Sunday, April 10, 2011

How do you trim the wtmp file so that it will contain only the data from the specified months?

ON All HP-UX operating Systems:

1. Run the following command to create an ASCII text file (/tmp/wtmp.txt ) from the binary wtmp file.

# /usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/wtmp.txt

2. Search for the specified months, and convert the filtered data into the Binary file.
Example of February, March, and April:

# egrep "Feb|March|April" /tmp/wtmp.txt | /usr/sbin/acct/fwtmp -ic > /var/adm/wtmp
Now /var/adm/wtmp will contain data only for February, March, and April, so the last(1) command will display only records for those months.

No comments: