Re: rsh messages and wtmp
- From: "Weinmann, Robert" <robert.weinmann@xxxxxxxxxxxx>
- Date: Wed, 30 May 2007 18:44:38 -0400
It can indeed be compressed. I run the following one-liner whenever /var
hits 90% full.
compress -c /var/adm/wtmp > /var/adm/wtmp.Z && > /var/adm/wtmp
It compresses at about 30 to 1.
-----Original Message-----
From: Davignon, Edward [SMTP:Edward.Davignon@xxxxxxxxxxxxxx]
Sent: Wednesday, May 30, 2007 1:31 PM
To: aix-l@xxxxxxxxxxxxx
Subject: Re: rsh messages and wtmp
I would suspect that many of us have the same dilemma with jobs that run
every minute attempting to log to some critical log file, like wtmp, that
auditors often do not allow to be altered.
Has anyone studied up on the new audit features of AIX 5.3? Is there a
fix in there? Is there a way to exclude certain accounts from logging to
wtmp? Isn't there a script when audit features are turned on to summarize
the information in wtmp so it can be reset? (Is that even an option?)
Could this file be rotated out and compressed? It should compress well
due to the highly redundant nature of repeated logins from the same
account.
Some of our machines use UC4 to transfer files around.
Edward.Davignon@xxxxxxxxxxxxxx <mailto:Edward.Davignon@xxxxxxxxxxxxxx>
Lead Analyst - Distributed Systems
Utility Shared Services - IT
Energy East Corporation
_____
From: IBM AIX Discussion List [mailto:aix-l@xxxxxxxxxxxxx] On Behalf Of
Robert Miller
Sent: Wednesday, May 30, 2007 10:58 AM
To: aix-l@xxxxxxxxxxxxx
Subject: Re: rsh messages and wtmp
I've been doing that, it's something that according to some new rules
being put in place that we may no longer be able to do, which is why I
need to find a solution ;)
Thanks for the idea though!
--rm
_____
From: IBM AIX Discussion List [mailto:aix-l@xxxxxxxxxxxxx] On Behalf Of
Davignon, Edward
Sent: Wednesday, May 30, 2007 6:23 AM
To: aix-l@xxxxxxxxxxxxx
Subject: Re: rsh messages and wtmp
You could use fwtmp and grep to trim wtmp on a regular basis.
Here are some commands from the fwtmp man page:
/usr/sbin/acct/fwtmp < /var/adm/wtmp > dummy.file
/usr/sbin/acct/fwtmp -ic < dummy.file > /var/adm/wtmp
Edward.Davignon@xxxxxxxxxxxxxx <mailto:Edward.Davignon@xxxxxxxxxxxxxx>
Lead Analyst - Distributed Systems
Utility Shared Services - IT
Energy East Corporation
Office Phone: (585) 771-4952
_____
From: IBM AIX Discussion List [mailto:aix-l@xxxxxxxxxxxxx] On Behalf Of
Robert Miller
Sent: Tuesday, May 29, 2007 6:32 PM
To: aix-l@xxxxxxxxxxxxx
Subject: rsh messages and wtmp
Folks,
We have a box that copies several files to other boxes via rcp using a
shell script. The script runs once a minute through cron.
This causes quite a few rsh messages in wtmp, which I have had to clear
out on a consistent basis. I have had the author of the script pare the
copies down to the bare minimum, which has helped, but I'm still in the
same boat - it just takes longer to fill up.
Unfortunately, NFS isn't really an option because we can't use hardmounts,
and the automounter has caused me more grief than I'd like to think about.
I'm also not really wild about the idea of having .netrc files sitting
around if I can avoid it - and I believe ftp would still cause an entry in
wtmp anyways.
Other than rolling off the wtmp file to tape every week or month (the rsh
messages take up 90+% of the wtmp file), does anyone have any ideas on how
to move these files around using a script, without causing a bunch of
messages in wtmp?
TIA,
--rm
- Prev by Date: Re: rsh messages and wtmp
- Next by Date: best way to replace text in a lot of files?
- Previous by thread: Re: rsh messages and wtmp
- Next by thread: best way to replace text in a lot of files?
- Index(es):
Relevant Pages
|
|
