[-- Attachment #1: Type: text/plain, Size: 297 bytes --] As long ago as the 7th Edition, several binary log files were maintained: the file generated by acct(2) (one record per process) and the utmp and wtmp files (one record per login). Both of these are defined by structs in .h files, so they are definitely not portable (int sizes, endianism, etc.) [-- Attachment #2: Type: text/html, Size: 411 bytes --]
John Cowan wrote in <CAD2gp_SXHQSauT_VibXPvP6PWrFULiMFYkvfs5=YxjHYbHGPwg@mail.gmail.com>: |As long ago as the 7th Edition, several binary log files were maintained: |the file generated by acct(2) (one record per process) and the utmp and |wtmp files (one record per login). Both of these are defined by structs in |.h files, so they are definitely not portable (int sizes, endianism, etc.) And how did you handle it? On a very current GNU/Linux system these files grow indefinetely, and sometimes you find several megabytes that track years of data, and yourself writing (nonetheless quickshot) truncation code like #?0|kent:~# less bin/truncate-wutmp.sh #!/bin/sh - #@ /root/bin/truncate-wutmp.sh trap 'rm -f /tmp/.doit-${$}.*' EXIT cat >/tmp/.doit-${$}.c <<'_EOT' #include <utmp.h> #include <stdio.h> int main(){ printf("%lu\n", sizeof(struct utmp)); return 0; } _EOT cc -o /tmp/.doit-${$}.exe /tmp/.doit-${$}.c || exit 1 i=$(/tmp/.doit-${$}.exe) echo "struct utmp is ${i} bytes" cd /var/log s=$(stat -c '%s' wtmp) [ ${?} -eq 0 ] || exit 2 echo "wtmp size is ${s} bytes" ix=$((s / i)) echo "... that makes ${ix} utmp entries" [ ${ix} -gt 42 ] || exit 3 ix=$((ix - 42)) dd if=wtmp of=wtmp.new bs=${i} skip=${ix} || exit 4 mv wmtp.new wtmp chmod 0644 wtmp # s-sh-mode --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
[-- Attachment #1: Type: text/plain, Size: 946 bytes --] On Mon, Jul 5, 2021 at 9:42 AM Steffen Nurpmeso <steffen@sdaoden.eu> wrote: And how did you handle it? > The simplest way to truncate the file is with truncate or just ">file", since writes are small enough to be atomic. The sa utility, which also goes back to v7, will summarize process accounting data and write it to a different file; it can then report on either unsummarized data or summarized data before unsummarized data). Unfortunately Linux has broken the wtmp/utmp convention of "no logfile, no logging", so a cron job to truncate wtmp is your only man. John Cowan http://vrici.lojban.org/~cowan cowan@ccil.org Original line from The Warrior's Apprentice by Lois McMaster Bujold: "Only on Barrayar would pulling a loaded needler start a stampede toward one." English-to-Russian-to-English mangling thereof: "Only on Barrayar you risk to lose support instead of finding it when you threat with the charged weapon." [-- Attachment #2: Type: text/html, Size: 1971 bytes --]
John Cowan wrote in <CAD2gp_RLYVFx8CK6PAiSrPV8BvSrYHGiB2WPxQGJO=Bh-x3nRA@mail.gmail.com>: |On Mon, Jul 5, 2021 at 9:42 AM Steffen Nurpmeso <steffen@sdaoden.eu> wrote: | |And how did you handle it? | |The simplest way to truncate the file is with truncate or just ">file", |since writes are small enough to be atomic. The sa utility, which also Hm, ok, sure. I thought maybe, you know. Availability of some weeks or the quarter of a year is a good thing (tm). |goes back to v7, will summarize process accounting data and write it to a |different file; it can then report on either unsummarized data or |summarized data before unsummarized data). Unfortunately Linux has broken |the wtmp/utmp convention of "no logfile, no logging", so a cron job to |truncate wtmp is your only man. Too bad weather to make something out of that. The fruits of South Africa were so sweet that we hoped for a good summer. Well 2000 KM more southern it is, but that Island low pressure area now lies in front of Ireland i think, what a mess. Yes the script is not atomic, but good enough for very occasional usage by a logged in administrator. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Some of us have, literally for decades, been dealing with wtmp by rolling it weekly or monthly or quarterly or whatever, letting cron run something like cd /usr/adm # that's how long I've been doing this! umask 022 >wtmp.new ln wtmp wtmp.prev mv wtmp.new wtmp # also so long ago there was no seq(1) nums=`awk 'BEGIN {for (i = 12; i >= 0; i--) print i; exit}'` for i in $nums; do inext=`expr $i + 1` if [ -f wtmp.$i ]; then mv wtmp.$i wtmp.$inext fi done mv wtmp.prev wtmp.0 This really isn't rocket science. It isn't even particularly interesting UNIX history. Can we move on to something that IS interesting? Here are some things I find more interesting: 1. utmp came before wtmp: utmp(V) appears in the First Edition manual, wtmp(V) only in the Second. Apparently interest in who else is logged in right now predated interest in who has logged in recently. 2. Both files started out in /tmp. wtmp is first said to be in /usr/adm instead in the Fifth Edition manual, utmp in /etc in the Sixth. 3. The names /tmp/utmp and /tmp/wtmp appear to have been issued by the Department of Redundancy Department. I think it quite likely that Ken and Dennis would have been familiar with that joke once the recording containing it was issued in mid-1970, but I don't know whether utmp existed in some form before that. I see no sign of it in the fragments of PDP-7 source code we have (in particular init doesn't seem to use it), but what about later PDP-7 or very early PDP-11 code predating the late-1971 First Edition manual? Norman Wilson Toronto ON Not Insane