<div>
Hi,<br />
<br />
I have a script to truncate the wtmp file to a certain number of lines (5000 in the example below):<br />
<br />
LINES=5000<br />
/usr/sbin/acct/fwtmp &lt;&nbsp;/var/adm/wtmp &gt;&nbsp;/tmp/wtmp.full<br />
tail -n $LINES /tmp/wtmp.full &gt;&nbsp;/tmp/wtmp.short<br />
/usr/sbin/acct/fwtmp -ic &lt;&nbsp;/tmp/wtmp.short &gt;&nbsp;/var/adm/wtmp<br />
rm -f /tmp/wtmp.full /tmp/wtmp.short<br />
<br />
Truncating by days would require much more effort. Do you really need it?
</div>


<div>
I do.<br />
I have something similar to that as well but this is a specific request.
</div>


<div>
With <br />
<br />
/usr/sbin/acct/fwtmp &nbsp;&lt; /var/adm/wtmp<br />
<br />
do you see the last columns in this format:<br />
<br />
&nbsp;Mon Nov 10 18:26:38 <i>Timezone</i> 2014<br />
<br />
i.e. <i>exactly 6</i> fields from &quot;day of week&quot; to &quot;year&quot;? If you don't please post some sample lines!<br />
<br />
(I don't need that date for calculations, I just need a criterion to distinguish between logon and logoff records!)
</div>


<div>
If the format of the last columns (date/time in readable format) is as specified above try this:<br />
<br />
DAYS=90 # Number of days to be kept<br />
NOW=$(date &quot;+%s&quot;)<br />
SECS=$((DAYS*86400))<br />
CUT=$((NOW-SECS))<br />
/usr/sbin/acct/fwtmp &lt;&nbsp;/var/adm/wtmp &gt;&nbsp;/tmp/wtmp.full<br />
awk -v cut=$CUT '!/openacct/ {check=$7; if(NF&gt;13) check=$8; if(check&gt;cut) print}' /tmp/wtmp.full &gt;&nbsp;/tmp/wtmp.short<br />
/usr/sbin/acct/fwtmp -ic &lt;&nbsp;/tmp/wtmp.short &gt;&nbsp;/var/adm/wtmp<br />
rm -f /tmp/wtmp.full /tmp/wtmp.short
</div>


<div>
This is what it looks like.<br />
orastart orastart &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 5 426196 0000 0000 1324297901 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Mon Dec 19 07:31:41 EST 2011<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;orastart &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 8 426196 0000 0000 1324297963 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Mon Dec 19 07:32:43 EST 2011<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ctrmc &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 8 401604 0000 0000 1324297963 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Mon Dec 19 07:32:43 EST 2011<br />
orastart orastart &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 5 889028 0000 0000 1324297963 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Mon Dec 19 07:32:43 EST 2011<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;orastart &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 8 889028 0000 0001 1324297964 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Mon Dec 19 07:32:44 EST 2011<br />
startlaw startlaw &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 5 889030 0000 0000 1324297964 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Mon Dec 19 07:32:44 EST 2011
</div>


<div>
Do you really have a username in the first column of <b>each</b> line?<br />
<br />
Obfuscatiing host or IP is of course OK, but removing it entirely is heavily misleading. I hope you didn't do that.
</div>


<div>
Your posted output format given this is a clean solution:<br />

<pre><code class="code-1 nolinks" id="code-20-40433378-1"><span>#!/bin/ksh</span>
<span>DAYS=90 # Number of days to be kept</span>
<span>NOW=$(date &quot;+%s&quot;)</span>
<span>SECS=$((DAYS*86400))</span>
<span>CUT=$((NOW-SECS))</span>
<span>/usr/sbin/acct/fwtmp &lt; /var/adm/wtmp &gt; /tmp/wtmp.full</span>
<span>awk -v cut=$CUT '!/openacct/ {check=$(NF-6); if(check~&quot;[a-zA-Z.]&quot;) check=$(NF-7); if(check&gt;cut) print}' /tmp/wtmp.full &gt;/tmp/wtmp.short</span>
<span>/usr/sbin/acct/fwtmp -ic &lt; /tmp/wtmp.short &gt; /var/adm/wtmp</span>
<span>rm -f /tmp/wtmp.full /tmp/wtmp.short</span>
</code></pre>
</div>


<div>
I received the following error:<br />
&nbsp;<br />
<br />
Syntax Error The source line is 1.<br />
&nbsp;The error context is<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; !/openacct/ {check=$(NF-6); &gt;&gt;&gt;&nbsp; if($(NF-6)~[ &lt;&lt;&lt;<br />
&nbsp;awk: 0602-502 The statement cannot be correctly parsed. The source line is 1.
</div>


<div>
Worked Great!<br />
Thanks so much!
</div>


<div>
<div class="content wysiwyg-content">
I need a script to truncate the wtmp to 90 days. I can't use logrotate.<br />
Anyone have something similar out there?
</div>
</div>


I need a script to truncate the wtmp to 90 days. I can't use logrotate.
Anyone have something similar out there?

I need a aix script to truncate wtmp to 90 days from today. Can't use logrotate not allowed.

Unix is a multitasking, multi-user computer operating system originally developed in 1969 at Bell Labs. Today, it is a modern OS with many commercial flavors and licensees, including FreeBSD, Hewlett-Packard’s UX, IBM AIX and Apple Mac OS-X. Apart from its command-line interface, most UNIX variations support the standardized X Window System for GUIs, with the exception of the Mac OS, which uses a proprietary system.