/var/adm/wtmpx file size control ?

Hi :)
The /var folder on our DNS server has reached > 90% capacity and is rising 1% a day. ls -ltr shows that the most current files are /var/adm/wtmpx and utmpx as well as lastlog and messages. Is it possible to cap the size of the wtmpx file, which seems to be the file that is growing the fastest ?
Regards
Annib
Solaris 8 on Sunfire 6800

Certainly, there are a couple of ways of doing this;
If you want to save the old data (and you might want to if its a firewall), you can always copy the wtmpx file to something else, and then copy /dev/null over wtmpx:
# cp /var/adm/wtmpx /var/adm/wtmpx.0
# cp /dev/null /var/adm/wtmpx
Then its of course a good idea to compress the old file.
If you don't want to save any data, just copy /dev/null to wtmpx.
A somewhat more complicated way of doing this is to hack the wtmx file and only save, for example, the 1000 last lines. This can be done with the /usr/lib/acct/fwtmp command.
The fwtmp command lets you export the wtmpx file to something human readable (and editable), which you then may edit and convert back into your wtmpx file.
However, there are a few bugs in this commands, so it will not work without the latest 'n' greatest fwtmp patch: 116943-02.

Similar Messages

  • How to limit /var/adm/wtmpx and /var/adm/lastlog

    Hi,
    As many others I have a problem too with these files growing indefinitely.
    I wanted to know if there is any system configuration or system program to limit or trim the size of these files.
    I am OK if the oldest records get purged, but I don't want these files to grow indefinitely.
    I appreaciate any suggestions and help.
    Thanks
    Srini

    I think the easiest would be to use 'dd' to copy the file to a temporary area and then back again:
    dd if=/var/adm/wtmpx of=/tmp/wtmpx.save bs=372
    dd if=/tmp/wtmpx.save of=/var/adm/wtmpx bs=372 skip=$number_of_blocks_to_skip
    The variable $number_of_blocks_to_skip is simply an arbitrary number you're comfortable with. You can build that up by using 'wc' to find the number of lines (blocks) in the file:
    wsize=`wc -l /var/adm/wtmpx | awk ' { print $1 } '`
    number_of_blocks_to_skip= `expr $wize - 1000` (this will ensure that the skip is until 1000 blocks from the end)

  • Getting lot of errors like :0x408 in /var/adm/messages file in Solaris 10

    Hi,
    Can anyone help me regarding the following errors being found in the /var/adm/messages file:
    Nov 24 03:36:07 x9ce1 :0x408
    Nov 24 03:36:07 x9ce1 dtcp: [ID 702911 kern.notice] WARNING GW (dtcp_klib.c,198) (53449,33458) (0xac120fd5,0xac126503)
    Nov 24 03:36:07 x9ce1 dtcp: [ID 702911 kern.notice] WARNING PS (ps_udp.c,415) Error ps_do_DB_PS_Udp_Placement
    Nov 24 03:36:07 x9ce1 :0x408
    Nov 24 03:56:06 x9ce1 :0x408
    Nov 24 03:56:06 x9ce1 dtcp: [ID 702911 kern.notice] WARNING GW (dtcp_klib.c,198) (55961,33458) (0xac120fd5,0xac126503)
    Nov 24 03:56:06 x9ce1 dtcp: [ID 702911 kern.notice] WARNING PS (ps_udp.c,415) Error ps_do_DB_PS_Udp_Placement
    Nov 24 03:56:06 x9ce1 :0x408
    The frequency of this error is very high and I wanted to find out what could be the reason behind its occurrence?
    Thanks.
    Any useful comments will be most welcome :)
    Jahan

    Check /etc/init.d/dtcp , i guess it would be copyrighted to fujitsu-siemens if its the fujitsu dtcp. You can also9 do a pkginfo -l SMAWdtcp, which seems to be the name of the fujitsu package. Hmm, odd name for a Fujitsu package.
    Actually i found the following Fujitsu bug:
    A0559315 Fix flood of messages like dml_send DB_PS_Udp_Con_Remove_List failed
    - caused by trying to send the message to a node that is down.
    .. which seems rather familiar.
    Its fixed with fujitsu patch 901199-08
    Other Fujitsu DTCP patches are
    901191-08 and 901244-01
    Note that to get Fujitsu patches you need a special account, once you have an account you can download them from http://patches.ts.fujitsu.com/

  • Finding Errors in /var/adm/messages file

    Hi,
    I am new to UNIX admin, i am going to write a script in such a way that it has to send a mail to root if any errors in /var/adm/messages file.
    Can any one please send useful links or sample script file?
    Thanks
    Ramesh

    http://www.sunfreeware.com/indexsparc9.html
    look for logsurfer+-1.7-sol9-sparc-local.gz package (there's one for solaris8 and Solaris10, too). Also, you can search on http://www.sun.com/bigadmin/home/index.html
    for these types of scripts.
    John

  • /var/adm/csalog file

    Hello -
    I'm looking for some sort of definitive answer to a dilema I am facing, which is whether the csalog generated on UNIX boxes by syslogd is actually needed for audit purposes or should the log files kept on the CSAMC be deemed authotitative?
    I have some Unix SA's that are rotating the /var/adm/csalog files based on the syslog.conf file and they are changing the permissions of the csalog file which of course is triggering alerts.
    Are these files redundant? Can I definitively say that any log file information I would need to satisfy an audit requirement could be found on the CSA MC?

