Our root (/) partition is nearing 100% utilization and upon further investigation the wtmpx file is the main culprit. We need to trim or flush this file but we need to have a backup of this file for audit purposes.
Well from the wtmpx(1) man pages:
The utmpx and wtmpx files are extended database files that have superseded the obsolete utmp and wtmp database files. The utmpx database contains user access and accounting information for commands such as who(1), write(1), and login(1). The wtmpx database contains the history of user access and accounting information for the utmpx database.
If you really need this for your accounting, here are the steps to safely convert it to human readable and truncate it.
[email protected]# /usr/lib/acct/fwtmp < /var/adm/wtmpx > /tmp/wtmpx.orig [email protected]# cat /dev/null > /var/adm/wtmpx [email protected]# gzip /tmp/wtmpx.orig [email protected]# cp /tmp/wtmpx.orig.gz /var/adm/
There you have it a truncated wtmpx file with a full and zipped backup of the old wtmpx. I strongly recommend that you use wtmpx.<date> rather than wtmpx.orig if in case you need to truncate again in the future.
Below is the modified procedure making your backup wtmpx having a date on its filename:
[email protected]# /usr/lib/acct/fwtmp < /var/adm/wtmpx > /tmp/wtmpx.`date +%Y%m%d` [email protected]# cat /dev/null > /var/adm/wtmpx [email protected]# gzip /tmp/wtmpx.`date +%Y%m%d` [email protected]# mv /tmp/wtmpx.`date +%Y%m%d`.gz /var/adm/
Readers who found this post were searching for:
- solaris wtmpx
- wtmpx solaris 10
- wtmpx solaris
- solaris 10 wtmpx
- wtmpx file
- solaris wtmpx truncate
- how to read wtmp file in solaris
- wtmpx file solaris
- /var/adm/wtmpx solaris