Sac like ac produces three different types of output: Total usage in number of login hours since wtmp was created (default), login usage per day (-d option), total usage per user (-p option). The output of these three are modified by supplying either the average (-a) option, the hourly profile (-h) option, and/or the clipping (-c) option.
The -s and -e options are used to select the starting date and ending date, respectively, to report on. The format for the date is one of: +days (days since the beginning of the wtmp file) or -days (days before the end of the wtmp file) or in standard date format: MM/DD/YY.
Selecting the average option for total usage, gives an average number of login hours per day since the creation of the wtmp file. For the daily option it prints the total # of logins for the day and the average login time per login. For the per person display it displays the total number of logins the user has made and the average amount of time spent on each login.
Selecting the hourly profile option for total usage gives a visual display of the percentage of login time spent per hour for all the logins on the system. For the daily option it prints the same visual display for each day. For the per person display it displays the hourly breakdown of login time the user spends on the system (this can be pretty interesting).
Selecting the -c option performs clipping on the amount of login time being used. Multiple logins during the same time period will only count once. As a side effect (possibly a bug) clipping will affect the output of the average option, reporting only the number of logins that uniquely apply to the total login time. Logins that fall totally within the time span of other logins will be totally clipped out, as if they did not occur.
If the optional user-list is given sac will only consider accounting information from those users, discarding the rest. The -u option can be used to precede the optional user-list. This option is useful to terminate the -x, -T and -H options.
The -x option, has the reverse effect of the -u option, in that it excludes the users specified from accounting. This is useful for removing users that are on a lot, which skew average usage results.
The -T option performs accounting for only the optionally specified tty lines listed. This is useful for determining modem usage, and who's been using them the most.
The -H option performs accounting for only the optionally specified hosts listed. Since a host-name can only be up to 16 characters long in the wtmp file, only the first 16 characters of a given host-name will be considered for purposes of matches. If a host-name given on the command line does not contain any dots (.) or ends with a dot, it is taken to be a substring and will match if the first part of the wtmp host-name matches the substring.
The -f option makes sac perform accounting on both normal logins and
ftp logins. The -F option makes sac perform accounting on ftp logins,
normal logins are not considered. Sac is only guaranteed to work with
wu-ftpd (wu-archive FTP daemon) style of utmp entry for ftp logins, denoted
by a line of "ftp#####" where "#####" is the process ID of the ftp process.
The -o and -t options handle what is a login and a logout differently than normally (because there is no ut_type field), making sac incorrectly identify xterm log-outs as a login (xterm does not write a "login" entry, only a "logout" entry that looks just like a login in all respects save the contents of the ut_type field). It should also be noted that last incorrectly handles xterm log-outs as well.
Sac (probably) only handles changes in time logged in the wtmp file made by netdate. Rdate does not log time changes.
Clipping can affect the output of the average option, as described above.
The ut_addr field doesn't seem to be consistently used by all programs, so it cannot be used for exact host-name filtering. Even if it were, it would be too much work for this lazy programmer anyway.
Too much accounting results in big brother... citizen.