The registry setting mentioned in this thread adds more columns/fields to the smaccess log. For the question here I'm not sure those extra columns/fields are needed... they provide better info though and we use them. We want to count AuthAccepts (and possibly AuthAttempts, AuthRejects) or all sessionids (which could include the former) over a period of time ..the original poster didnt say precisely.
So;
a.) In the smconsole or your registry make sure we have Authentications Events set to log to your smaccess.log;
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Report
AuthFilter= 0x1; REG_DWORD
b.) Now if one had their smaccess.log rotating hourly (big if ..but summarizing here) a quick way to count the good logins/Auths in the hour could be:
grep -c AuthAccept smaccess.log
That is ..all AuthAccepts generate a unique sessionid so counting the good logins gives a count.
If one wants to count unique usernames only (count a user once even if they logged in several times) then:
grep AuthAccept smaccess.log| awk -F\[ '{ print $9 }' | sort -nr | uniq | wc -l
c.) Now if one were sending to the audit log database (or loading the smaccess logs into an oracle database) it becomes somewhat more useful.. to count all good logins (including the same users coming in again) per hour over the entire database;
select to_char (SM_TIMESTAMP, "mm/dd/yy hh24'), count(SM_SESSIONID) from SMACCESSLOG4
where SM_CATEGORYID =1 and SM_EVENTID =1
group by to_char(SM_TIMESTAMP), 'mm/dd/yy hh24')
Changing the above to count(distinct SM_USERNAME) would give results that count only once the same user logging in several times in the hour..
If a windows script may have been wanted I haven't helped at all and apologize.