Re: bloated wtmp

To: Paul Slootman <paul@wau.mis.ah.nl>
Cc: debian-devel@lists.debian.org
Subject: Re: bloated wtmp
From: Craig Sanders <cas@taz.net.au>
Date: Thu, 22 Jan 1998 00:02:39 +1100 (EST)
Message-id: <[🔎] Pine.LNX.3.96.980121235532.32377F-100000@siva.taz.net.au>
In-reply-to: <[🔎] 19980121092341.34828@wau.mis.ah.nl>

On Wed, 21 Jan 1998, Paul Slootman wrote:

> On Tue 20 Jan 1998, Oliver Elphick wrote:
> 
> > My wtmp file was zeroed a week ago.  Since then, last shows 86
> > logins, but the wtmp file is now 14Mb.  It seems to be full of
> > entries which are apparently of type UT_UNKNOWN, INIT_PROCESS and
> > DEAD_PROCESS (if I am interpreting it right).
>
> OffTopic: In cases like this I sorely miss the SysV "who -a" option,
> that shows each entry, not just the logins. As there isn't any other
> method of displaying the utmp/wtmp files short of "od", such an option
> would be great.

rawtmp in the sac package may do what you want:

: RAWTMP(1)                                               RAWTMP(1)
: 
: 
: NAME
:        rawtmp - display wtmp entries in raw form.
: 
: SYNOPSIS
:        rawtmp  [-w  wtmp|-]  [-X[3|4]d]  [-s  start] [-e end] [-b
:        H:M:S]
: 
: DESCRIPTION
:        Rawtmp is a utility to dump the raw data in a wtmp or utmp
:        file  to the screen for viewing.  It may be useful to any
:        one who wishes to divine the nature of the data stored  in
:        the  wtmp or utmp files.  It may also be useful to extract
:        special wtmp entries  that  are  not  documented  anywhere
:        (like those netdate puts in the wtmp file).

$ rawtmp | tail
885019483 : LOGIN    [1 ] tty1                      [  334] LOGIN Process
885019483 : LOGIN    [5 ] tty5                      [  338] LOGIN Process
885019527 : XXXXX    [1 ] tty1                      [  334] User Process
885019656 : XXXXX    [p1] ttyp1    :0.0             [  416] User Process
885020033 :          [1 ] tty1                      [  334] Dead Process
885020034 :          [1 ]                           [  446] INIT Process
885020034 : LOGIN    [1 ] tty1                      [  446] LOGIN Process
885024356 : XXXXXX   [p2] ttyp2    :0.0             [  595] User Process
885201455 : ftp      [  ] ftpd2422 XXXXXXXXXXXXXXXX [24225] User Process
885201491 :          [  ] ftpd2422 XXXXXXXXXXXXXXXX [24225] Dead Process

(rawtmp doesn't put XXXXX in, i did for privacy reasons)

btw, i hacked sac and rawtmp for libc6 in nov or dec last year so it
works fine with glibc now...this was the last program i was waiting for
to upgrade my home internet gw/dialin box.

craig

--
craig sanders

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: bloated wtmp
  - From: Paul Slootman <paul@wau.mis.ah.nl>

Prev by Date: Re: packaging static lib oriented software
Next by Date: Re: socks enabled ssh
Previous by thread: Re: bloated wtmp
Next by thread: I Need Help!
Index(es):
- Date
- Thread