- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Extracting Entries from the last 31 Days from ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2009 09:59 AM
тАО07-30-2009 09:59 AM
Could some one please give me some ideas? I need to extract some information for SOX Audit puposes from /var/adm/sulog file. I need to pick a particular user's "su" activities from this file, for the last 31 days. What is the best way to go about?
Thanks for your time, in advance.
-Kennedy
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2009 10:15 AM
тАО07-30-2009 10:15 AM
Re: Extracting Entries from the last 31 Days from /var/adm/sulog
grep "user" /var/adm/sylog |grep "07/"
would give you all the entries for "user" for the month of July.
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2009 10:26 AM
тАО07-30-2009 10:26 AM
Re: Extracting Entries from the last 31 Days from /var/adm/sulog
This should meet your needs. For simplicity, granularity is to whole days (without regard to hours and minutes). The year of the activity is assumed to be the current year, since the 'sulog' doesn't record a date with a year.
# cat ./sulog30
#!/usr/bin/perl
use strict;
use warnings;
use Time::Local;
my ( $fh, $mon, $mday, $time1, $time2 );
open( $fh, '<', '/var/adm/sulog' ) or die "Can't open sulog: $!\n";
$time1 = time();
while (<$fh>) {
( $mon, $mday ) = split "/", (split)[1];
$time2 = timelocal( 0, 0, 0, $mday, $mon - 1, (localtime)[5] );
print if ( ( $time1 - $time2 ) <= ( 60 * 60 * 24 * 31 ) );
}
1;
...simply run as:
# ./sulog30
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2009 10:30 AM
тАО07-30-2009 10:30 AM
Re: Extracting Entries from the last 31 Days from /var/adm/sulog
I use the grep option normally, myself. However, I am unsure of the output if there are entries for July 2009 and 2008. IF both these exist then my report may turn out to be inaccurate.
-kennedy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2009 10:36 AM
тАО07-30-2009 10:36 AM
Re: Extracting Entries from the last 31 Days from /var/adm/sulog
I get my output. Along with the output I get this message too:
"Day '29' out of range 1..28 at ./sulog31.pl line 10"
Does this mean that it is providing me with the output for only the last 28 days?
-Kennedy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2009 10:44 AM
тАО07-30-2009 10:44 AM
Re: Extracting Entries from the last 31 Days from /var/adm/sulog
Yes, you will get both. You could search for both this and the previous month. Then "simply" remove the everything up to the current month. Assuming you actually had activity in the previous and current months.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2009 10:52 AM
тАО07-30-2009 10:52 AM
Solution> I get my output. Along with the output I get this message too:
"Day '29' out of range 1..28 at ./sulog31.pl line 10"
Does this mean that it is providing me with the output for only the last 28 days?
No, this would happen for a February entry in a non-leap-year (as 2009 is). If you have truly not trimmed your 'sulog' since early 2008, then I would expect this to happen.
This is a warning and the remainder of the output is valid within the constraints I have described.
Regards!
...JRF...