Maintain wtmp on AIX

/var/adm/wtmp on AIX maintains a list of past user sessions and information about the restart/shutdown of that particular system. While this file is normally very small in terms of file size, on an active box, this can grow if not properly maintained. You can use the “last” command to read wtmp, or export it to a text file for further processing with “fwtmp”. While you can simply redirect nothing into wtmp to empty it out “>/var/adm/wtmp”, it’s always a good idea to keep this file (or at least a backup) for security/auditing reasons.

Below is a simple script which will rotate the last 1000 entries in wtmp and discard the rest.

#!/bin/ksh 
#
# Maintain the last 1000 lines in /var/adm/wtmp
# and discard the rest.
#
if [ -s /var/adm/wtmp ]; then 
   /usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/wtmp.tmp 
   /usr/bin/tail -1000 /tmp/wtmp.tmp | /usr/sbin/acct/fwtmp -ic > /var/adm/wtmp 
   /usr/bin/rm /tmp/wtmp.tmp
else 
   continue 
fi

Run it out of crontab nightly or whenever suits you.

3 thoughts on “Maintain wtmp on AIX”

MarkSpizer on May 2, 2010 at 10:42 pm said:

great post as usual!

Reply ↓
Wordpress Themes on May 4, 2010 at 4:44 am said:

Nice post and this post helped me alot in my college assignement. Gratefulness you as your information.

Reply ↓
school grants on May 15, 2010 at 2:09 pm said:

I’ve recently started a blog, the information you provide on this site has helped me tremendously. Thank you for all of your time & work.

Reply ↓

kristijan.org

POWER | AIX | IaaS | Automation

Maintain wtmp on AIX

3 thoughts on “Maintain wtmp on AIX”

Leave a Reply Cancel reply