Hi,
1) LAST LOGIN would always report on all users found in /etc/password or via NIS, with 00-00-00 indicating that there was no actual login.
These data are produced by /usr/sbin/acct/lastlogin, and later processed by prdaily.
2) These data come from wtmp. runacct will store them in a file "lineuse" (/var/adm/acct/nite/lineuse) which is also later processed by prdaily.
prdaily is not customizeable by flags or parameters, but since it is a script one could modify it.
This is by no means recommended, but possible.
ad 1)
Look at /usr/sbin/acct/prdaily for (somewhere near line 130)
if [ -z "$WFLAG" -a -z "$XFLAG" ]
then
pr -h "$HDR4" -3 ${_sum}/loginlog
else
pr -h "$HDR4" -1 ${_sum}/loginlog
fi
Just preceeding the above add the line
cat ${_sum}/loginlog | grep -v "^00-00-00" > ${_sum}/loginlog.tmp ; mv ${_sum}/loginlog.tmp ${_sum}/loginlog
ad 2)
Look at /usr/sbin/acct/prdaily for (somewhere near line 116)
(cat reboots; echo ""; cat lineuse) | pr -h "$HDR"
Change the above to
(cat reboots; echo ""; cat lineuse | grep -v "^ftp" | grep -v "^rsh") | pr -h "$HDR"
Please be aware that the displayed TOTAL will no longer be correct (as it is already contained in lineuse). Maybe you should grep it out.
If you don't need the tty/pty report at all, comment out the whole line
Please let me repeat -
Make the above changes only (only!) if you know what you're doing and if you really need those modifications.
And please be aware too that these changes will most probably not "survive" an AIX upgrade!
Good luck!
wmp