    Make sure /var/adm/message is writable by root only (chmod 600) and restart syslogd (svcadm restart system-log)

  • /var/adm/messages file not updatiing

    Hi All!
    Can you pls help, I´m new into solaris, so I´ve got a problem, ever since I didi "> messages" inside the /var/adm/ direcotory the messages file does not update anymore.~
    I´ve done ps -ef ! grep syslogd, and the deamon is running. So pls can you help?
    regards
    F.R.

    Make sure /var/adm/message is writable by root only (chmod 600) and restart syslogd (svcadm restart system-log)

  • Export Options_Automatic Stacking and File Size control

    There is a big hang-up in work flow, and I'd assume it's the same for many professional photographers.
    It would be great to be able to Export an edited photo (tiff, psd, jpg, RAW), and during the export be able to specify maximum file size (as you can control in Photoshop's Save to Web command), and then also be able to have Lighroom automatically stack the exported image with the original.
    This is a big hang-up when you're finished editing multiple sized copies due to different media, and then you have the final web-sized image for your photo gallery. CUrrently, I have to go to Save to Web in Photoshop, and then save it to my desktop. Then I have to manually import that compressed jpg into Lightroom, and put it into the original library or collection.

    Yes, the ability to export to a given file size would be awesome for those of us who post many images to the web.
    Also, being able to export and automatically add the exported file to my catalogue (Same as when you edit in PS) stacked with the original, would really aid my workflow.

  • /var/adm/messages file empty

    Do not know the reason y messages file is empty already restarted the syslog daemon but still its showing empty .
    xxxxxxx# more /var/adm/messages
    xxxxxx#
    # ps -efo zone,pid,ppid,time,comm | grep syslog | grep global
    global 11861 1 00:10 /usr/sbin/syslogd
    svcs /system/system-log
    STATE STIME FMRI
    online Sep_10 svc:/system/system-log:default

    HI
    What happens if you type in :
    logger TEST
    Does it write it out to the file.
    Have you checked your /etc/syslog.conf file.
    Make sure it has tabs and not spaces between eg:
    *.debug /var/adm/messages

  • Scsi messages in /var/adm/messages file

    Hi,
    After open the /var/adm/messages i have the SCSI error messages:
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    Jul 8 15:45:13 kapttdw2 scsi: [ID 107833 kern.warning] WARNING: /ssm@0,0/pci@1a,600000/SUNW,qlc@1/fp@0,0/ssd@w5006048452a65588,2 (ssd129):
    Jul 8 15:45:13 kapttdw2 Corrupt label; wrong magic number
    bash-2.05$
    Please help me to correct this error
    Thank

    This issue on hostname `kapttdw2` seems to be the same as you reported in your other thread for hostname `kapttdw1`.
    [http://forums.sun.com/thread.jspa?threadID=5391935|http://forums.sun.com/thread.jspa?threadID=5391935]
    Perhaps you just need to label these disks (as you were advised for those other disks).
    Also, since these drives are in an EMC peripheral, you might consider opening a support case with that storage vendor and get advice from them.

  • Log file size

    We have a DNS Server running on solaris 9, it's generating huge logs hence /var/adm/messages file size is vey big. Is there any way to create seperate log file for everyday or can I restrict the log file size for a single file.
    Thank you

    Hmmm,
    For what type environment is this DNS server used for? How many domains/delegated domains are configured on the host?
    I think by default BIND allows 1000 recursive lookup connections. (That is already plenty and if you have that amount of legitimate traffic you will have to add more DNS servers and configure the nodes accordingly)
    Is the server listed as a Name Server for your domain and used externally for name resolution for your domain host entries, maybe the SOA?
    nslookup (enter)
    set type=ns (enter)
    you_domain_mane (i.e. your_domain.com) (enter)Or
    dig �q NS your_domain.com
    If the affected server returns in the list it is NEVER EVER a good idea to allow recursive lookups.
    My guess is that you are subject to denial of service, unless you host a fairly large environment with 1000s of hosts.
    Change the recursive-cient connection back (you system cannot handle 5000 recursive lookups and your system utilization shows this.)
    Then configure
    �category queries { your_query_file; };� In your namd.conf
    restart BIND
    Use �rndc� to change the trace level to 1
    Let it run for 2 -5 min and stop BIND entirely
    Then run something like:
    �cat your_query_file | cut -d'/' -f2 | sort | uniq �c | more� (depends on the log file format, better yet use nwak)
    take a quick look to see if there is one IP that is hammering your system.

