Re: many entries in wtmp every minute

From: Bill (bverzal_at_komatsuna.com)
Date: 03/30/04

• Next message: yls177: "Re: stopping cluster and stopping each server"
• Previous message: Bill: "Re: SSA RAID-10 questions"
• In reply to: Park Richard: "many entries in wtmp every minute"
• Next in thread: Park Richard: "Re: many entries in wtmp every minute"
• Reply: Park Richard: "Re: many entries in wtmp every minute"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: 29 Mar 2004 19:40:42 -0800

prichard@blm.gov (Park Richard) wrote in message news:<c93c03ca.0403291507.45563fdf@posting.google.com>...
> This is in response to a really old message. I ran into this last
> week when an SA reported that /var was filling up very fast. I found
> that the /var/adm/wtmp was the culprit and that lft was writing to it
> about 4 times a second. Since wtmp is a binary file I used the
> command /usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/dummy.file to
> create an ascii file.
>
> I called IBM and they said to remove an /etc/inittab entry that read
> "lft:2:respawn:/usr/sbin/getty /dev/lft0". I removed it using "rmitab
> lft" and /var/adm/wtmp quit getting the entries.
>
> I'm posting this becase there was never a final solution posted in the
> old thread.
>
> From: Burkhard Schultheis (bschultheis@tde-online.de)
> Subject: many entries in wtmp every minute, why?
> Newsgroups: comp.unix.aix
> Date: 2000/07/14
>
>
> On a AIX 4.3.3 machine we have many entries every minute (in the
> night,
> too) in /var/adm/wtmp. They read
> lft lft lft0 5 12850 0000 0000
> 959981281 Fr 2 Jun 23:28:01 2000
> lft lft0 8 12850 0000 0001
> 959981281 Fr 2 Jun 23:28:01 2000
> Any ideas?
> --
> Burkhard Schultheis
> Tele Data Electronic
> Wagnerstr. 10
> D-76448 Durmersheim
>
> Email: Burkhard.Schultheis@tde-online.de
> Phone: +49-7245-9287-21
> Fax: +49-7245-9287-30

I'd say it was because you set up CDE as a login, versus command line.

BV

---

• Next message: yls177: "Re: stopping cluster and stopping each server"
• Previous message: Bill: "Re: SSA RAID-10 questions"
• In reply to: Park Richard: "many entries in wtmp every minute"
• Next in thread: Park Richard: "Re: many entries in wtmp every minute"
• Reply: Park Richard: "Re: many entries in wtmp every minute"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: wtmp fills up ... It's not a question how to clean up wtmp, but why sshd is filling it up? ... (comp.security.ssh) Re: Converting Hexadecimal from a string variable to Decimal ... My experience with follow up posts is not very good. ... Actually what I am trying to do is to read a binary file and parse it. ... second char below. ... You have helped me numerous times, in most cases your response was ... (microsoft.public.dotnet.languages.vb) Re[2]: [PHP] reading linux wtmp file ... TR> wtmp is a binary file and the format can vary between old and new versions of ... TR> NOTE do not meddle with the wtmp file by opening it in anything other than ... This may help if you are on a newish Linux: ... (php.general) Thanks for the Responses ... Thanks to everyone who responded to my request for help in reading a ... C++-created binary file! ... Actually the response that solved the ... Thierry, I used your First Option, and finally the "logjam" was ... (comp.lang.ada) Re: wtmp ... '/var/adm/wtmp' is a binary file. ... The 'last' command parses 'wtmp'. ... > been a long tome since I had to do alot on aix ... (comp.unix.aix)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Newsgroups  > comp.unix.aix  > 2004-03