This spec can be used to parse utmp, wtmp and other similar as created by IBM AIX.
This page hosts a formal specification of utmp log file, IBM AIX version using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.
digraph {
rankdir=LR;
node [shape=plaintext];
subgraph cluster__aix_utmp {
label="AixUtmp";
graph[style=dotted];
aix_utmp__seq [label=<<TABLE BORDER="0" CELLBORDER="1" CELLSPACING="0">
<TR><TD BGCOLOR="#E0FFE0">pos</TD><TD BGCOLOR="#E0FFE0">size</TD><TD BGCOLOR="#E0FFE0">type</TD><TD BGCOLOR="#E0FFE0">id</TD></TR>
<TR><TD PORT="records_pos">0</TD><TD PORT="records_size">648</TD><TD>Record</TD><TD PORT="records_type">records</TD></TR>
<TR><TD COLSPAN="4" PORT="records__repeat">repeat to end of stream</TD></TR>
</TABLE>>];
subgraph cluster__record {
label="AixUtmp::Record";
graph[style=dotted];
record__seq [label=<<TABLE BORDER="0" CELLBORDER="1" CELLSPACING="0">
<TR><TD BGCOLOR="#E0FFE0">pos</TD><TD BGCOLOR="#E0FFE0">size</TD><TD BGCOLOR="#E0FFE0">type</TD><TD BGCOLOR="#E0FFE0">id</TD></TR>
<TR><TD PORT="user_pos">0</TD><TD PORT="user_size">256</TD><TD>str(ascii)</TD><TD PORT="user_type">user</TD></TR>
<TR><TD PORT="inittab_id_pos">256</TD><TD PORT="inittab_id_size">14</TD><TD>str(ascii)</TD><TD PORT="inittab_id_type">inittab_id</TD></TR>
<TR><TD PORT="device_pos">270</TD><TD PORT="device_size">64</TD><TD>str(ascii)</TD><TD PORT="device_type">device</TD></TR>
<TR><TD PORT="pid_pos">334</TD><TD PORT="pid_size">8</TD><TD>u8be</TD><TD PORT="pid_type">pid</TD></TR>
<TR><TD PORT="type_pos">342</TD><TD PORT="type_size">2</TD><TD>s2be→EntryType</TD><TD PORT="type_type">type</TD></TR>
<TR><TD PORT="timestamp_pos">344</TD><TD PORT="timestamp_size">8</TD><TD>s8be</TD><TD PORT="timestamp_type">timestamp</TD></TR>
<TR><TD PORT="exit_status_pos">352</TD><TD PORT="exit_status_size">4</TD><TD>ExitStatus</TD><TD PORT="exit_status_type">exit_status</TD></TR>
<TR><TD PORT="hostname_pos">356</TD><TD PORT="hostname_size">256</TD><TD>str(ascii)</TD><TD PORT="hostname_type">hostname</TD></TR>
<TR><TD PORT="dbl_word_pad_pos">612</TD><TD PORT="dbl_word_pad_size">4</TD><TD>s4be</TD><TD PORT="dbl_word_pad_type">dbl_word_pad</TD></TR>
<TR><TD PORT="reserved_a_pos">616</TD><TD PORT="reserved_a_size">8</TD><TD></TD><TD PORT="reserved_a_type">reserved_a</TD></TR>
<TR><TD PORT="reserved_v_pos">624</TD><TD PORT="reserved_v_size">24</TD><TD></TD><TD PORT="reserved_v_type">reserved_v</TD></TR>
</TABLE>>];
}
subgraph cluster__exit_status {
label="AixUtmp::ExitStatus";
graph[style=dotted];
exit_status__seq [label=<<TABLE BORDER="0" CELLBORDER="1" CELLSPACING="0">
<TR><TD BGCOLOR="#E0FFE0">pos</TD><TD BGCOLOR="#E0FFE0">size</TD><TD BGCOLOR="#E0FFE0">type</TD><TD BGCOLOR="#E0FFE0">id</TD></TR>
<TR><TD PORT="termination_code_pos">0</TD><TD PORT="termination_code_size">2</TD><TD>s2be</TD><TD PORT="termination_code_type">termination_code</TD></TR>
<TR><TD PORT="exit_code_pos">2</TD><TD PORT="exit_code_size">2</TD><TD>s2be</TD><TD PORT="exit_code_type">exit_code</TD></TR>
</TABLE>>];
}
}
aix_utmp__seq:records_type -> record__seq [style=bold];
record__seq:exit_status_type -> exit_status__seq [style=bold];
}