File Systems to monitor in AIX :

/var/adm/sulog Switch user log file (ASCII file). Use cat, pg or
more to view it and rm to clean it out.
/etc/security/failedlogin Failed logins from users. Use the who command
to view the information. Use "cat /dev/null >
/etc/failedlogin" to empty it,
/var/adm/wtmp All login accounting activity. Use the who
command to view it use "cat /dev/null >
/var/adm/wtmp" to empty it.
/etc/utmp Who has logged in to the system. Use the who
command to view it. Use "cat /dev/null >
/etc/utmp" to empty it.
/var/spool/lpd/qdir/* Left over queue requests
/var/spool/qdaemon/* temp copy of spooled files
/var/spool/* spooling directory
smit.log smit log file of activity
smit.script smit log 

************************************

FILESYSTEM CLEANUP HINTS:

find large files:

find . -xdev -size +4000000c -exec ls -l {} \;             <--it will list files larger than 4MB in the fs

find . -type f | xargs ls -s | sort -rn | head             <--10 largest file (if there is another fs under it, it will search there too)

find . -type f -size +10000 | while read X ; do du -sm "$X" ; done | sort -n | tail -n 15        <--15 largest file

/etc:

/etc/perf/daily/                                           <--xmdaily logs can be removed if not needed

(can be removed from inittab and xm processes can be killed)

who /etc/security/failedlogin                              <--lists failed logins

> /etc/security/failedlogin                                <--clears that file

/usr:

/usr/websm/pc_client                                       <--windows, exe files can be removed

/var:

/var/adm/wtmp:

who /var/adm/wtmp                                          <--shows the contents of that file

/usr/sbin/acct/fwtmp < /var/adm/wtmp | tail -5000 > /tmp/wtmp.asc   <--converts wtmp to ascii, saves last 500 lines

/usr/sbin/acct/fwtmp -ic < /tmp/wtmp.asc > /var/adm/wtmp            <--converts back to original format

rm /tmp/wtmp.asc                                           <--delete the ascii file

/var/adm/cron/log:

> /var/adm/cron/log                                        <--this can be cleared

/var/spool/lpd:

stopsrc -s qdaemon                                         <--stops qdaemon

rm /var/spool/lpd/qdir/*                                   <--clears dir

rm /var/spool/lpd/stat/*

rm /var/spool/qdaemon/*

startsrc -s qdaemon                                        <--starts qdaemon

/var/spool/mail                                            <--under this dir, not needed mails can be cleared as well

/var/adm/sulog                                             <--this file can be reduced (cleared) as well

--------------------------