how to clean /var/adm/wtmpx

Midgard mid.xinef at gmail.com
Mon Nov 24 15:25:09 EST 2008 

Hi,
Thanks at all for your responses, especial thanks to tanvirscna at yahoo.com,
rich.teer at rite-group.com, Robert.Legate at telus.com, jlaparram at pep.pemex.com,
scbeuttel at cox.net, tanvirscna at yahoo.com,
<tanvirscna at yahoo.com>cmorris at cs.odu.edu,
<tanvirscna at yahoo.com>kelallam at yahoo.com, hvjunk at gmail.com,
rodney.rodgers at osan.af.mil, sorrillo at jlab.org, dilip.raj at motorola.com,
phil.barr at citi.com.

the best recomendation is this: echo "" > /var/adm/wtmpx

but there are some ways to do that and also a good idea:

***** cat /dev/null > /var/adm/wtmpx

***** thanks for your procedure Steve
To be safe, I would do it this way:

  01. $ su root
  02. # cd /etc
  02.5 #cd /var/adm/
  03. # /usr/lib/acct/fwtmp < wtmpx > wtmpx.a
  04. # cp wtmpx.a wtmpx.a.bak
  05. # cat /dev/null > wtmpx.a
  06. # /usr/lib/acct/fwtmp -ic < wtmpx.a > wtmpx

... this leaves a human readable backup in ascii format
  named "wtmpx.a.bak", and an empty wtmpx in binary.



***** thanks Hendrik Visage
> what it's the best way to clean /var/adm/wtmpx

the "best" I've found for 9 & 10:

man logadm
vi /etc/logadm.conf and add:

/var/adm/wtmpx -A 1m -o adm -g adm -m 664 -p 1d -t '$file.old.%Y%m%d_%H%M'
-z 1

the run "logadm -v" as first run
(You'l notice that it will then add a -P '<date run>' to that line in
/etc/logadm.conf)

> I have a user that has 40 connections per min, and now I have a big log:
>  22K   /var/adm/utmpx
>  1.5G   /var/adm/wtmpx

:)
you might want to tune the -A & -p flags.
The -z will leave the last entry unzipped, thus you'll only see that
1.5G file compressed the second run a day later


thanks fot it
man logadm
vi /etc/logadm.conf and add:

/var/adm/wtmpx -A 1m -o adm -g adm -m 664 -p 1d -t '$file.old.%Y%m%d_%H%M'
-z 1

the run "logadm -v" as first run
(You'l notice that it will then add a -P '<date run>' to that line in
/etc/logadm.conf)



***** Thanks for the script  Dilip!
#        3  -        Error from dd detected
#
#   Notes:
#        This script will make a backup of your files in $TMPDIR
#        unless there is no truncation to be made, or there is an
#        error and it bails out.

# Directory to store the temporary copies of the files:
# (originally /tmp)
#TMPDIR=/tmp
TMPDIR=/backup

# Directory where the real files are stored:
# (originally /var/adm)
WDIR=/var/adm

# List of files with record sizes, used for the for loop
# (originally "wtmp:36 wtmpx:372")
FILES="wtmp:36 wtmpx:372"

# Number of records to keep if not modified by argument:
# (originally 60, or $1 if argument given)
KEEP=${1:-60}


case "$KEEP" in
    -*)
        # set skip size for negative arguments
        SKIP=`echo $KEEP | cut -c2-`
        ;;
    +*)
        # accept explicit positives
        KEEP=`echo $KEEP | cut -c2-`
        unset SKIP
        ;;
    *)
        unset SKIP
;;
esac

# get the proper values, since $FILES is customizable.
# these lines get the first entry in $FILES
WTMPFILE=`echo $FILES | cut -d: -f1`
WTMPSIZE=`echo $FILES | sed 's/^[^:]*:\([^ ]*\).*$/\1/'`

FILESIZE=`ls -lL $WDIR/$WTMPFILE | awk '{print$5}'`
                        # obtain thefilesize of w tmp
                        # for later calculations

NUMRECS=`expr $FILESIZE / $WTMPSIZE`        # Store the size of the
                                        # utmp file, in records

SKIP=${SKIP:-`expr $NUMRECS - $KEEP`}
                        # number of records to skip, based on
                        # $KEEP vs. number of records in the
                        # wtmp file.

if [ $SKIP -le 0 ]
then
    exit 1                # nothing to truncate
fi

for PAIR in $FILES        # Pair of filename and block size
do
    FILE=`echo $PAIR | cut -d: -f1`        # extract filename
    IBS=`echo $PAIR | cut -d: -f2`        # extract record size
cp $WDIR/$FILE $TMPDIR/$FILE        # copy original to tmp

    STATUS=$?
    case $STATUS in
        0)
            ;;
        *)
            echo "cp error #$STATUS, bailing out during $FILE." >&2
            exit 2
            ;;
    esac

    if [ $SKIP -ge $NUMRECS ]
    then
        > $WDIR/$FILE
  else
        dd  if=$TMPDIR/$FILE of=$WDIR/$FILE   ibs=$IBS skip=$SKIP 2>
/dev/null
                                        # do the truncation
    fi

    STATUS=$?
    case $STATUS in
        0)
            ;;
        *)
            echo "dd error#$STATUS, bailing out after $FILE." >&2
            exit3
            ;;
    esac

done

exit 0




*** thanks for your observation Pill!, about the  special file, I know that
this file is important,

I guess that with all your mails I'll chose the correct way for do it :)

Many thanks at all.

Regards
Mid.





Midgard wrote:

> Hi admins,
>
> what it's the best way to clean /var/adm/wtmpx
>
> I have a user that has 40 connections per min, and now I have a big log:
>  22K   /var/adm/utmpx
>  1.5G   /var/adm/wtmpx
>
> I want to do a backup for it, and then delete it,  is there a correct way
> to
> clean it??
> I thinking about do this:
>  echo "" > /var/adm/wtmpx
> or
> rm   /var/adm/wtmpx; touch /var/adm/wtmpx
>
> what do you mean about that?
>
> Thanks in advance
>
> Mid
> _______________________________________________
> sunmanagers mailing list
> sunmanagers at sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers

More information about the sunmanagers mailing list