fwtmp manipulates connect-time accounting records by reading binary records in wtmp format from standard input, converting them to formatted ASCII records. The ASCII version is useful when it is necessary to edit bad records.
# fwtmp [-ic]
-ic : denotes that input is in ASCII form, and output is to be written in binary form.
Example to convert a binary record in wtmp format to an ASCII record called dummy.file, enter:
# fwtmp < /var/adm/wtmp > dummy.file
Example to convert an ASCII dummy.file to a binary file in wtmp format called /var/adm/wtmp, enter the fwtmp command with the -ic switch:
# fwtmp -ic <> /var/adm/wtmp
Note: Depending on your flavour of Unix, the file may be called wtmpx or wtmp.
fwtmp < /var/adm/wtmp > dummy.file
To get a list of all the failed logins in IBM AIX:
To read the file /etc/security/failedlogin, you need to use fwtmp:
# /usr/sbin/acct/fwtmp < /etc/security/failedlogin
To get information for a particular user:
# /usr/sbin/acct/fwtmp < /etc/security/failedlogin | grep username
/usr/sbin/acct/fwtmp < /etc/security/failedlogin