Getting information from the wtmpx file


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Getting information from the wtmpx file
# 1  
Old 05-24-2019
Getting information from the wtmpx file

Hi,

I tried running the command "last" in the server to check the users that were last logged into the system.
However, I get this error :

Code:
root@csidblog:[/]# last
/var/adm/wtmpx: Value too large for defined data type

How do I proceed to get this info?
I read some forums suggesting to use the fwtmp tool, however, I/my company does not have official login to the Oracle website to download the package.

It is quite important.
# 2  
Old 05-24-2019
Assuming you are on solaris:
Can you write C code? getutxent -
man pages section 3: Basic Library Functions

provides a list of solaris calls to do what you need.

When you ask for help please tell us:
1. OS name and version
2. shell (like bash, ksh, tcsh, ...) that you use.
# 3  
Old 06-24-2019
This is certainly Solaris (Oracle means Solaris!).
And indeed this seems to be a FAQ, because the last command in Solaris is 32-bit, compiled without largefile support.
If the file reaches 2 GB size, it gets stuck...
Also there is no logrotation defined by default.
The problem is in Solaris 10 and older (don't know if it's solved in Solaris 11).

By experimenting I found a temporary fix: skip the oldest 100 entries:
Code:
dd if=/var/adm/wtmpx bs=744 skip=100 of=/var/adm/wtmpx.tmp
last -f /var/adm/wtmpx.tmp

If it works, copy the fixed file back
Code:
cp /var/adm/wtmpx.tmp /var/adm/wtmpx
rm /var/adm/wtmpx.tmp

How to add this to log rotation:
Solaris 9 and 10 (maybe Solaris 11?):
add the following line to /etc/logadm.conf
Code:
/var/adm/wtmpx -C 12 -c -p 1m -s 10m

or run the following command:
Code:
logadm -w /var/adm/wtmpx -C 12 -c -p 1m -s 10m

From now on it will every month check if the file is bigger than 10 MB and eventually rotate it to wtmpx.0 wtmpx.1 ... wtmpx.11.
To look at a rotated file, say wtmpx.0, you simply do
Code:
last -f /var/adm/wtmpx.0

For Solaris 8 you could append something to its rotation script /usr/lib/newsyslog...
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Wtmpx File Permissions Question

Hi all, I have been tasked to change permissions on the wtmpx file to 640. Currently the permissions are at 644. My question is will anything be affected if I change the permissions as shown? Thanks in advance. Derek (2 Replies)
Discussion started by: Derk Berk
2 Replies

2. Solaris

Something is removing/deleting my wtmpx file?

hi, we have a solaris 10 box that was handled by a different sysadmin before & now it is turned over to us for system administration. our concern is that if we issue the "last" command, it usually says "wtmp begins current day current month date 02:30". just like this "wtmp begins Thu Mar 7... (6 Replies)
Discussion started by: booghaw
6 Replies

3. UNIX for Advanced & Expert Users

Not logging ftp connections in /var/adm/wtmpx file (in last command output)

Hi all, I have F5 load balancer on my system and checking service status by opening an ftp session in every 30 seconds. These ftp sessions are being logged in /var/adm/wtmpx and filling up the file. when i run the last command most of the output is this ftp session. I was wondering if there is a... (1 Reply)
Discussion started by: cepxat
1 Replies

4. Solaris

WTMPX File corrupted

Hi All I work on solaris 8, 9 and 10 platforms and have encountered an error which is my wtmpx files appear to be corrupted as all entries contain the date 1970 (the birth of unix). Now this is obviously not the case, so my query is: 1 - Can the existing wtmpx files be manipulated to... (6 Replies)
Discussion started by: drestarr96
6 Replies

5. Solaris

wtmpx file

What could possibly happen if wtmpx file got deleted by mistake? Thanks, (8 Replies)
Discussion started by: Pouchie1
8 Replies

6. UNIX for Advanced & Expert Users

wtmpx file is not updating

Hi in my solaris 9 system wmptx file is not updating so it is not recording any login or logout or any other entry. can any one tell me how to solve this problem (0 Replies)
Discussion started by: aaysa123
0 Replies

7. Solaris

wtmpx file is too big

Hi, I am using Sun Solaris 5.9 OS. I have found a file called wtmpx having a size of 5.0 GB. I want to clear this file using :>/var/adm/wtmpx. My query is, would it cause any problem to the running live system. Could anyone suggest the best method to clear the file without causing problem to... (6 Replies)
Discussion started by: Vijayakumarpc
6 Replies

8. UNIX for Dummies Questions & Answers

wtmpx file

Hello everybody: the wtmpx file on my Sol8 machine, got so big (2GB), that my root partition is almost full now, can I empty that file, I read about it that it contains database of user access and auditing, so in case I emptied it will it affect my system?? Thanks alot (3 Replies)
Discussion started by: aladdin
3 Replies

9. UNIX for Advanced & Expert Users

how to delete entry in file "wtmpx"(/var/adm/wtmpx)

Do someone know how to delete entry(some lines) in file "wtmpx" that command "last" use it. this file is binary so I cannot edit directy. ========================= #last root pts/1 noc Fri Mar 3 22:04 still logged in root pts/1 noc Fri Mar 3 22:01 - 22:02 ... (4 Replies)
Discussion started by: arm_naja
4 Replies

10. UNIX for Dummies Questions & Answers

wtmpx

Platform sol 8 I had wtmpx growing very large(1.2 G). I copied the file and compressed it the did a "cat /dev/null > /var/adm/wtmpx" to zero out the file and not close any doors to any processes. (After searching this seemed like the right method) This is a box that gets accessed from other... (5 Replies)
Discussion started by: finster
5 Replies
Login or Register to Ask a Question