sarima@tdatirv.UUCP (Stanley Friesen) (01/23/91)
OK, now for a silly question. I am the adminsitrator of a SCO Xenix/286 system, and the system administrator documentation is rather limited. I have found that my wtmp file tends to grow without bound. This is annoying. Is there any clean way to trim it, short of the rather crude 'cat /dev/null > /etc/wtmp' approach. (I *do* know about cron, I just need to know what to put in it). -- --------------- uunet!tdatirv!sarima (Stanley Friesen)
dean@truevision.com (Dean Riddlebarger) (01/23/91)
In article <92@tdatirv.UUCP> sarima@tdatirv.UUCP (Stanley Friesen) writes: > >I have found that my wtmp file tends to grow without bound. >This is annoying. Is there any clean way to trim it, short of the rather >crude 'cat /dev/null > /etc/wtmp' approach. (I *do* know about cron, >I just need to know what to put in it). Noting that your mileage may vary on a Xenix system, our ISC systems all have a cron script called /etc/cleanup, and this script contains a very simple line: > /etc/wtmp The script runs out of cron every Sunday, which means that wtmp only gets a week of growth max. Now, as to cron, the line entry in the root crontab for this cleanup script is: 17 5 * * 0 /bin/su root -c "/etc/cleanup > /dev/null" Meaning, "at 5:17 a.m. on every Sunday run the /etc/cleanup script as root, and send any output on stdout into the bit bucket". On ISC UNIX the easiest way to set up all of this [assuming that the /etc/cleanup script had not been shipped with the OS] would be: [1] cd /tmp [2] crontab -l >root /* creates a copy of the root crontab file */ [3] add a line like the "17 5 etc." above using your favorite editor [4] crontab root /* resets cron with the new root file */ [5] create /etc/cleanup, with the "> /etc/wtmp" line and whatever else you want to do for additional administration This assumes that you are root while you do this. [You have to be careful with cron, it seriously looks at your UID in this flavor of System V. And, for all I know, all flavors...] Hopefully, someone with more Xenix experience can provide a more detailed posting on the vagaries, if any, of Xenix cron facilities. -- <:> Dean Riddlebarger "The bus came by <:> <:> Truevision, Inc. and I got on, <:> <:> [317] 841-0332 That's when it <:> <:> dean@truevision.com uunet!epicb!dean all began." <:>
rad@genco.bungi.com (Bob Daniel) (01/24/91)
In article <92@tdatirv.UUCP> sarima@tdatirv.UUCP (Stanley Friesen) writes: > >I have found that my wtmp file tends to grow without bound. >This is annoying. Is there any clean way to trim it, short of the rather >crude 'cat /dev/null > /etc/wtmp' approach. (I *do* know about cron, >I just need to know what to put in it). First of all, you only need to use '>/etc/wtmp' to clear out the file. To install it in cron, make this entry in /usr/spool/cron/crontabs/root... 0 2 * * 0 >/etc/wtmp Restart the cron or just reboot the system. This will clear the file at 2 AM every Sunday.
mike@bria.UUCP (Michael Stefanik) (01/24/91)
In article <92@tdatirv.UUCP> sarima@tdatirv.UUCP (Stanley Friesen) writes: >I have found that my wtmp file tends to grow without bound. >This is annoying. Is there any clean way to trim it, short of the rather >crude 'cat /dev/null > /etc/wtmp' approach. (I *do* know about cron, >I just need to know what to put in it). To do it with elegance and grace, how 'bout a little script: mv /usr/adm/wtmp /usr/adm/owtmp /usr/lib/acct/fwtmp </usr/adm/owtmp | tail | \ /usr/lib/acct/fwtmp -ic >/usr/adm/wtmp If you don't have fwtmp(1), then send me mail and I'll mail you back source. -- Michael Stefanik, Systems Engineer (JOAT), Briareus Corporation UUCP: ...!uunet!bria!mike -- technoignorami (tek'no-ig'no-ram`i) a group of individuals that are constantly found to be saying things like "Well, it works on my DOS machine ..."
