(SCO) The default root crontab cleans out /usr/adm/sulog, /etc/wtmp and /etc/wtmpx on Sunday mornings. The script that does this is /etc/cleanup.
(Linux) Logrotate does the cleaning, so modify /etc/logrotate.conf.
(BSD) uses "newsyslog".
But if system accounting is on, "runacct" does this.
If your machine is used at the time this script is run, you will want to change the time in crontab. If you want more than 1 week's information in these files, you need to change its frequency or take it out all together.# grep wtmp /etc/cleanup
Having that run on Sunday is not ideal for forensics - "who logged in over the w
weekend?" is not an unusual question.
A good modification might be to output "last" to a file before cleaing it.
Got something to add? Send me email.