'/var/log/wtmp' log file growth ...
When running the command 'last' (to show who is and was logged into the system and for how long) on one of the MySQL replication nodes, the output displays the following:
$ last
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:04 - 13:04 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:04 - 13:04 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/1 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/1 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/1 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/1 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/1 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/1 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/1 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/1 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/1 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/1 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:03 - 13:03 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:02 - 13:02 (00:00)
root pts/0 s9smgmthost.somedomain. Mon Jul 2 13:02 - 13:02 (00:00)
<snip>
Every minute there are ~32 entries (italicized above), or 1 connection per 2 seconds.
This appears to be user 'root' from the ClusterControl node logging in ... for less than a second. All of these entries pollute the output of the 'last' command. If I run an SSH command to another host (not fully logging in but running a command, for example, 'ssh hostname date') there is no entry logged to '/var/log/wtmp', though there is in '/var/tmp/secure' (where SSH connections are logged).
What is the requirement to log in from the ClusterContol node to the database node that requires a full log in for less than 1 second that cannot be accomplished with a simple SSH command between the nodes so that the '/var/tmp/wtmp' log file does not grow to >800MB per day?
Thank you.
John
-
Official comment
Hi
What version of cmon are you running? There have been improvement there in terms of how often we need to create ssh connections.
$ cmon --versionUnfortunately wtmp logging behavior depends on the linux distribution you are using. Each ssh connection that creates an interactive session is logged/tracked and as far as I know there is no way to disable that.
You can limit the size of wtmp log file using for example logrotate.
Please see this post for instructions https://severalnines.com/blog/clustercontrol-tips-tricks-wtmp-log-rotation-settings-sudo-user
Comment actions
Please sign in to leave a comment.
Comments
1 comment