Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

Urgent problem with wtmpx

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Urgent problem with wtmpx
# 8  
Old 04-02-2003
These proceses run every minute, 1-5:

Code:
* * * * 1-5  /usr/local/bin/dwz_call.sh         1> /tmp/call1.log 2>&1
* * * * 1-5 sh -c "/usr/users/sysmgr/bin/select_swift.sh"       > /dev/null
* * * * 1-5 csh -c "/usr/users/sysmgr/bin/sebfile_call.sh" 1>/tmp/call.log 2>&1
* * * * 1-5 csh -c "/usr/users/sysmgr/bin/more_call.sh"         > /dev/null

Perhaps one of them are attemping to 'call' out?

Neo
# 9  
Old 04-04-2003
Hi nero

These scripts that are running every minute is only internal data processes. Like a ftp or a move to another area. I did have the Hylafax free ware (fax software) activated.. but I stop that.. The modem is still connect to the Sun machine. As you can see that there are no faxmodem processes active..


Peter
# 10  
Old 04-04-2003
Interesting, thanks.

Can you post a few lines of the recent logfile showing the faxmodem entries?

Thanks, N
# 11  
Old 04-04-2003
I don't see any clues here for which version of SunOS you are running. That would be good to know.

wtmpx is Sun's extended version of wtmp. At some point they actually dropped wtmp and now just have wtmpx.

If you have both wtmp and wtmpx, you must truncate both roughly at the same time, with wtmp going first. The closewtmp routine will copy wtmp into wtmpx if it thinks it should.

The problem may well be on another box. These files record logins. If you are getting one entry per minute, then quite possibly some external box in logging into your system each minute. I would locate that box and get it to stop. But disabling the faxmodem account on the current system should stop it from succeeding. This could just push the problem to loginlog if that file exists. You really want the external box to discontinue logging in.
# 12  
Old 04-07-2003
I am using SunOs 8.1. Below I add the output from the Acctcom -b WTMPX file. What puzzles me is all the root console. Perderabo if I understand want what your saying. You think maybe a remote login could be causeing this problem??


Code:
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
 ë       root      console      01:00:00 01:00:00     0.08 3404.80    0.0000
           root      console      01:00:00 10:14:29  33269.76    0.01    0.00
faxmodem   root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      ?            11:08:00 11:08:00     0.01 146566.48    0.00
           root      ?            01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 06:36:12  20172.80 40376.32    1.41
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           root      console      01:00:00 01:00:00     0.01    0.01    0.00
           16711680  console      01:00:00 01:00:00     0.01    0.01    0.00
           root      ?            01:00:00 01:00:00     0.01    0.01    0.00

# 13  
Old 04-07-2003
Another possibility that comes to mind, seeing all the console and root entries, is the /etc/inittab file.

Perhaps something in inittab? Feel free to post it, since we have been working hand-in-hand so far Smilie
# 14  
Old 04-07-2003
Could you post the results of the command "uname -sv"? I'm still not clear on what OS you're using...

And "acctcom -b wtmpx" doesn't make sense. I get similar gibberish when I run it. What are you actually trying to do?
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Getting information from the wtmpx file

Hi, I tried running the command "last" in the server to check the users that were last logged into the system. However, I get this error : root@csidblog:# last /var/adm/wtmpx: Value too large for defined data type How do I proceed to get this info? I read some forums suggesting to use... (2 Replies)
Discussion started by: anaigini45
2 Replies

2. Solaris

wtmpx corrupted ? fix ...

Hi, saw couple threads about wtmpx corruption, I had this problem on many servers, last command was not working or displaying old output, found good information on a thread on this site and wrote a perl script to fix, thought it might help some people. I found that using wtmpfix I lost many... (0 Replies)
Discussion started by: yannm
0 Replies

3. Solaris

WTMPX File corrupted

Hi All I work on solaris 8, 9 and 10 platforms and have encountered an error which is my wtmpx files appear to be corrupted as all entries contain the date 1970 (the birth of unix). Now this is obviously not the case, so my query is: 1 - Can the existing wtmpx files be manipulated to... (6 Replies)
Discussion started by: drestarr96
6 Replies

4. Solaris

wtmpx file

What could possibly happen if wtmpx file got deleted by mistake? Thanks, (8 Replies)
Discussion started by: Pouchie1
8 Replies

5. UNIX for Advanced & Expert Users

wtmpx file is not updating

Hi in my solaris 9 system wmptx file is not updating so it is not recording any login or logout or any other entry. can any one tell me how to solve this problem (0 Replies)
Discussion started by: aaysa123
0 Replies

6. Solaris

wtmpx file is too big

Hi, I am using Sun Solaris 5.9 OS. I have found a file called wtmpx having a size of 5.0 GB. I want to clear this file using :>/var/adm/wtmpx. My query is, would it cause any problem to the running live system. Could anyone suggest the best method to clear the file without causing problem to... (6 Replies)
Discussion started by: Vijayakumarpc
6 Replies

7. UNIX for Dummies Questions & Answers

wtmpx file

Hello everybody: the wtmpx file on my Sol8 machine, got so big (2GB), that my root partition is almost full now, can I empty that file, I read about it that it contains database of user access and auditing, so in case I emptied it will it affect my system?? Thanks alot (3 Replies)
Discussion started by: aladdin
3 Replies

8. UNIX for Advanced & Expert Users

how to delete entry in file "wtmpx"(/var/adm/wtmpx)

Do someone know how to delete entry(some lines) in file "wtmpx" that command "last" use it. this file is binary so I cannot edit directy. ========================= #last root pts/1 noc Fri Mar 3 22:04 still logged in root pts/1 noc Fri Mar 3 22:01 - 22:02 ... (4 Replies)
Discussion started by: arm_naja
4 Replies

9. UNIX for Dummies Questions & Answers

help urgent problem

i accedently "deleted" all workspaces I have a black screen and dont know what to do solaris common desktop enviroment (1 Reply)
Discussion started by: ssshakir
1 Replies

10. UNIX for Dummies Questions & Answers

wtmpx

Platform sol 8 I had wtmpx growing very large(1.2 G). I copied the file and compressed it the did a "cat /dev/null > /var/adm/wtmpx" to zero out the file and not close any doors to any processes. (After searching this seemed like the right method) This is a box that gets accessed from other... (5 Replies)
Discussion started by: finster
5 Replies
Login or Register to Ask a Question