SEO

HI,

I am looking the tool to cut down utmp(x) / wtmp(x) posted by Markus
sometimes back but I could not find.

Does anyone has it ? Please send the tool personally to my email.
Thanks.

Very wrote:
> I am looking the tool to cut down utmp(x) / wtmp(x) posted by Markus
> sometimes back but I could not find.

Don't know which script that is, but "man fwtmp" should help.

Example:

% last
(504 records)
wtmp begins Mon Nov 1 15:32

# Keep only last 100 records:

% /usr/lib/acct/fwtmp < /var/adm/wtmpx | tail -100 | /usr/lib/acct/fwtmp
-ic > /tmp/wtmpx

# Test it

% last -f /tmp/wtmpx
(48 records)
wtmp begins Sun May 8 12:09

# cp /tmp/wtmpx /var/adm/wtmpx


I've seen other solutions using dd to truncate the files since
their records are of fixed size. google:"truncate wtmpx"

Thanks. It works.

How to truncate the record base on number of days instead of number of
records ?

>>>>> Very <thecaspers@yahoo.com> writes:

> Thanks. It works. How to truncate the record base on number of
> days instead of number of records ?

If you carefully look at the output of fwtmp you'll find it contains
the timestamp in seconds-since-epoch format in columns 51-60, so you
can filter on that.

--
Stefan Jankowski
Sysadmin, University of Freiburg, CS Dpt.
s/spambucket//
s/dave\.null/${FORENAME}.${LASTNAME}/

Nice! I never knew the 'fwtmp' command existed. Question though... if
the 'utmpx' file is the current 'user access and administration
information' and the 'wtmpx' is the history of that info, then what do
you do about the 'utmpx' file?

I'm not seeing how that file gets handled... is the content of that file
just subset so to speak of the wtmpx file? I ran the fwtmp command
below on both the utmpx and wtmpx files... with a 'tail -20' and looked
at the two outputs.

I would have thought that they would be pretty close to identical, but
they weren't. So that makes me think I'm not on track with how I think
the utmpx file is used. What am I missing, and should I need to worry
about the utmpx file at all if I use the below lines to manage the wtmpx
file?

Thanks a bunch!

-chris

Oscar del Rio wrote:
> Very wrote:
>
>> I am looking the tool to cut down utmp(x) / wtmp(x) posted by Markus
>> sometimes back but I could not find.
>
>
> Don't know which script that is, but "man fwtmp" should help.
>
> Example:
>
> % last
> (504 records)
> wtmp begins Mon Nov 1 15:32
>
> # Keep only last 100 records:
>
> % /usr/lib/acct/fwtmp < /var/adm/wtmpx | tail -100 | /usr/lib/acct/fwtmp
> -ic > /tmp/wtmpx
>
> # Test it
>
> % last -f /tmp/wtmpx
> (48 records)
> wtmp begins Sun May 8 12:09
>
> # cp /tmp/wtmpx /var/adm/wtmpx
>
>
> I've seen other solutions using dd to truncate the files since
> their records are of fixed size. google:"truncate wtmpx"


--
Chris Jones
(to email me, just take out the NOSPAM)

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B)
This email address may not be added to any commercial mail list with out
my permission. Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.

Chris Jones wrote:
>
> Nice! I never knew the 'fwtmp' command existed. Question though... if
> the 'utmpx' file is the current 'user access and administration
> information' and the 'wtmpx' is the history of that info, then what do
> you do about the 'utmpx' file?

I don't think you have to worry about utmpx, "utmpd" is supposed
to maintain it