  • Solaris 9 - INIT: Cannot create /var/adm/utmpx (System Hangs)

    Hello,
    I am unable to boot into solaris 9 after I did a init 0. I did init 0 because shutdown -y -g0 -i0 did not work.
    This is the error message I get
    Hardware watchdog enabled
    INIT: Cannot create /var/adm/utmpx
    INIT: failed write of utmpx entry:" "
    INIT: failed write of utmpx entry:" "
    INIT: SINGLE USER MODE
    Type control-d to proceed with normal startup,
    (or give root password for system maintenance):
    After it asks for the password it HANGS.
    I entered the password, but NOTHING HAPPENS.
    I can go into sc console though.
    I also rebooted using Solaris 9 cdrom in single user mode. Checked the filesystem using fsck, and no faults were found. I also tried creating a new /var/adm/utmpx file but that did not work too.
    Any help would be appreciated,
    Thank you,
    Jacob.

    Hello,
    Check for /var filesystem usage,if it is not mouted as seperate filesystem then check for "/" FS usage.
    There may be chances you get to have this problem if your FS is full.
    If everything normal then follow the below steps, which solved similar kind of issues in the past for me.
    Logon to the system and when you get prompt just run fsck on your root filesystem.
    Check /etc/vfstab file to ensure that you are running fsck on correct fs name.
    After completing fsck just say "reboot". The machine will boot normally.
    In b/w is this machine disks are mirrored?? if so then you may need to choose the disks carefully before you run fsck.
    thanks.

  • Email notification of warning messages generated in /var/adm/messages

    I�m using �mdmonitord� to periodically check status of my disks in RAID 1 (using Solaris Volume Management) If/when problem occurs the errors/warnings will be logged to[b] /var/adm/messages file. What do I need to configure/enable to monitor /var/adm/messages for particual WARNING messages and to notify me via email.
    Similar utility on LINUX is Logwatch: http://www2.logwatch.org:81/index.html

    Check /etc/init.d/dtcp , i guess it would be copyrighted to fujitsu-siemens if its the fujitsu dtcp. You can also9 do a pkginfo -l SMAWdtcp, which seems to be the name of the fujitsu package. Hmm, odd name for a Fujitsu package.
    Actually i found the following Fujitsu bug:
    A0559315 Fix flood of messages like dml_send DB_PS_Udp_Con_Remove_List failed
    - caused by trying to send the message to a node that is down.
    .. which seems rather familiar.
    Its fixed with fujitsu patch 901199-08
    Other Fujitsu DTCP patches are
    901191-08 and 901244-01
    Note that to get Fujitsu patches you need a special account, once you have an account you can download them from http://patches.ts.fujitsu.com/

  • Monitoring /var/adm/messages

    Hello to all,
    we are developing system for monitoring of the servers trough reading of the /var/adm/messages file.
    Since there are numerous messages in this file we are wondering what regular expressions to use in order to extract serious/critical alerts from this file.
    Does anybody have set of regular expressions to search for in this file for serious/critical events?
    Thanks in advance.
    Dejan

    Hi ,
    You can try to play whit /etc/syslog.conf . In this way you can made a filter for emergency and critical problem and redirect it to a specific file .
    For example , the following line will redirect all the the emargency and critical message to /var/adm/message.critical
    *.emerg;*.crit;* /var/adm/message.critical
    I hope this help to develop your tool
    xavier

  • /var/adm/messages regopen warning

    Hello,
    I am observing a warning message in the /var/adm/messages
    file of my Solaris 2.8 machine after I have run my application
    for several hours (under a load). The resulting behavior is that
    my application no longer responds to external requests and essentially
    appears to hang.
    The warning is the following:
    Aug 23 16:44:07 eas1nc2 reg: [ID 286125 kern.warning] WARNING: regopen: failed, attempted to open > 1000 streams
    Does anyone have any ideas as to what could be causing this
    as well as possible resolutions.
    Thanks in advance!!
    Brad

    Hello,
    Take a look at /etc/syslog.conf. I think that by deafult this file should contain two entries that make the system log into /var/adm/messages. Are there these entries?
    Bye,
    Joseba M. Iturbe

  • /var/adm/messages error

    Hi All,
    New to solaris
    I am getting the following error in the solaris 5.9 /var/adm/messages file.
    Mar 15 13:33:39 dxb01-sol-tfs in.routed[135]: [ID 798604 daemon.error] empty response from 10.1.251.4
    Is this any telnet related error or anything serious? Please advise
    Any help appreciated
    Rgds
    Najmal

    The first thing that you have to do is to snoop
    10.1.251.4 to see the traffic between localhost and
    that IP Address.Hi,
    Thanks veru much for the response.
    I have tried snoop and it gives the following message. What does this mean? Please help
    10.1.251.4 -> 10.1.255.255 RIP R (0 destinations)
    Rgds

Maybe you are looking for