bill@camco.Celestial.COM (Bill Campbell) (01/25/91)
In <92@tdatirv.UUCP> sarima@tdatirv.UUCP (Stanley Friesen) writes: >OK, now for a silly question. >I am the adminsitrator of a SCO Xenix/286 system, and the system administrator >documentation is rather limited. >I have found that my wtmp file tends to grow without bound. >This is annoying. Is there any clean way to trim it, short of the rather >crude 'cat /dev/null > /etc/wtmp' approach. (I *do* know about cron, >I just need to know what to put in it). >-- >--------------- >uunet!tdatirv!sarima (Stanley Friesen) This usually is caused by a flakey terminal connection, bad ground or some such. The Tandy DT-1 terminals (and I use the term loosely) would frequently cause this type of problem if they were turned off. The cable may be defective, improperly wired... You can usually identify the offending terminal by running 'strings' (in the Development System) on the wtmp file to see which tty is generating the spurious entries. You might also try 'tail' if you don't have the DevSys. -- INTERNET: bill@Celestial.COM Bill Campbell; Celestial Software UUCP: ...!thebes!camco!bill 6641 East Mercer Way uunet!camco!bill Mercer Island, WA 98040; (206) 947-5591
skwu@spot.Colorado.EDU (WU SHI-KUEI) (01/30/91)
In article <705@camco.Celestial.COM> bill@camco.Celestial.COM (Bill Campbell) writes: >In <92@tdatirv.UUCP> sarima@tdatirv.UUCP (Stanley Friesen) writes: > > >>OK, now for a silly question. Not at all silly > >>I am the adminsitrator of a SCO Xenix/286 system, and the system administrator >>documentation is rather limited. > > >>I have found that my wtmp file tends to grow without bound. >>This is annoying. Is there any clean way to trim it, short of the rather >>crude 'cat /dev/null > /etc/wtmp' approach. (I *do* know about cron, >>I just need to know what to put in it). >>-- >>--------------- >>uunet!tdatirv!sarima (Stanley Friesen) > >This usually is caused by a flakey terminal connection, bad >ground or some such. ...... If the complaint were about '/etc/utmp', Bill Campbell's analysis might well be correct. However, '/etc/wtmp' will grow forever on every system, and cat /dev/null > /etc/wtmp is as good as any other. I suppose one could read the whole file, close it, then re-open it and write only the last N structures as shown in Section 4 back. But why bother??
bbs@alchemy.UUCP (BBS Administration) (01/30/91)
About a year ago or so, someone posed this problem to the net. I decided
I was bored and wrote a program to handle just this problem. I think it's
pretty portable but I wrote it on my SCO Xenix '386 system so you may
want to examine the source before using it. I won't post it here since
this is not a "source code" newsgroup, but if anyone would like to
have a copy of my "wsize" program, just send me mail and it shall be
yours (it's quite small). I run it as a "root" crontask on the 1st and 15th
of every month and trim it so only the most recent 2500 records are
retained. It comes with a manual page, makefile, and one C program.
Cheers,
-- John
John Donahue, Senior Partner | UUCP: ucrmath!alchemy!{bbs, gumby} | The Future
Alchemy Software Designs | INET: {bbs, gumby}@alchemy.UUCP | Begins Now
-------------------+---------+------------------------------------+-----------
Communique On-line | +1-714-243-7150 {3, 12, 24, 96HST} Bps 8-N-1 | Next Wave:
Information System | Alchemy Software Designs Support System | Communiquerbj@uunet.UU.NET (Root Boy Jim) (01/30/91)
