How do you clear reboot history?
I don't mind a few lines of reboots, but this is getting rather long:
Last login: Tue May 24 11:24:31 2011 Rebooted at 10:14AM 03/25/10 2.6.18-164.el5 Rebooted at 11:13AM 04/22/10 2.6.18-164.el5 Rebooted at 10:54AM 06/01/10 2.6.18-164.el5 Rebooted at 16:19PM 08/12/10 2.6.18-164.el5 Rebooted at 17:02PM 08/16/10 2.6.18-164.el5 Rebooted at 10:38AM 08/19/10 2.6.18-164.el5 Rebooted at 10:46AM 10/05/10 2.6.18-164.el5 Rebooted at 13:21PM 11/11/10 2.6.18-164.el5 Rebooted at 17:35PM 12/15/10 2.6.18-164.el5 Rebooted at 18:55PM 02/16/11 2.6.18-164.el5 Rebooted at 14:01PM 02/17/11 2.6.18-164.el5 Rebooted at 14:27PM 02/21/11 2.6.18-164.el5 Rebooted at 10:57AM 05/23/11 2.6.18-164.el5 Rebooted at 11:05AM 05/23/11 2.6.18-164.el5 How can I clear (or reduce) the history that comes up when ssh to my host? |
You can just change the 'last reboot' in your profile to specify the number of entries you want to see. For example, 'last -n3 reboot'. You can change your /etc/logrotate.conf to reduce the rotation interval for /var/log/wtmp, if you just want to keep less data.
|
Thank you, but need more information. Where do I change 'last reboot' in my profile?
|
@ Reply
Hi there,
You can run the following commands to clear up the history: mv /var/log/wtmp /var/log/wtmp.old && touch /var/log/wtmp Remember this will clear up all history because you are renaming the file (wtmp is the file use to log reboot, login etc history) using the above command and at the same time you are creating a new one for future logging. chown root.utmp /var/log/wtmp && chmod 664 /var/log/wtmp The above command will change the ownership to root and group assignment to utmp for logging and at the same time assign rw-rw-r-- permission on /var/log/wtmp I hope this helps. |
Quote:
~/.bashrc ~/.bash_profile /etc/bashrc /etc/profile and the files in /etc/profile.d/ |
Thanks guys, but... Could not grep 'last reboot' (or variations) anywhere in those listed files (yes, using bash). And, followed T3RM1NVT0R advice, but it didn't fix it.
my.desktop% ls -ltr wtmp* -rw-rw-r-- 1 root utmp 812160 May 24 13:21 wtmp.old -rw-rw-r-- 1 root utmp 1536 May 24 14:24 wtmp Still getting the entire list of reboots when I ssh to my host. (using Putty btw) This is a corporate linux host. Can it be controlled by corporate policies? hmmm, anything else I can try? |
@ Reply
Hi Robert,
Well doing ssh via putty should not be an issue. I tried it once again on my RHEL and Linux Mint system and it worked perfectly fine. You can give a try by breaking down the commands. Run them in the following sequence and see if you still get the message: 1. mv /var/log/wtmp /var/log/wtmp.old 2. ls -l | grep /var/log/wtmp (just to make sure that the file has been renamed) 3. touch /var/log/wtmp 4. chown root.utmp /var/log/wtmp 5. chmod 664 /var/log/wtmp |
As root, run
/dev/null > /var/log/wtmp which effectively overwrites wtmp with nothing (/dev/null), leaving an empty wtmp file. You may get an error messages that says "permission denied". However, if you run "ls -l /var/log/wtmp" you will see that the file is empty. If the list of reboots still displays, then the history is not stored in wtmp. In an effort to find the offending log file, try this as root: find /var -type f | grep -i reboot or perhaps find /var -type f | xargs grep -i reboot |
T3RM1NVT0R:
No error, as you can see from the files listed, it worked. I used sudo to run the commands, as I do not have permissions as user. I have a new wtmp file that is 1.5k in size, compared with the old file that is 812k. my.desktop% ls -ltr wtmp* -rw-rw-r-- 1 root utmp 812160 May 24 13:21 wtmp.old -rw-rw-r-- 1 root utmp 1536 May 24 14:24 wtmp I can even view the wtmp.old file and see the binary that looks like it logged the reboots, while the new wtmp file doesn't have much in there yet. bigrigdriver: Tried find commands and found: my.desktop% sudo find /var -type f | grep -i reboot /var/cfengine/inputs/default/reboot_count/reboot_count.cf |
OMG found it. The key was the reboot_count.cf file. Which led me on a hunt through a few scripts with lots of variables. Finally found the trail.
Reboots are held in the file called /etc/motd.local. I replaced that file and it is now working. Thanks guys for the tips. Couldn't have found it without you! |
All times are GMT -5. The time now is 07:36 PM. |