Nice! I never knew the 'fwtmp' command existed. Question though... if
the 'utmpx' file is the current 'user access and administration
information' and the 'wtmpx' is the history of that info, then what do
you do about the 'utmpx' file?

I'm not seeing how that file gets handled... is the content of that file
just subset so to speak of the wtmpx file? I ran the fwtmp command
below on both the utmpx and wtmpx files... with a 'tail -20' and looked
at the two outputs.

I would have thought that they would be pretty close to identical, but
they weren't. So that makes me think I'm not on track with how I think
the utmpx file is used. What am I missing, and should I need to worry
about the utmpx file at all if I use the below lines to manage the wtmpx
file?

Thanks a bunch!

-chris

Oscar del Rio wrote:
> Very wrote:
>
>> I am looking the tool to cut down utmp(x) / wtmp(x) posted by Markus
>> sometimes back but I could not find.
>
>
> Don't know which script that is, but "man fwtmp" should help.
>
> Example:
>
> % last
> (504 records)
> wtmp begins Mon Nov 1 15:32
>
> # Keep only last 100 records:
>
> % /usr/lib/acct/fwtmp < /var/adm/wtmpx | tail -100 | /usr/lib/acct/fwtmp
> -ic > /tmp/wtmpx
>
> # Test it
>
> % last -f /tmp/wtmpx
> (48 records)
> wtmp begins Sun May 8 12:09
>
> # cp /tmp/wtmpx /var/adm/wtmpx
>
>
> I've seen other solutions using dd to truncate the files since
> their records are of fixed size. google:"truncate wtmpx"


--
Chris Jones
(to email me, just take out the NOSPAM)

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B)
This email address may not be added to any commercial mail list with out
my permission. Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.