From owner-freebsd-questions@FreeBSD.ORG Sat Oct 2 00:58:58 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 010F716A4CE for ; Sat, 2 Oct 2004 00:58:58 +0000 (GMT) Received: from smtp3.server.rpi.edu (smtp3.server.rpi.edu [128.113.2.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8756943D1D for ; Sat, 2 Oct 2004 00:58:57 +0000 (GMT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp3.server.rpi.edu (8.13.0/8.13.0) with ESMTP id i920wnJq021263; Fri, 1 Oct 2004 20:58:50 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20041001183944.W13734@zeus.davez.org> References: <20040213210413.T71247@admin1.mdc.net> <1311.66.243.145.38.1096668046.squirrel@www.l-i-e.com> <20041001183944.W13734@zeus.davez.org> Date: Fri, 1 Oct 2004 20:58:48 -0400 To: questions , freebsd-questions@freebsd.org From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-CanItPRO-Stream: default X-RPI-SA-Score: undef - spam-scanning disabled X-Scanned-By: CanIt (www . canit . ca) Subject: Re: /var/log/wtmp always reseting to 0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Oct 2004 00:58:58 -0000 At 6:52 PM -0400 10/1/04, questions wrote: >On Fri, 1 Oct 2004, Richard Lynch wrote: > >> man logrotate >> > > Probably the logs are getting rotated and old ones discarded. > > man logrotate does nothing On FreeBSD, the utility is called newsyslog. The entry would be in /etc/newsyslog.conf . You should have an entry in there for /var/log/wtmp, but all that will do is rotate the file. It isn't going to truncate it. >__________Snip Command Output_____ > $ cd /var/log > $ ls -al wtmp* > -rw-r--r-- 1 root wheel 308 Oct 1 18:34 wtmp > -rw-r--r-- 1 root wheel 0 Oct 1 05:48 wtmp.0 > -rw-r--r-- 1 root wheel 0 Oct 1 05:42 wtmp.1 > -rw-r--r-- 1 root wheel 0 Oct 1 05:36 wtmp.2 > -rw-r--r-- 1 root wheel 0 Oct 1 05:30 wtmp.3 > $ >_______End Snip__________________ Uh, it seems odd that all those files have a date of "Oct 1". newsyslog should only rotate the file once on any given day, not five times, once every six minutes. Did someone change the entry for newsyslog in /etc/crontab ? The only reference to newsyslog in /etc/crontab should look like: # Rotate log files every hour, if necessary. 0 * * * * root newsyslog -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu