manage the wtmp file


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers manage the wtmp file
# 1  
Here's a usefull perl script to trim the wtmp file,
in case it got too big, which happens sometimes, or got curropted (which also happens often).
You could learn from here how to parse the wtmp file...
but of course for just reading its content always simply use "last" like Neo said....

Hezki

Code:
#!/usr/bin/perl 
# (C)  Copyright 1993 Rahul Dhesi, All Rights Reserved
# ... except that permission is granted for copying and creation
# of derivative works under the same conditions as perl.

# $Header: /local/undoc/RCS/wtrim,v 1.13 1993/07/09 15:41:58 dhesi Exp $

# Trim the wtmp file to hold a specified number of records.
# This script is offered "as is", though it appears to work under SunOS 4.1.  
#
# <1>   Rahul Dhesi <dhesi@rahul.net>
# <2>   dhesi@cirrus.com
# <3>   cmc@srg-ssr.ch          solaris hacks
# <4>   sean@ch.swissbank.com   Added comments/tabs

# CAVEATS:
# 1. There are two race conditions; one is minimized by creating an
#    /etc/nologin file, whose creation causes the second race condition.
#    Search for 'RACE CONDITION'.
# 2. There is no check for the filesystem filling up while a temporary
#    copy of the wtmp file is made.

$myname = "wtrim.pl";
$default = "/var/adm/[wu]tmp[x]";

if (@ARGV != 2) {
   print <<EOF;
usage:  wtrim file count 

where file is:
        wtmp                    (SunOS 5.x, SunOS 4.x)
        wtmpx                   (SunOS 5.x)
        utmp                    (SunOS 5.x)
        utmpx                   (SunOS 5.x)

Approximately specified number (count) of records, taken from the 
end of $default are saved, 
and preceding records are trimmed.

The original $default file is renamed to $default.old.

Block size is calculated automatically from file name.
EOF
exit(0);
}

$wname = $ARGV[0];
$wanted = $ARGV[1];                     # how many records we want
#printf("%s\n", $wname);

# pathnames -- adjust as needed
$dd  = "/usr/bin/dd";                   # pathname of 'dd' program
$WTMP = "/var/adm/$wname";              # wtmp log file
$OLD_WTMP = "$WTMP.old";                # will save current wtmp here
$NEW_WTMP = "$WTMP.new.$$";             # new wtmp; will get renamed to $WTMP
$nologin = "/etc/nologin";              # for disabling logins
$nologin_new = "$nologin.new.$$";       # temp; will get renamed to $nologin

# scale factor, for using bigger block size than the native wtmp block size
$scale = 1000;

#printf("%s\n",$NEW_WTMP);

if ( $wname eq "wtmp" || $wname eq "utmp" ) {
        $bs = 36;                       # size of wtmp record in bytes
} elsif ( $wname eq "wtmpx" || $wname eq "utmpx" ) {
        $bs = 372;                      # size of wtmp record in bytes
} else {
        &exit("$myname: error: file unkown can't set block size: $!\n");
}

#printf("%d\n",$bs);

$tot_recs = (-s $WTMP) / $bs;           # total no. of records in log file
$skip = $tot_recs  - $wanted;           # records to skip
if ($skip < 0) {
   $skip = 0;
}

# Now we speed things up a little by scaling up the block size.  We may end
# up trimming a slightly fewer blocks.
if ($tot_recs > $bs * $scale) {
   $bs *= $scale;
   $skip = int ($skip / $scale);
}

