The Unix Heritage Society mailing list
 help / color / mirror / Atom feed
* [TUHS] Binary log files
@ 2021-07-05  2:53 John Cowan
  2021-07-05 13:41 ` Steffen Nurpmeso
  0 siblings, 1 reply; 5+ messages in thread
From: John Cowan @ 2021-07-05  2:53 UTC (permalink / raw)
  To: The Eunuchs Hysterical Society

[-- Attachment #1: Type: text/plain, Size: 297 bytes --]

As long ago as the 7th Edition, several binary log files were maintained:
the file generated by acct(2) (one record per process) and the utmp and
wtmp files (one record per login).  Both of these are defined by structs in
.h files, so they are definitely not portable (int sizes, endianism, etc.)

[-- Attachment #2: Type: text/html, Size: 411 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [TUHS] Binary log files
  2021-07-05  2:53 [TUHS] Binary log files John Cowan
@ 2021-07-05 13:41 ` Steffen Nurpmeso
  2021-07-05 15:12   ` John Cowan
  0 siblings, 1 reply; 5+ messages in thread
From: Steffen Nurpmeso @ 2021-07-05 13:41 UTC (permalink / raw)
  To: John Cowan; +Cc: The Eunuchs Hysterical Society

John Cowan wrote in
 <CAD2gp_SXHQSauT_VibXPvP6PWrFULiMFYkvfs5=YxjHYbHGPwg@mail.gmail.com>:
 |As long ago as the 7th Edition, several binary log files were maintained:
 |the file generated by acct(2) (one record per process) and the utmp and
 |wtmp files (one record per login).  Both of these are defined by structs in
 |.h files, so they are definitely not portable (int sizes, endianism, etc.)

And how did you handle it?
On a very current GNU/Linux system these files grow indefinetely,
and sometimes you find several megabytes that track years of data,
and yourself writing (nonetheless quickshot) truncation code like

  #?0|kent:~# less bin/truncate-wutmp.sh
  #!/bin/sh -
  #@ /root/bin/truncate-wutmp.sh

  trap 'rm -f /tmp/.doit-${$}.*' EXIT

  cat >/tmp/.doit-${$}.c <<'_EOT'
  #include <utmp.h>
  #include <stdio.h>
  int main(){
      printf("%lu\n", sizeof(struct utmp));
      return 0;
  }
  _EOT

  cc -o /tmp/.doit-${$}.exe /tmp/.doit-${$}.c || exit 1

  i=$(/tmp/.doit-${$}.exe)
  echo "struct utmp is ${i} bytes"

  cd /var/log

  s=$(stat -c '%s' wtmp)
  [ ${?} -eq 0 ] || exit 2
  echo "wtmp size is ${s} bytes"

  ix=$((s / i))
  echo "... that makes ${ix} utmp entries"

  [ ${ix} -gt 42 ] || exit 3
  ix=$((ix - 42))

  dd if=wtmp of=wtmp.new bs=${i} skip=${ix} || exit 4
  mv wmtp.new wtmp
  chmod 0644 wtmp

  # s-sh-mode

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [TUHS] Binary log files
  2021-07-05 13:41 ` Steffen Nurpmeso
@ 2021-07-05 15:12   ` John Cowan
  2021-07-05 19:25     ` Steffen Nurpmeso
  0 siblings, 1 reply; 5+ messages in thread
From: John Cowan @ 2021-07-05 15:12 UTC (permalink / raw)
  To: John Cowan, The Eunuchs Hysterical Society

[-- Attachment #1: Type: text/plain, Size: 946 bytes --]

On Mon, Jul 5, 2021 at 9:42 AM Steffen Nurpmeso <steffen@sdaoden.eu> wrote:

And how did you handle it?
>

The simplest way to truncate the file is with truncate or just ">file",
since writes are small enough to be atomic.  The sa utility, which also
goes back to v7, will summarize process accounting data and write it to a
different file; it can then report on either unsummarized data or
summarized data before unsummarized data).  Unfortunately Linux has broken
the wtmp/utmp convention of "no logfile, no logging", so a cron job to
truncate wtmp is your only man.

