Re: Disappearing entries in wtmp

• Previous message: Mogens Valentin: "Ipchains and smtp rule"
• Maybe in reply to: Praise: "Disappearing entries in wtmp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Praise <praisetazio@tiscalinet.it>
Subject: Re: Disappearing entries in wtmp
From: Scott Gifford <sgifford@suspectclass.com>
Date: 19 Nov 2001 16:10:16 -0500
Message-ID: <lyoflyv553.fsf@gfn.org>

Praise <praisetazio@tiscalinet.it> writes:

> Hello all,
>
> Everything is looking normal in my machine, but today I got this problem:
> entries are disapearing from wtmp.
> I run "last" when I saw that older entries I was used to see there was not
> any more. Then I run chkwtmp-1.0 and it said I got
> 2 deletions between Sat Nov 17 15:37:25 2001 and Sat Nov 17 17:09:31 2001
> 3 deletions between Sat Nov 17 19:53:39 2001 and Sat Nov 17 20:46:39 2001
> 42 deletions between Sat Nov 21:00:00 2001 and Sat Nov 17 23:57:53 2001

Are you sure this isn't simply logrotate(8) rotating out old entries?
On RedHat systems, it's run from cron in /etc/cron.daily/logrotate,
and uses /etc/logrotate.conf to control what it rotates; by default it
rotates lastlog and [uw]tmp. Not sure about Suse, but it would
surprise me if it didn't do something similar.

----ScottG.

• Previous message: Mogens Valentin: "Ipchains and smtp rule"
• Maybe in reply to: Praise: "Disappearing entries in wtmp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: wtmp filling up fast... What are these entries? ... I've used the fwtmp command to remove excessive logins from applications ... I have yet to read up on advanced accounting and auditing feature in ... I fixed some of my past problems with wtmp as follows: ... also many entries with invalid date stamps and missing fields. ... (AIX-L) many entries in wtmp every minute ... Since wtmp is a binary file I used the ... lft" and /var/adm/wtmp quit getting the entries. ... From: Burkhard Schultheis ... many entries in wtmp every minute, ... (comp.unix.aix) Re: last -t lists all entries in wtmp ... > For a monitor script I thought I'd use the -t switch of the last command ... since it will return all entries in wtmp regardless. ... seems that '-x' *also* gives the runlevel info; ... (Debian-User) Re: wtmp utmp ... please, just type this in a shell, and you will get what you ask for. ... If you find the files utmp, wtmp somewhere else, they can be empty, ... #2 dumb-ass me was watching the screen zip by too fast.Since the file read the most recent entries at the top; the command "last" in the shell was simply zipping down and displaying the earliest entry's. ... A simple last | more display all the entries I thought I was missing. ... (alt.os.linux.suse) Disappearing entries in wtmp ... Subject: Disappearing entries in wtmp ... entries are disapearing from wtmp. ... (Focus-Linux)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint