Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

wtmpx

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers wtmpx
# 1  
Old 06-21-2004
wtmpx
Platform sol 8

I had wtmpx growing very large(1.2 G). I copied the file and compressed it the did a "cat /dev/null > /var/adm/wtmpx" to zero out the file and not close any doors to any processes. (After searching this seemed like the right method)

This is a box that gets accessed from other programs every 10 mins or so, which I expect that's why wtmpx grows so rapidly(1 gig in 2 months).

My question - is wtmpx just used for accounting (billing login time) and is it necessary to have or can it be disabled without any security issues? I know I can write a cron to clear it out(if this is the correct method) but if the box is not going to be used in an accounting way do I even need it to log this?
# 2  
Old 06-21-2004
wtmpx is used for more than accounting. I don't know what would happen if its missing, but I *think* that it would just be recreated.

A few commands that need it...

init
login
date
last
who

that's a lot of stuff to risk breaking.
# 3  
Old 06-21-2004
Should I save a copy before I "cat /dev/null " the file. If I need to keep a copy how can I read it and why? To check for security issues?

Also is this a proper method to clear the file and set up in a cron job?
# 4  
Old 06-22-2004
With any log file, I usually keep some stuff. So I might effectively do something like:

mv wtmpx.2 wtmpx.3
mv wtmpx.1 wtmpx.2
cp wtmpx wtmpx.1
> wtmpx

But actually, it's been years since I've done stuff like that. There are log rotation tools that are very good and they are available for free. I like newsyslog. But there are others. See Log Rotation Tool/Script for some options. We have many other threads on this topic. Use our search function.

You can read wtmpx files with "who" or "last". See the man pages.
# 5  
Old 06-22-2004
Thanks, I will give it a try.


You used "> wtmpx"....is this better/same as using " cat /dev/null >var/adm/wtmpx"?

Does it matter? (I know you have to leave the pipe open to the file else restart a process but other than that I'm in the dark).
# 6  
Old 06-22-2004
Both yield the same result. But
cat /dev/null > wtmpx
causes the shell to fork a copy of itself, open /dev/null, and exec the cat program. That's all needless activity.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Getting information from the wtmpx file

Hi, I tried running the command "last" in the server to check the users that were last logged into the system. However, I get this error : root@csidblog:# last /var/adm/wtmpx: Value too large for defined data type How do I proceed to get this info? I read some forums suggesting to use... (2 Replies)
Discussion started by: anaigini45
2 Replies

2. Solaris

wtmpx corrupted ? fix ...

Hi, saw couple threads about wtmpx corruption, I had this problem on many servers, last command was not working or displaying old output, found good information on a thread on this site and wrote a perl script to fix, thought it might help some people. I found that using wtmpfix I lost many... (0 Replies)
Discussion started by: yannm
0 Replies

3. Solaris

WTMPX File corrupted

Hi All I work on solaris 8, 9 and 10 platforms and have encountered an error which is my wtmpx files appear to be corrupted as all entries contain the date 1970 (the birth of unix). Now this is obviously not the case, so my query is: 1 - Can the existing wtmpx files be manipulated to... (6 Replies)
Discussion started by: drestarr96
6 Replies

4. Solaris

wtmpx file

What could possibly happen if wtmpx file got deleted by mistake? Thanks, (8 Replies)
Discussion started by: Pouchie1
8 Replies

5. UNIX for Advanced & Expert Users

wtmpx file is not updating

Hi in my solaris 9 system wmptx file is not updating so it is not recording any login or logout or any other entry. can any one tell me how to solve this problem (0 Replies)
Discussion started by: aaysa123
0 Replies

6. Solaris

wtmpx file is too big

Hi, I am using Sun Solaris 5.9 OS. I have found a file called wtmpx having a size of 5.0 GB. I want to clear this file using :>/var/adm/wtmpx. My query is, would it cause any problem to the running live system. Could anyone suggest the best method to clear the file without causing problem to... (6 Replies)
Discussion started by: Vijayakumarpc
6 Replies

7. UNIX for Dummies Questions & Answers

wtmpx file

Hello everybody: the wtmpx file on my Sol8 machine, got so big (2GB), that my root partition is almost full now, can I empty that file, I read about it that it contains database of user access and auditing, so in case I emptied it will it affect my system?? Thanks alot (3 Replies)
Discussion started by: aladdin
3 Replies

8. Solaris

stop wtmpx logging

Hello One of our applications initiates an ftp logon to itself twice every second ...(to check some files or something im not sure) but every time it does this it logs an entry into the wtmpx database, this file is now getting absolutely huge and whilst I know that I could implement some type of... (1 Reply)
Discussion started by: hcclnoodles
1 Replies

9. UNIX for Advanced & Expert Users

how to delete entry in file "wtmpx"(/var/adm/wtmpx)

Do someone know how to delete entry(some lines) in file "wtmpx" that command "last" use it. this file is binary so I cannot edit directy. ========================= #last root pts/1 noc Fri Mar 3 22:04 still logged in root pts/1 noc Fri Mar 3 22:01 - 22:02 ... (4 Replies)
Discussion started by: arm_naja
4 Replies

10. UNIX for Dummies Questions & Answers

Urgent problem with wtmpx

Hi everybody I have a problem with wtmpx. Accounting file. I activated it. It works but to well :( Writes the same message every minute. "faxmodem" As you can see it does not take to long until my /var file is soon full. Thanks Peter (26 Replies)
Discussion started by: Peterh
26 Replies
Login or Register to Ask a Question