WTMP file
ch...@mdanderson.org
We have a file named wtmp in our /var/adm directory that is logging an
ftp process. We have another system that continually ftp's to our
site and picks up a file. This is done about every 10 seconds all
day. Their ftp session is being logged in this wtmp file every time
they log on(every 10 seconds). We are running a RS/6000 J40 and just
upgraded to AIX 4.2.1. Can somebody tell me if there is a way to turn
off this logging, because this wtmp file grows rapidly and threatens
filling up our file system. Thanks in advance.
Chris Hale
Michael Wojcik
Having just blown a couple of hours poking around at the format of
arguments to setpriv() by snooping on the calls made by su, I'm thinking
of putting together a collection of notes - maybe even some man pages -
for undocumented AIX system calls and functions like getpriv/setpriv,
getproc, and so on. There are some brief references to several of them
in the AIX FAQ, and some source code examples, but I don't know of any
good single repository of information on them except the IBM Confidential
AIX manual that I used back when I worked in the monolith myself.
Of course, if someone else has already done this, I'd like to know.
Leaving that possibility aside, I'm soliciting contributions (via
posting or email) from anyone with information on undocumented AIX
system calls or library functions (in shipped libraries - I'm probably not
interested in third-party stuff).
That could include:
- names of undocumented syscalls/functions
- explanations of parameters
- notes about purpose and usage, including where they're used by standard
AIX programs or major third-party software (eg. WU-ftpd's use of
setpriv - which I already have, thanks)
- other source examples
- hints for investigating them (currently I read header files and other
source and snoop on processes using sctrace and dbx)
- pretty much anything else relevant
I'll also keep track of information regarding other undocumented AIX
interfaces, like the one used by crontab to tell cron to re-read the
crontab files (which I posted some information on a couple of years
back).
I already have WU-ftpd's use of setpriv, and the use of getproc and
getuser in monitor and similar programs.
Michael Wojcik m...@microfocus.com
AAI Development, Micro Focus Inc.
Department of English, Miami University
He described a situation where a man is there to feed a dog and the dog
is there to keep the man from touching the equipment.
-- Anthony F. Giombetti
Jason Cataline
Usually, removing the file will do the trick. If you clear the file,
but the file still exists, it will continue logging. If you remove it,
it should not get created. If all else fails, remove it and run
ln -s /dev/null /var/adm/wtmp
Jason Cataline
paulr
Good grief man! Have you considered writing a little c app to
open a socket between the two machines and just send he data
without FTP?? (We have great rates! :)
Yeah, I know that doesn't help you. I don't think there is any
way to avoid the wtmp file being hit when a user logs in, but you
can set up a cron job to zero the file every hour or so.
Check "at" in your man pages. or "crontab."
Yours,
-Paul
v2p...@us.ibm.com
You can use the fwtmp command found under /usr/sbin/acct if you want to
compress the file. ex:
/usr/sbin/acct/fwtmp < /var/adm/wtmp | tail -200 >/tmp/tmpfile
/usr/sbin/acct/fwtmp </tmp/tmpfile >/var/adm/wtmp
Hope this helps.
---Phil
In article <6e7gin$4...@lotho.delphi.com>,
-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/ Now offering spam-free web-based newsreading
Kent Squires
On Thu, 12 Mar 1998 10:31:30 -0600, v2p...@us.ibm.com wrote:
>You can use the fwtmp command found under /usr/sbin/acct if you want to
>compress the file. ex:
>
>/usr/sbin/acct/fwtmp < /var/adm/wtmp | tail -200 >/tmp/tmpfile
>/usr/sbin/acct/fwtmp </tmp/tmpfile >/var/adm/wtmp
>
>Hope this helps.
On that note, he could just filter out the ftp's:
/usr/sbin/acct/fwtmp < /var/adm/wtmp | grep -v ftp > /tmp/tmpfile
/usr/sbin/acct/fwtmp -ic < /tmp/tmpfile > /var/adm/wtmp
# you forgot the -ic :)