How to truncate /var/adm/wtmp in AIX

/var/adm/wtmp contains login and logoff information in reverse chronological order.

The last command can be used to view the contents of wtmp.

An example of the output of last is shown below.

$ last
oracle    pts/2        200.254.1.207         Jun 29 15:36 - 15:44  (00:08)
oracle    pts/2        192.253.1.20          Jun 29 15:34 - 15:35  (00:01)
oracle    pts/2        192.252.1.20          Jun 29 15:32 - 15:34  (00:02)
oracle    pts/2        192.252.1.20          Jun 29 15:27 - 15:31  (00:04)
oracle    pts/0        192.252.1.14          Jun 29 15:16 - 18:08  (02:52)
root      pts/1        168.29.10.7           Jun 29 15:03 - 00:55  (09:51)
oracle    pts/0        211.251.1.14          Jun 29 14:50 - 15:15  (00:25)
oracle    pts/2        211.252.1.14          Jun 28 23:49 - 23:49  (00:00)
oracle    pts/2        211.252.1.14          Jun 28 23:48 - 23:48  (00:00)
oracle    pts/3        211.253.1.14          Jun 28 23:48 - 00:06  (00:18)
oracle    pts/2        211.251.1.14          Jun 28 23:46 - 23:48  (00:01)
oracle    pts/0        211.252.1.14          Jun 28 23:44 - 00:05  (00:20)
root      pts/0        176.29.10.7           Jun 28 23:00 - 23:01  (00:00)
root      pts/0        176.29.10.7           Jun 28 22:57 - 23:00  (00:02)
root      pts/0        176.29.10.7           Jun 28 21:44 - 22:55  (01:10)
root      pts/0        176.29.10.7           Jun 28 21:43 - 21:43  (00:00)
root      pts/0        176.29.10.7           Jun 28 21:41 - 21:41  (00:00)
oracle    pts/1        212.252.1.14          Jun 28 17:18 - 00:07  (06:48)

wtmp will need to be truncated periodically to prevent it from getting too big.

To do so use the fwtmp command as shown below.

/usr/lib/acct/fwtmp < /var/adm/wtmp > /tmp/wtmp.out
tail -500 /tmp/wtmp.out > /tmp/wtmp.small
/usr/lib/acct/fwtmp -ci < /tmp/wtmp.small > /var/adm/wtmp
rm /tmp/wtmp.out
rm /tmp/wtmp.small