In article <338@alchemy.UUCP> bbs@alchemy.UUCP (BBS Administration) writes: >a copy of my "wsize" program... >... I run it as a "root" crontask on the 1st and 15th >of every month and trim it so only the most recent 2500 records are >retained. It comes with a manual page, makefile, and one C program. Tsk tsk, overkill. Howabout a range of 2000 to 3000 records? Try #! /bin/sh cd /usr/adm split wtmp set x?? /dev/null /dev/null /dev/null /dev/null shift `expr $# - 3` cat $* > xxx mv xxx wtmp rm -f x?? >John Donahue, Senior Partner | UUCP: ucrmath!alchemy!{bbs, gumby} | The Future > Alchemy Software Designs | INET: {bbs, gumby}@alchemy.UUCP | Begins Now -- Root Boy Jim Cottrell <rbj@uunet.uu.net> Close the gap of the dark year in between
rickert@mp.cs.niu.edu (Neil Rickert) (01/30/91)
In article <120587@uunet.UU.NET> rbj@uunet.UU.NET (Root Boy Jim) writes: >In article <338@alchemy.UUCP> bbs@alchemy.UUCP (BBS Administration) writes: >>a copy of my "wsize" program... >>... I run it as a "root" crontask on the 1st and 15th > >Tsk tsk, overkill. Howabout a range of 2000 to 3000 records? Try > > #! /bin/sh > cd /usr/adm > split wtmp > set x?? /dev/null /dev/null /dev/null /dev/null > shift `expr $# - 3` > cat $* > xxx > mv xxx wtmp > rm -f x?? Hey. That's neat. But what do we do if we have a 'split' that wants to break the file based on lines, and a 'wtmp' that doesn't contain lines? -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science <rickert@cs.niu.edu> Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940
clewis@ferret.ocunix.on.ca (Chris Lewis) (01/31/91)
In article <1991Jan30.124501.6670@mp.cs.niu.edu> rickert@mp.cs.niu.edu (Neil Rickert) writes: >In article <120587@uunet.UU.NET> rbj@uunet.UU.NET (Root Boy Jim) writes: >>In article <338@alchemy.UUCP> bbs@alchemy.UUCP (BBS Administration) writes: >>>a copy of my "wsize" program... >>>... I run it as a "root" crontask on the 1st and 15th >>Tsk tsk, overkill. Howabout a range of 2000 to 3000 records? Try >> >> #! /bin/sh >> cd /usr/adm >> split wtmp >> set x?? /dev/null /dev/null /dev/null /dev/null >> shift `expr $# - 3` >> cat $* > xxx >> mv xxx wtmp >> rm -f x?? > Hey. That's neat. But what do we do if we have a 'split' that wants to >break the file based on lines, and a 'wtmp' that doesn't contain lines? I wonder if he's tried this... Nifty trick with the set's. You must therefore have a version of UNIX that keeps wtmps in ASCII format. I didn't know that there was one. Another problem: on many systems where wtmp is held open all of the time (System V), the "mv" will result in the new wtmp not being written to at all, and /etc/init will continue to write to a file that's been unlinked - so you can't see it, but it's still there and growing. And finally, even if your version of split works on binaries (which I doubt), you have to make sure that split cuts on a record boundary. You can do the split with a loop using dd "skip" and "count" and "bs=" options. "bs" has to be a multiple of the wtmp record size. Grotty, slow, but it works. Unfortunately, you cannot replace the wtmp like this on System V, you either have to tell init to reopen wtmp (there's an accounting program that does this), or clobber it completely, ala: > wtmp On System V, you can turn on the accounting sufficiently that the wtmp pruner works properly, but the rest of the accounting (process accounting records) isn't being done, so you don't get accounting overhead. In some software we've written commercially, we first try to run the accounting stuff to clear the wtmp, only resorting to: cp /etc/wtmp /etc/wtmp.old > /etc/wtmp If the accounting software is obviously not managing to keep wtmp below a threshold (ie: accounting ain't there, or it ain't running). Actually, if my memory serves, the UNIX accounting software cuts it over like this, and arranges to process the old wtmps into more useful (and compact) forms, but still completely wipes the existing wtmp. -- Chris Lewis, Phone: (613) 832-0541, Internet: clewis@ferret.ocunix.on.ca UUCP: uunet!mitel!cunews!latour!ecicrl!clewis Moderator of the Ferret Mailing List (ferret-request@eci386) Psroff enquiries: psroff-request@eci386, current patchlevel is *7*.
