Dear friend
These files, which hold user and accounting information for such commands as last, who, write, and login
File btmps contains bad login entries for each invalid logon attempt. File wtmps contains a record for all logins and logouts apart from accounting records
wtmpfix
wtmpfix examines the standard input or named files in wtmps format, corrects the time/date stamps to make the entries consistent, and writes to the standard output. A - can be used in place of files to indicate the standard input. If time/date corrections are not performed, acctcon1 will fault when it encounters certain date-change records.
Each time the date is set, a pair of date change records is written to WTMPS_FILE. The first record is the old date denoted by the string old time placed in the line field and the flag OLD_TIME placed in the type field of the utmps structure. The second record specifies the new date, and is denoted by the string new time placed in the line field and the flag NEW_TIME placed in the type field. wtmpfix uses these records to synchronize all time stamps in the file. wtmpfix nullifies date change records when writing to the standard output by setting the time field of the utmps structure in the old date change record equal to the time field in the new date change record. This prevents wtmpfix and acctcon1 from factoring in a date change record pair more than once.
In addition to correcting time/date stamps, wtmpfix checks the validity of the name field to ensure that it consists solely of alphanumeric characters or spaces. If it encounters a name that is considered invalid, it changes the login name to INVALID and writes a diagnostic to the standard error. This minimizes the risk that acctcon1 will fail when processing connect accounting records.
thanks and regards
Sajjad Sahir
