Linux SysAdmin

Technology Beyond Infinity – Your guide to latest technology, software, Internet & computers and many more….. Let's compute with confidence !!!

Troubleshooting 

/var/log/lastlog size in GB or TB

LinuxSysAdmin 0 Comments ,

Why does the /var/log/lastlog file appear so huge (in GB or sometime in TB) on 64-bit machines?

# ls -lh /var/log/lastlog
-r--------  1 root root 1.2T Apr 5 7:26 /var/log/lastlog

This is because space is “allocated” ahead of time for all possible user IDs, which is about 232 users multiplied by 256 bytes for each login record, which is about 1.2 TB — more or less. The lastlog file is created as a “sparse file”, so only the chunks of the file that are used actually take up physical storage space. So all the space really isn’t allocated.
So if you du command, you can right size.

# du -sh /var/log/lastlog
14M     /var/log/lastlog

/var/log/lastlog is binary file and act as database times of previous user logins.

How to clear lastlog file?

You can clear the lastlog file by stopping rsyslogd

# systemctl stop rsyslog.service

# > /var/log/lastlog

# systemctl start rsyslog.service

last and lastb commands:

last or lastb command also use to display listing of last logged in users. To clear this, you need to clear wtmp/btmp.

# >/var/log/wtmp

# >/var/log/btmp

 

Leave a Reply

Your email address will not be published.