# delete first to save disk space
unlink $OLD_WTMP;
# disable logins (just for a second)
if (! -e $nologin) {
   open (NOLOGIN, ">$nologin_new") ||
      &exit("$myname: error: can't write to $nologin_new: $!\n");
   print NOLOGIN <<EOF;
*************************************************
SYSTEM RECONFIGURATION -- TRY AGAIN IN ONE MINUTE
*************************************************
EOF
   close(NOLOGIN);
   if (! -e $nologin) {                 # RACE CONDITION
      $disabled = 1;
      rename ($nologin_new, $nologin);
   } else {
      unlink $nologin_new;
   }
}
# get needed records
system "$dd if=$WTMP bs=$bs skip=$skip >$NEW_WTMP 2>/dev/null";
# RACE CONDITION
link ($WTMP, $OLD_WTMP) || &exit("$myname: error: link failed: $!\n");
rename($NEW_WTMP, $WTMP) || &exit("$myname: error: rename failed: $!\n");

&exit();

sub exit {
   local($msg) = @_;
   # re-enable logins
   $disabled && unlink $nologin;
   unlink $NEW_WTMP;
   unlink $nologin_new;
   if ($msg) {
      print $msg;
      exit(1);
   }
   exit(0);
};

# END


Last edited by otheus; 02-26-2009 at 06:46 AM.. Reason: code tags added
 

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #503
Difficulty: Easy
The flow of control (or simply control flow) is how a program processes its instructions.
True or False?

8 More Discussions You Might Find Interesting

1. Tips and Tutorials

How to manage file names with special characters

One of the common questions asked are: how do i remove/move/rename files with special (non-printable) characters in their name? "Special" doesn't always mean the same. As there are more and less special characters, some solutions are presented, ranging from simple to very complicated. Usually a... (0 Replies)
Discussion started by: bakunin
0 Replies

2. AIX

wtmp file - is there a patch to export the data another file each day?

sorry for being a noob, i am trying to find which user accessed the server at what time and there ip address at first i used who command but the output didn't contain the ip address then i used the last command which provided me with the ip of the users but when i searched i searched and found that... (1 Reply)
Discussion started by: hercules_1010
1 Replies

3. AIX

Impacts of emptying /var/adm/wtmp file ?

In our operating procedures, if a workstation has a space problem in the /var filesystem, one of the most frequent case we were told is the size of the /var/adm/wtmp file. Someone once told me it is dangerous to do this. Is it ? I cannot say for certain that whomever wrote that procedure is... (2 Replies)
Discussion started by: Browser_ice
2 Replies

4. AIX

wtmp file

Hello everyone I have a problem with the file wtmp that is on /var/adm This file was not on this directory (adm). I try creating a new file with the correct rights (644) and owner (adm:adm) but It doesnt work. If I type the last command i get this last ora10g ... (4 Replies)
Discussion started by: lo-lp-kl
4 Replies

5. AIX

WTMP file cleared after upgrade

Hello, we recently upgraded from AIX 5.2.9 to 5.3.6 and in the process the wtmp file was cleared out. Before the upgrade the system had not been rebooted in a very long time, so i'm curious if the clearing of the file is related to the upgrade or the reboot? If it was related to the reboot is... (2 Replies)
Discussion started by: zuessh
2 Replies

6. Programming

Displaying fields in wtmp file?

Anyone have any idea on how to display the fields for each record stored in the wtmp file using C? Am I correct in thinking that the info stored in wtmp is in binary and that utmpx will be of some help? Being a beginner, I can come up with bits and pieces of what I might need in order to do the... (1 Reply)
Discussion started by: eclapton1
1 Replies

7. UNIX for Dummies Questions & Answers

wtmp

Hi, is it ok if i delete wtmp on HPUX 11 under /var/adm It is filling up that filesystem Cheers (2 Replies)
Discussion started by: dsharples
2 Replies

8. UNIX for Dummies Questions & Answers

Resetting WTMP?

When I type last oracle I get dates from Nov 28, 2000 all the way back to the beginning of time it seems. The 11-28-2000 entry states that Oracle is still logged in, but if you type a who, it shows only 1 entry - the currently logged in user (Me as oracle), but I logged in only minutes ago - and... (4 Replies)
Discussion started by: cuppjr
4 Replies

Featured Tech Videos