There are 3 files having to do with logons,
- /etc/utmp contains a record of users logged into the system
- /var/adm/wtmp contains connect-time accounting records
- /etc/security/failedlogin contains a record of unsuccessful
  login attempts.

All 3 files have the same format (described in utmp.h) and
can be viewed with the who command, for example

    who /etc/utmp
or  who /var/adm/wtmp
or  who /etc/security/failedlogin

all return lines like
  inst1       ttyp1       Apr 29 19:02    (10.224.88.152)     
  inst1       ttyp1       Apr 30 12:57    (10.224.88.16)    
  root        pts/5       Apr 30 14:06    (jasper.delphion.)
  root        pts/5       Apr 30 14:08    (jasper.delphion.)
  ipsadmin    pts/6       Apr 30 14:09    (trantor.delphion)
  root        pts/5       Apr 30 14:17    (jasper.delphion.)

=============================================================
To reset it,
   > /var/adm/wtmp

To view the records in /var/adm/wtmp, as root,
   /usr/sbin/acct/fwtmp </var/adm/wtmp | more
The fwtmp command is part of the bos.acct fileset, which is
not automatically installed with AIX.

/usr/sbin/acct/fwtmp can read a wtmp file and create
readable text (as demonstrated above), or vice-versa.
It can take text and convert it back into a wtmp file.
This gives you the ability to trim wtmp instead of
just erasing it.  For example,
   /usr/sbin/acct/fwtmp </var/adm/wtmp > /tmp/wtmp.ascii
   tail -nnn /tmp/wtmp.ascii > /tmp/wtmp.trimmed
   /usr/sbin/acct/fwtmp </tmp/wtmp.trimmed > /var/adm/wtmp
   rm /tmp/wtmp.ascii /tmp/wtmp.trimmed

============================================================