SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-16-2008, 10:34 AM
| ||||
| ||||
 Does /var/adm/wtmpx get cleared automatically? Is there a cron script or something similar which will clear /var/adm/wtmpx? I thought that the answer was no, but my SunFire 280R tells me that wtmp begins Mon Jul 23 01:10. Looking at the wtmp file from backup the day before that I see that the previous wtmp begins Thu Jul 19 01:23, and the one before that Wed Jul 11 09:10. My T1000 says wtmp begins Thu Nov 9 13:15. My X2200 says wtmp begins Fri Jun 8 12:07, which is about when I installed it. -- Dr Tristram J. Scott Energy Consultant      |
|
01-16-2008, 10:34 AM
| |||
| |||
| Re: Does /var/adm/wtmpx get cleared automatically? Tristram Scott <tristram.scott@ntlworld.com> wrote: > Is there a cron script or something similar which will clear > /var/adm/wtmpx? /usr/lib/acct/runacct will clear wtmpx on each run. Check adm's crontab if it runs above script I usually edit the runacct script not to clear wtmpx on every run. You might have to recheck the script after applying patches: @@ -163,14 +163,14 @@ mv ${_active} ${_active}${_date} exit 1 fi -closewtmp # fudge a DEAD_PROCESS for /var/wtmpx -cp ${_wtmpx} ${_nite}/${_date}.wtmpx -acctwtmp "runacct" ${_nite}/${_date}.wtmpx -nulladm ${_wtmpx} -utmp2wtmp # fudge active user from utmpx to wtmpx +#closewtmp # fudge a DEAD_PROCESS for /var/wtmpx +#cp ${_wtmpx} ${_nite}/${_date}.wtmpx +#acctwtmp "runacct" ${_nite}/${_date}.wtmpx +#nulladm ${_wtmpx} +#utmp2wtmp # fudge active user from utmpx to wtmpx echo "files setups complete" >> ${_active} -echo "WTMPFIX" > ${_statefile} +echo "CONNECT" > ${_statefile} ;; WTMPFIX) -- Daniel |
|
01-16-2008, 10:34 AM
| |||
| |||
| Re: Does /var/adm/wtmpx get cleared automatically? Daniel Rock <v200731@deadcafe.de> wrote: > Tristram Scott <tristram.scott@ntlworld.com> wrote: >> Is there a cron script or something similar which will clear >> /var/adm/wtmpx? > > /usr/lib/acct/runacct will clear wtmpx on each run. Check adm's crontab > if it runs above script > Thanks for that info. Neither root nor adm seem to be doing anything accounting related. Any other ideas? Root does this: 10 3 * * * /usr/sbin/logadm 15 3 * * 0 /usr/lib/fs/nfs/nfsfind 30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean #10 3 * * * /usr/lib/krb5/kprop_script ___slave_kdcs___ Adm does this: 10 1 * * * (cd /var/adm/sa/ && cd .adm && [ -x sadm ] && PATH=. sadm) >/dev/null 2>&1 & I'm wondering if perhaps someone has made themself at home on my system. -- Dr Tristram J. Scott Energy Consultant |
|
01-16-2008, 10:34 AM
| |||
| |||
| Re: Does /var/adm/wtmpx get cleared automatically? Daniel Rock <v200731@deadcafe.de> wrote: > Tristram Scott <tristram.scott@ntlworld.com> wrote: >> 10 1 * * * (cd /var/adm/sa/ && cd .adm && [ -x sadm ] && PATH=. sadm) >>>/dev/null 2>&1 & > > What does the script > /var/adm/sa/.adm/sadm > do? > Good question. The comment in the cron script looks like this: #ident "@(#)adm 1.5 92/07/14 SMI" /* SVr4.0 1.2 */ # # The adm crontab file should contain startup of performance collection if # the profiling and performance feature has been installed. # # Restarting scheduler daemon sadm(1M). 10 1 * * * (cd /var/adm/sa/ && cd .adm && [ -x sadm ] && PATH=. sadm) >/dev/null 2>&1 & (The lines are wrapped to fit usenet.) The file is executable, but not a script. This isn't something I have added, but then again, I don't see it enabled on my other systems. The man page doesn't seem to be where I would have expected it either. I was assuming that this was a generic piece of Solaris in a corner I have never investigated before. -- Dr Tristram J. Scott Energy Consultant |
|
01-16-2008, 10:34 AM
| |||
| |||
| Re: Does /var/adm/wtmpx get cleared automatically? Tristram Scott <tristram.scott@ntlworld.com> wrote: > Thanks for that info. Neither root nor adm seem to be doing anything > accounting related. Any other ideas? > > Root does this: > > 10 3 * * * /usr/sbin/logadm > 15 3 * * 0 /usr/lib/fs/nfs/nfsfind > 30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean > #10 3 * * * /usr/lib/krb5/kprop_script ___slave_kdcs___ That's reasonable for Solaris. > Adm does this: > > 10 1 * * * (cd /var/adm/sa/ && cd .adm && [ -x sadm ] && PATH=. sadm) >>/dev/null 2>&1 & This isn't normal. Sar processing is usually done by sys and with different commands. See http://docs.sun.com/app/docs for details. > I'm wondering if perhaps someone has made themself at home on my system. -- Geoff Lane, Airstrip One There is no gravity--The earth sucks! |
|
01-16-2008, 10:34 AM
| ||||
| ||||
| Re: Does /var/adm/wtmpx get cleared automatically? Lone Gaffe <news@buffy.sighup.org.uk> wrote: > Tristram Scott <tristram.scott@ntlworld.com> wrote: >> Thanks for that info. Neither root nor adm seem to be doing anything >> accounting related. Any other ideas? >> >> Root does this: >> >> 10 3 * * * /usr/sbin/logadm >> 15 3 * * 0 /usr/lib/fs/nfs/nfsfind >> 30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean >> #10 3 * * * /usr/lib/krb5/kprop_script ___slave_kdcs___ > > That's reasonable for Solaris. > >> Adm does this: >> >> 10 1 * * * (cd /var/adm/sa/ && cd .adm && [ -x sadm ] && PATH=. sadm) >>>/dev/null 2>&1 & > > This isn't normal. Sar processing is usually done by sys and with different > commands. See http://docs.sun.com/app/docs for details. Thanks for that. I have had an email from a very helpful Sun employee who pointed me at the following: http://sunsolve.sun.com/search/docum...=1-26-102802-1 It seems that a worm has snuck in. I'm guessing that this happened back in February in the couple of days between when this was announced and when I patched the machine. I'll need to check some old backups to confirm that this is the case. -- Dr Tristram J. Scott Energy Consultant |
Linear Mode
