LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-01-2013, 06:08 PM   #1
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 203

Rep: Reputation: 27
Default rotation of logins log (/var/log/wmtp)


Hi everyone,
As you know, the last command reads the list of logins from the /var/log/wtmp file. Alternatively, one can specify another file using the -f option.
On my Debian Wheezy box I see 2 files, wtmp and wmtp.1 inside /var/log:
Code:
gacanepa@debian:~$ ls -lh /var/log | grep wtmp
-rw-rw-r-- 1 root        utmp     1.2M Oct  1 19:49 wtmp
-rw-rw-r-- 1 root        utmp     783K May 23 17:23 wtmp.1
The wtmp file contains the logins information from May 24th, 2013, up to today (October 1st, 2013), while the wtmp.1 contains the same information from May 23rd down to the date when I installed the system.
On another Linux box (Mint 14):
  • wtmp.1: from Sep. 1st to Sep. 30th
  • wtmp: starts on Oct. 1st (Today)
On yet another Linux box (CentOS 7):
  • Only wtmp: starts on the date when I installed the OS (April 2013) up to today.
So the question is, is there a way to customize the start and end dates of wtmp and when all of the logins information will be copied to wtmp.1?
In the Mint example, I installed that machine in late March of this year, but only the logins from Sep. 1 through Oct. 1 are available (considering both files). What if I want to see the logins prior to Sep. 1? Is that information lost?

Last edited by gacanepa; 10-01-2013 at 06:11 PM.
 
Old 10-01-2013, 06:19 PM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,688

Rep: Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259
There is usually a script included (run-parts on slackware) or a binary equivalent (logrotate on RH/CentOS) that can be used/run to do this.

You might check the debian distribution you are using, and see what it provides.
 
1 members found this post helpful.
Old 10-01-2013, 06:59 PM   #3
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 203

Original Poster
Rep: Reputation: 27
Quote:
Originally Posted by jpollard View Post
There is usually a script included (run-parts on slackware) or a binary equivalent (logrotate on RH/CentOS) that can be used/run to do this.

You might check the debian distribution you are using, and see what it provides.
Your answer pointed me in the right direction. I checked the /etc/logrotate.conf file and found the following in every system I mentioned earlier:
Code:
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}
Where (taken from man logrotate.conf):
missingok:
Quote:
If the log file is missing, go on to the next one without issuing an error message.
monthly:
Quote:
Log files are rotated the first time logrotate is run in a month (this is normally on the first day of the month).
create 0664 root utmp:
Quote:
Immediately after rotation (before the postrotate script is run) the log file is created (with the same name as the log file just rotated). Mode specifies the mode for the log file in octal (the same as chmod(2)), owner specifies the user name who will own the log file, and group specifies the group the log file will belong to. Any of the log file attributes may be omitted, in which case those attributes for the new file will use the same values as the original log file for the omitted attributes.
rotate 1:
Quote:
Log files are rotated 'x' times before being removed or mailed to the address specified in a mail directive. If 'x' is 0, old versions are removed rather than rotated.
In addition, in the CentOS box I found the minsize 1M directive, which means that it will only rotate the log files if the period is reached AND the log files are larger than the minsize specified.
Thanks a lot for taking the time to read and to point me in the right direction to find the answer to my own question (I marked your thread as helpful ).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] No /var/log/messages , syslog , kern.log -but cat /var/spool/octopussy/octo_fifo masuch Linux - Newbie 4 06-13-2012 08:05 PM
Record vsftpd logins in /var/log/wtmp vahab Linux - Server 5 04-14-2012 11:35 PM
How to change Debian log rotation of syslog and daemon.log onmountain Linux - Newbie 2 07-31-2008 02:27 AM
Can Samhain log my entries in /var/log/secure and /var/log/mesage to a central server abefroman Linux - Software 2 04-13-2008 04:13 PM
Log Rotation for snort log does not seem to be working CentOS4.5 JasonKretzer Linux - Security 3 06-25-2007 12:25 PM


All times are GMT -5. The time now is 10:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration