We are using a lot of ssh sensors that provide very helpful information, and so we poll our Unix machines frequently. Each such poll is registered as a "login" in the system's /var/log/wtmp file, which grows rapidly and without bound. On some of our servers, there is little free disk space on the root partition, so this does cause us problems.

Article Comments

Attention: This article is a record of a conversation with the Paessler support team. The information in this conversation is not updated to preserve the historical record. As a result, some of the information or recommendations in this conversation might be out of date.

Unfortunately this behavior depends on the linux distribution you are using.

You can circumvent the issue fine-tuning the logrotate-settings on the linux-system. The default-setting on many distribution is to rotate this file monthly and to keep one old file. This way you can reproduce logins for the last 30 - 60 days.

You can set up logrotate to rotate the file daily, compress the old data and keep the last 60 files. For example: default from the /etc/logrotate.conf /var/log/wtmp { missingok monthly create 0664 root utmp rotate 1 } can be modified to /var/log/wtmp { missingok daily create 0664 root utmp rotate 60 delaycompress dateext }

This will leave the current file (today) and the previous one (yesterday) uncompressed, compresses older files and adds a timestamp to the old file during rotation. Files older than 60 days are removed automatically.


Nov, 2014 - Permalink