rbj@uunet.UU.NET (Root Boy Jim) (01/31/91)
In article <1991Jan30.124501.6670@mp.cs.niu.edu> rickert@mp.cs.niu.edu (Neil Rickert) writes: >In article <120587@uunet.UU.NET> rbj@uunet.UU.NET (Root Boy Jim) writes: >>In article <338@alchemy.UUCP> bbs@alchemy.UUCP (BBS Administration) writes: >>>a copy of my "wsize" program... >>>... I run it as a "root" crontask on the 1st and 15th >> >>Tsk tsk, overkill. Howabout a range of 2000 to 3000 records? Try >> >> #! /bin/sh >> cd /usr/adm >> split wtmp >> set x?? /dev/null /dev/null /dev/null /dev/null >> shift `expr $# - 3` >> cat $* > xxx >> mv xxx wtmp >> rm -f x?? > > Hey. That's neat. But what do we do if we have a 'split' that wants to >break the file based on lines, and a 'wtmp' that doesn't contain lines? Harumph! Don't confuse the issue with facts :-) Mea culpa. Thank gods this wasn't unix-wizards, I'd never hear the end of it. You can use dd, believe it or not. Call the thing below "ctail" and invoke it as: ctail /usr/adm/wtmp 1000 36 36 is sizeof utmp #! /bin/sh #usage: ctail file count bs # count defaults to 100 # bs defaults to 1 # file=${1?"usage: $0 file [count=100] [bs=1]"} bs=${3-1} count=${2-100} chars=`wc -c < $file` recs=`expr $chars / $bs` skip=`expr $recs - $count` set $bs $count $skip dd < $file > $file.$$ bs=$1 count=$2 skip=$3 mv $file.$$ $file Throw in a couple of for loops and you've got a completely general binary splitter. OK, there is a moral to all this (besides being snooty :-). UNIX provides a rich set of tools. The shell is amazing. Only use C as a last resort. Tail -c is supposed to do what you want, but many versions have a limit when working relative to the front. Of course you can calculate where to start and use it in place of dd. My version is also susceptible to corrupted format. It should really compute backwards from the end. -- Root Boy Jim Cottrell <rbj@uunet.uu.net> Close the gap of the dark year in between
bill@camco.Celestial.COM (Bill Campbell) (01/31/91)
In <1991Jan29.182320.1489@csn.org> skwu@spot.Colorado.EDU (WU SHI-KUEI) writes: >In article <705@camco.Celestial.COM> bill@camco.Celestial.COM (Bill Campbell) writes: >> >>This usually is caused by a flakey terminal connection, bad >>ground or some such. ...... >If the complaint were about '/etc/utmp', Bill Campbell's analysis might >well be correct. However, '/etc/wtmp' will grow forever on every system, >and This is correct. My assumption was that there was a rapidly growing wtmp file (runaway terminal) rather than normal growth. I've seen many cases where a cable problem could fill a large hard disk overnight. -- INTERNET: bill@Celestial.COM Bill Campbell; Celestial Software UUCP: ...!thebes!camco!bill 6641 East Mercer Way uunet!camco!bill Mercer Island, WA 98040; (206) 947-5591
dave@galaxia.Newport.RI.US (David H. Brierley) (02/02/91)
In article <1991Jan29.182320.1489@csn.org> skwu@spot.Colorado.EDU (WU SHI-KUEI) writes: >... I suppose one could read the whole file, close >it, then re-open it and write only the last N structures as shown in >Section 4 back. But why bother?? Why? Because when I have a problem with a system I like to be able to look at that systems history, including a history of logins. If I need to look at the login history I dont want to know all of the logins since Sunday, I want to know all of the logins for at least the last two weeks. What I did was to write a program that allows you to extract either the last N days or the last N kbytes. It does not attempt to rewrite the wtmp file so you need to stick a shell script wrapper around it. I run it every day (or maybe every other day) at 3am from cron. If anyone is interested in the source send me e-mail and I will either mail it back or post it if there is sufficient interest. -- David H. Brierley Home: dave@galaxia.newport.ri.us; Work: dhb@quahog.ssd.ray.com Send comp.sources.3b1 submissions to comp-sources-3b1@galaxia.newport.ri.us %% Can I be excused, my brain is full. **
rbj@uunet.UU.NET (Root Boy Jim) (03/13/91)
> cat /dev/null > /etc/wtmp > >is as good as any other. No it's not. The best way to zero a file is ":>file", which works under sh, ksh, and csh. ">file" doesn't work under csh. -- [rbj@uunet 1] stty sane unknown mode: sane