John Cowan          http://vrici.lojban.org/~cowan        cowan@ccil.org
Original line from The Warrior's Apprentice by Lois McMaster Bujold:
"Only on Barrayar would pulling a loaded needler start a stampede toward
one."
English-to-Russian-to-English mangling thereof: "Only on Barrayar you risk
to
lose support instead of finding it when you threat with the charged weapon."

[-- Attachment #2: Type: text/html, Size: 1971 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [TUHS] Binary log files
  2021-07-05 15:12   ` John Cowan
@ 2021-07-05 19:25     ` Steffen Nurpmeso
  0 siblings, 0 replies; 5+ messages in thread
From: Steffen Nurpmeso @ 2021-07-05 19:25 UTC (permalink / raw)
  To: John Cowan; +Cc: The Eunuchs Hysterical Society

John Cowan wrote in
 <CAD2gp_RLYVFx8CK6PAiSrPV8BvSrYHGiB2WPxQGJO=Bh-x3nRA@mail.gmail.com>:
 |On Mon, Jul 5, 2021 at 9:42 AM Steffen Nurpmeso <steffen@sdaoden.eu> wrote:
 |
 |And how did you handle it?
 |
 |The simplest way to truncate the file is with truncate or just ">file",
 |since writes are small enough to be atomic.  The sa utility, which also

Hm, ok, sure.  I thought maybe, you know.  Availability of some
weeks or the quarter of a year is a good thing (tm).

 |goes back to v7, will summarize process accounting data and write it to a
 |different file; it can then report on either unsummarized data or
 |summarized data before unsummarized data).  Unfortunately Linux has broken
 |the wtmp/utmp convention of "no logfile, no logging", so a cron job to
 |truncate wtmp is your only man.

Too bad weather to make something out of that.
The fruits of South Africa were so sweet that we hoped for a good
summer.  Well 2000 KM more southern it is, but that Island low
pressure area now lies in front of Ireland i think, what a mess.

Yes the script is not atomic, but good enough for very occasional
usage by a logged in administrator.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [TUHS] Binary log files
@ 2021-07-05 20:26 Norman Wilson
  0 siblings, 0 replies; 5+ messages in thread
From: Norman Wilson @ 2021-07-05 20:26 UTC (permalink / raw)
  To: tuhs

Some of us have, literally for decades, been dealing with
wtmp by rolling it weekly or monthly or quarterly or whatever,
letting cron run something like

	cd /usr/adm	# that's how long I've been doing this!
	umask 022
	>wtmp.new
	ln wtmp wtmp.prev
	mv wtmp.new wtmp
	# also so long ago there was no seq(1)
	nums=`awk 'BEGIN {for (i = 12; i >= 0; i--) print i; exit}'`
	for i in $nums; do
		inext=`expr $i + 1`
		if [ -f wtmp.$i ]; then
			mv wtmp.$i wtmp.$inext
		fi
	done
	mv wtmp.prev wtmp.0

This really isn't rocket science.  It isn't even particularly
interesting UNIX history.  Can we move on to something that IS
interesting?

Here are some things I find more interesting:

1.  utmp came before wtmp: utmp(V) appears in the First Edition
manual, wtmp(V) only in the Second.  Apparently interest in
who else is logged in right now predated interest in who has
logged in recently.

2.  Both files started out in /tmp.  wtmp is first said to be
in /usr/adm instead in the Fifth Edition manual, utmp in /etc
in the Sixth.

3.  The names /tmp/utmp and /tmp/wtmp appear to have been
issued by the Department of Redundancy Department.  I think
it quite likely that Ken and Dennis would have been familiar
with that joke once the recording containing it was issued
in mid-1970, but I don't know whether utmp existed in some
form before that.  I see no sign of it in the fragments of
PDP-7 source code we have (in particular init doesn't seem
to use it), but what about later PDP-7 or very early PDP-11
code predating the late-1971 First Edition manual?

Norman Wilson
Toronto ON
Not Insane

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-07-05 20:30 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-05  2:53 [TUHS] Binary log files John Cowan
2021-07-05 13:41 ` Steffen Nurpmeso
2021-07-05 15:12   ` John Cowan
2021-07-05 19:25     ` Steffen Nurpmeso
2021-07-05 20:26 Norman Wilson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).