"thesoulcrusher" writes:

> I was wondering if there is a way to exclude a login from being logged
> by wtmp.. A coworker is running an ftp program that logs into our
> server at an interval of milliseconds, and it has caused our wtmp log
> to grow outrageous in size. When you do a last on the user, there is
> litterally millions of logs of his login sessions.

At that frequency, even the load caused by repeated password
verifications might be non-negligible.

Sounds like your coworker is polling some file, in a very stupid way.
If such frequent checks are truly necessary, it would be better to
keep the session open between attempts.

There might be other, smarter ways to fulfill your coworker's needs.
What exactly is he/she trying to achieve?

> I cannot seem to find anywhere through man pages or through threads, on
> how to releive such a problem

In the spirit of alt.sysadmin.recovery, I'd recommend finding a
suitable "Clue Installation Tool" and applying it to your coworker.
Repeat if necessary. :-D

--
Matti.Kurkela@welho.com

Thank you for your response,


He is running this program to check for new orders sent to our server
from our website.


I am not sure why he needs to keep logging in, according to him , his
program is written in microsoft .net 2005, and run from windows, and it
cannot keep the connection alive, it keeps connecting and
disconnecting....


I was just hoping to deal with the wtmp file for now until he fixes
that issue...

"thesoulcrusher" writes:

> He is running this program to check for new orders sent to our server
> from our website.

Is he going to process those orders in some way or just collecting
statistics?

There might be a way to make the ordering system notify him when
necessary, instead of this silly polling scheme.

If that isn't possible, you might consider using Samba to make the
orders directory viewable through the network, with appropriate
permissions.

> I am not sure why he needs to keep logging in, according to him , his
> program is written in microsoft .net 2005, and run from windows, and it
> cannot keep the connection alive, it keeps connecting and
> disconnecting....

I kind of suspect his program is made using a "cookbook" example and
he might not really have the skills to modify it.

One modification should be fairly simple, at least:
find out what is the equivalent of sleep() function (see "man 3
sleep") in his programming language of choice.

Then find out the structure that causes the program to keep retrying:
it should be a loop of some sort. Then convince him to add the sleep
function somewhere inside the loop, so that the program will spend a
while doing nothing before or after each check it makes.

If you can convince him that getting the information e.g. once in ten
minutes is enough, the program can sleep for 600 seconds after each check.
This does not completely remove the problem, but should reduce the
number of logins to tolerable levels.

> I was just hoping to deal with the wtmp file for now until he fixes
> that issue...

You might want to implement automatic wtmp log rotation and
pre-processing: make a script that copies the current wtmp to
a separate file, then truncates the wtmp file *immediately* after
that.

Then you can use the "last" command to output the content of
wtmp in a readable form, and use "grep -v" with a suitable search
pattern to filter your coworker's ftp logins out of the listing.
Then archive the result as required by your security/auditing
policies and delete the wtmp copy.

Make a crontab entry to do this at suitable intervals, and you're
done.

If you do this, be sure to use suitable options with the "last"
command so that you get all the possible information out of the wtmp
data, as the original information will be destroyed in the process.

This general approach would be useful every time there's a logfile
that contains data that needs to be archived, but also some repeating
useless information: by pre-filtering the known-useless information out,
your logs will be much smaller and easier to archive.

--
Matti.Kurkela@welho.com

Thank you all for your help

We did end up setting up a script to copy wtmp to another location,
then process the file, stripping the logins.. then saving it with the
date appended... and then obviously initializing the current wtmp file.

I was also thinking that setting up an apache webserver on my hpux box
would be better , and use an http share, rather than ftp... But
needless to say I am new to apache, I have installed it, but I dont
know how to configure it. I cant even get the service to startup, it
just hangs...

Anyone have a link to a good beginners guide to configuring apache?