/var/adm/wtmp on AIX maintains a list of past user sessions and information about the restart/shutdown of that particular system. While this file is normally very small in terms of file size, on an active box, this can grow if not properly maintained. You can use the “last” command to read wtmp, or export it to a text file for further processing with “fwtmp”. While you can simply redirect nothing into wtmp to empty it out “>/var/adm/wtmp”, it’s always a good idea to keep this file (or at least a backup) for security/auditing reasons.
Below is a simple script which will rotate the last 1000 entries in wtmp and discard the rest.
#!/bin/ksh # # Maintain the last 1000 lines in /var/adm/wtmp # and discard the rest. # if [ -s /var/adm/wtmp ]; then /usr/sbin/acct/fwtmp < /var/adm/wtmp > /tmp/wtmp.tmp /usr/bin/tail -1000 /tmp/wtmp.tmp | /usr/sbin/acct/fwtmp -ic > /var/adm/wtmp /usr/bin/rm /tmp/wtmp.tmp else continue fi
Run it out of crontab nightly or whenever suits you.