Well we've got some problems with our utmp and wtmp files and just
going in and blindly editing them is a real nuisance. I'm running
Solaris 2.2 and I've tried the fwtmp program to get it into ascii
form. The problem being that it's hard to do on a live system. My real
confusion arrises in the fact that utmp isn't cleared out at boot
time. I understand wtmp staying around, but shouldn't utmp be cleared
out and have new timestamps and all put in it? Our machine thinks it's
been up 11 days and had 30 odd users when I had just rebooted the
beast this morning. It also has old entry pairs like this:
tcp PMN0 12481 6 0000 0000 753293191 Sun Nov 14 10:06:31 1993
zsmon PMO0 12482 6 0000 0000 753293191 Sun Nov 14 10:06:31
Can I just blow those away? Can I just blow utmp away and reboot? How
does one make sure utmp is clean when booting? Although we do stats
from wtmp, it's not as important since the stats are used as just
rough estimates. I deleted out the entries for the users who had been
in the utmp file through the reboot, and I hope that fixes it well enough.
Thanks for any and all hints/suggestions/pointers.
Richard Bainter Mundanely | System Analyst - OMG/CSD
Pug Generally | Applied Research Labs - U.Texas
Note: The views may not reflect my employers, or even my own for that matter.