ANSWER: wtmp filling up fast... What are these entries?
- From: "Murphy, Sean" <Sean.Murphy@xxxxxxxxxxx>
- Date: Mon, 21 Aug 2006 04:47:52 -0500
Thanks for for all that replied.
It turned out that the rsh entries were not the problem, and indeed they
were due to a script running in crontab to push out files once per hour.
The real problem was due to a script that another engineer added to crontab.
The script which was taken from the fwtmp command man page, was meant to
strip away unnecessary entries from wtmp.
The script was somehow creating spurious entries and every time it ran it
was actually exponentially increasing the size of wtmp.
I have removed this now.
# cat wtmpcleanup
/usr/sbin/acct/fwtmp < /var/adm/wtmp >/tmp/dummy.file
cat /tmp/dummy.file | egrep -v "xvfb|adsm" > /tmp/dummy2.file
/usr/sbin/acct/fwtmp -ic < /tmp/dummy2.file > /var/adm/wtmp
rm /tmp/dummy.file
rm /tmp/dummy2.file
Sean
_____
From: Shawn Bierman [mailto:BiermanS@xxxxxxxxxxxxxxxxxxx]
Sent: 18 August 2006 14:57
To: Sean.Murphy@xxxxxxxxxxx; aix-l@xxxxxxxxxxxxx
Subject: Re: wtmp filling up fast... What are these entries?
We were getting a lot of these on one of our P690 LPARs. It was coming from
the PSSP control workstation. A reboot of the control workstation put it to
rest.
-shawn
"Murphy, Sean" <Sean.Murphy@xxxxxxxxxxx> 8/16/06 6:15 AM >>>
Hi Admin'ers
We have a server where the /var/adm/wtmp file is getting to 8GB over two or
three days.
The user logins to this server are about 10 - 20 per day. (i.e. via telnet
or ssh)
Does anyone know what these rshnnnnn logins represent. They seem to be
coming quick and fast!
root pts/1 <server> Aug 16 06:03 still logged in
root rsh1802398 <server> Aug 16 06:03 - 06:03 (00:00)
root rsh2535842 <server> Aug 16 06:03 - 06:03 (00:00)
root rsh1634346 <server> Aug 16 06:03 - 06:03 (00:00)
root rsh2347392 <server> Aug 16 06:03 - 06:03 (00:00)
root rsh2048232 <server> Aug 16 06:03 - 06:03 (00:00)
root rsh2548162 <server> Aug 16 06:03 - 06:03 (00:00)
root rsh2548160 <server> Aug 16 06:03 - 06:03 (00:00)
root rsh2548158 <server> Aug 16 06:03 - 06:03 (00:00)
root rsh1450196 <server> Aug 16 06:03 - 06:03 (00:00)
root rsh901242 <server> Aug 16 06:03 - 06:03 (00:00)
root rsh774594 <server> Aug 16 05:48 - 05:48 (00:00)
root rsh1233046 <server> Aug 16 05:48 - 05:48 (00:00)
root rsh774592 <server> Aug 16 05:48 - 05:48 (00:00)
root rsh2064400 <server> Aug 16 05:48 - 05:48 (00:00)
root rsh815300 <server> Aug 16 05:48 - 05:48 (00:00)
root rsh815298 <server> Aug 16 05:48 - 05:48 (00:00)
root rsh999502 <server> Aug 16 05:48 - 05:48 (00:00)
root rsh2486632 <server> Aug 16 05:48 - 05:48 (00:00)
root rsh1904676 <server> Aug 16 05:48 - 05:48 (00:00
TIA
Sean
- Prev by Date: Re: mkcd error - missing filesets
- Next by Date: Re: Adding a disk
- Previous by thread: mkcd error - missing filesets
- Next by thread: Can't remove tty0
- Index(es):
Relevant Pages
|
|
