:(Dear Solaris Experts,
The file /var/adm/utmpx is steadily growing on our standbye Sun Sparc T5220 Solaris 10 server. I have tried everything such as the following steps without success:
root@rainbow # uname -a
SunOS rainbow 5.10 Generic_141444-09 sun4v sparc SUNW,SPARC-Enterprise-T5220
root@rainbow # cd /var/adm
root@rainbow # cp /dev/null utmpx # but size stays the same and growing
root@rainbow # cp /dev/null wtmpx # file size briefly came back to zero # before recovering
root@rainbow # ls -lt /var/adm | more
-rw-r--r-- 1 root root 24180 Apr 12 15:23 wtmpx
-rw-r--r-- 1 root root 364035476 Apr 12 15:23 utmpx
root@rainbow # /cat /etc/default/utmp
SCAN_PERIOD=300
root@rainbow # svcs utmp
STATE STIME FMRI
online 15:22:20 svc:/system/utmp:default
root@rainbow # svcadm disable utmpd
root@rainbow # svcs utmp
STATE STIME FMRI
disabled 15:59:44 svc:/system/utmp:default
In short, I am not able to turn off, or reduce the amount of auditing / login data
it is rapidly collecting. In fact, I can no longer log back on to it with the
following message after successful login using a non-root user from a general
multi-user mode telnet session:
login: george
Password:
No utmpx entry. You must exec "login" from the lowest level "shell".
<Your 'TELNET' connection has terminated>
Fortunately, it was possible to get back into this server in single-user maintenance mode as root on the Console. The only way to re-instate multi-user mode access is by rebooting this server but still not reduce the amount of auditing / login which will eventually fill up /var.
The strange thing is that our production (equivalent hardware) accessed extensive with the same SCAN_PERIOD is not experiencing this issue. I am not sure whether the standbye rainbow server has been split up to multiple zones has anything to do with it. ie rainbow being the global zone.
Your assistance would be much appreciated.
Thanks in advance,
George