[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Log files - large and queer

On Mon, Aug 30, 1999 at 06:30:29PM +1000, Brian May wrote:
> wtmp: I don't understand why it should be so large for 294 entries:
> snoopy# last | wc
>     294    2788   22522
> 
> Thats 26kb per entry!!! Really??? If this really is the case, please
> tell me why each record is so large...

More information.

last is displaying *ALL* entries that I would expect it to display.
However, it adds two extra lines to the bottom, so the space per entry
would actually higher then what I stated...

[530] [snoopy:bam] /tmp/wtmp >for i in *; do ls -l $i; last -f $i | wc; done
-rw-r--r--   1 bam      users      235776 Sep  1 10:46 wtmp
      4      25     192
-rw-r--r--   1 bam      users     1396992 Sep  1 06:52 wtmp.0
      5      37     271
-rw-r--r--   1 bam      users     8510592 Aug 31 07:44 wtmp.1
    302    2861   23140
-rw-r--r--   1 bam      users        3072 Jul 31 20:09 wtmp.2
      4      25     194
-rw-r--r--   1 bam      users      508800 Jul 31 07:28 wtmp.3
    312    2949   23910
-rw-r--r--   1 bam      users     5081472 Jun 30 23:21 wtmp.4
    527    5003   40465
-rw-r--r--   1 bam      users       10752 May 31 21:22 wtmp.5
     10      81     656

Summary of above:
-----------------------------------
|num|   bytes |entries| bytes/entry
+---+---------+-------+------------
| 1 |  235776 |     2 |     117,888
| 2 | 1396992 |     3 |     465,664
| 3 | 8510592 |   300 |      28,368
| 4 |    3072 |     2 |       1,536
| 5 |  508800 |   310 |       1,641
| 6 | 5081472 |   525 |       9,678
| 7 |   10752 |     8 |       1,344
-----------------------------------

Needless to say, I am rather alarmed at the first few entries. Almost
1.5 Mb just for 3 entries (yes, I have confirmed this)!!!

What on earth on going on here?

Is there something fundemental about wtmp files I do not understand.
I was under the impression (and the man page for wtmp seems to confirm
this) that wtmp is just a number of utmp records.

So what size *should* the record be? According to the man
page for wtmp, the utmp C structure is used. My C program,
attached, says:

[519] [snoopy:bam] ~ >gcc -g -Wall mytest.c -o mytest
[520] [snoopy:bam] ~ >./mytest
sizeof(struct utmp)=384

-- 
Brian May <bam@snoopy.apana.org.au>

/* compile with: gcc -g -Wall mytest.c -o mytest */

#include <stdio.h>
#include <utmp.h>

int main()
{
	printf("sizeof(struct utmp)=%d\n",sizeof(struct utmp));
	return(0);
}

Attachment: pgp7zgMr9Lz0h.pgp
Description: PGP signature

Reply to: