Processing with wtmpfix discards 6.3M of data. ckwtmpx on the other hand discards 742 _bytes_ and the resulting file certainly appears valid (it processes correctly with last(1) or fwtmp(1M), no errors, no truncation).

  • wtmpfix's re-alignment jumps forward by one record plus however many bytes remain after removing a complete number of records from the file (the residue in the source quoted above). ckwtmpx's strategy is to crawl forward byte by byte.
  • ckwtmpx's strategy to check "does this look like a valid record?" is less complex (strict?). See is_record_valid() in ckwtmpx.c (apparently I can't yet post URLs...).

2. wtmpfix doesn't show what was discarded. I was interested in trying to work out where the corruption was coming from (ckwtmpx -e error_file). This didn't help. I know it isn't always lack of disk, and it isn't LARGEFILE (which I once suspected). The 742 byte example I quoted above contains (almost) two corrupt "system down" records with far too many NULL bytes.

Any problems with ckwtmpx, suggestions, patches, please hit me by email, mcarpenter@free.fr. Thanks!
This User Gave Thanks to mcarpenter For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Create a shell script to gather user account information and displays the result to administrator

I want to create a shell script to gather user account information and displays the result to administrator. I have created a script but its showing all the information when i search for username like: amit@mx:~$ ./uinfo.sh amit Username : amit User Info ... (2 Replies)
Discussion started by: amit1986
2 Replies

2. Shell Programming and Scripting

Bash $(...) DISPLAYS EVERY COMMAND

I use things like this a lot in ksh and bash, but lately bash has been printing the command for every loop: ... | while read f do if then echo Differ "$f" fi done How to prevent this? (5 Replies)
Discussion started by: DGPickett
5 Replies

3. UNIX for Dummies Questions & Answers

Which of the following command displays your login shell in bash shell?

Options:: A)$shell B)echo $ bash C)echo $ O D)$ O (1 Reply)
Discussion started by: raghugowda
1 Replies

4. Shell Programming and Scripting

What's wrong with the following command?

Hi all, I'm trying to run the following command to get all files in one directory to another with the files' timestamps preserved, cp -p /logs/dvgbiau/batch/* /logs/dvgbiau/tmp_batch Note that ./batch and ./tmp_batch are two sub-directories under /logs/dvgbiau. The error was,... (1 Reply)
Discussion started by: isaacniu
1 Replies

5. AIX

Command last displays wrong hostname

I faced an interesting problem on my AIX servers. When I checked last logins with command last I saw that hostnames are wrong. Let say, I made login from workstation xxxxx and with the command last I saw: root pts/2 yyyyy 5 jan 15:38 still logged in Ping xxxxx and ping... (3 Replies)
Discussion started by: giovanni
3 Replies

6. UNIX for Advanced & Expert Users

xbindkeys giving wrong mapping information

Hello, I'm having a problem with xbindkeys giving the wrong mapping information, hence I can't get it work at all when trying new mappings from this machine. From another computer, I have some definitions for xbindkeys (made with xbindkeys-config). These key codes work correctly on this... (0 Replies)
Discussion started by: Narnie
0 Replies

7. UNIX for Dummies Questions & Answers

what is wrong with this command?

Hello, I try to using the below command to find out all the datafiles under "sja" direcotory. $ xargs -i find {} -type f -ls < sja /bin/ksh: sja: cannot open so can you tell me what is wrong? Thanks Jerry (3 Replies)
Discussion started by: GreatJerry
3 Replies

8. UNIX for Advanced & Expert Users

what is wrong with this find command

i am trying to find the files which are more than 100MB and it was created 10 days ago. find /lola/loaded -size +102400 -mtime -10 -print | xargs ls -ltr -rw-rw-r-- 1 lola_adm gdrmp 82054170 Jun 23 06:17 /lola/loaded/ILMEMBER20090622.txt -rw-rw-r-- 1 lola_adm gdrmp 652080494 Jun 24... (3 Replies)
Discussion started by: sudhiroracle
3 Replies

9. Shell Programming and Scripting

Is anything wrong with this command

Hi All, can anyone tell me what is wrong with this command. tail -f /opt/olr-logs/PaymentGateway.log | grep "DEBUG - Start! AkhtarPaymentGateway - generateChecksum" | awk '{print $13}' | sed 's/,//g'>> abc But I found nothing in the file abc Please do help me.or Provide me some... (8 Replies)
Discussion started by: akhtar.bhat
8 Replies

10. UNIX for Dummies Questions & Answers

Creating a file that contains output from a command, and then displays itself

hey, I'm trying to create the command that will create a file named user.txt that contains the output of the command cut -d: -f1,5 /etc/passwd, and displays itself afterwards. I don't know how to bridge cat > user.txt with cut -d: -f1,5 /etc/passwd, or how display it afterwards. Any help would... (2 Replies)
Discussion started by: raidkridley
2 Replies
Login or Register to Ask a Question