topic Re: Scripted wtmp input rejected as Binary file in Getting Data In

Scripted wtmp input rejected as Binary file

Flynt — Thu, 15 Mar 2012 21:21:28 GMT

I have a script that pulls wtmp information and saves it to ASCII files but Splunk still insists that my files are binary. In fact, any files I now put in the directory are now considered binary files and cannot be indexed! My config

[monitor:///mylogs/wtmp_logs]
disabled = false
sourcetype = wtmp
crcSalt =

Re: Scripted wtmp input rejected as Binary file

Flynt — Thu, 15 Mar 2012 21:22:58 GMT

The issue here is the wtmp sourcetype you have defined in the inputs.conf. Splunk will reject the wtmp sourcetype and consider the files binary. Changing the sourcetype to wtmp_log or wtmplogs will solve the issue and allow indexing of files within this directory.

Re: Scripted wtmp input rejected as Binary file

praveerg — Fri, 04 Apr 2014 22:09:19 GMT

Can i get the script to read wtmp file and converts in ASCII information.

Re: Scripted wtmp input rejected as Binary file

Flynt — Thu, 16 Apr 2015 12:44:48 GMT

If I recall correctly it was done in python calling the "last" command using subprocess.

See this article for some basic uses for "last".

http://www.linuxnix.com/2012/10/read-view-utmp-wtmp-btmp-file-linuxunix.html