Online Expert Day - HPE Data Storage - Live Now
April 24/25 - Online Expert Day - HPE Data Storage - Live Now
Read more
cancel
Showing results for 
Search instead for 
Did you mean: 

script captures logins

himacs
Super Advisor

script captures logins


I have a script written in perl, which lists login details of yesterday's.


yesterday=$(perl -MPOSIX -le 'print strftime "%b %e",localtime(time-(60*60*24))')

But problem is now it lists for 2009 also with current one.Please suggest with shell script which lists the data for current year.

Regards
himacs
5 REPLIES
Dennis Handly
Acclaimed Contributor

Re: script captures logins

Your perl command gives yesterday's date. What are you doing with $yesterday? Scanning the output of last(1)?
himacs
Super Advisor

Re: script captures logins

Hi Dennis,

thanx for the response.

Its grepping keyboard interactive from syslog

grep -i sshd /var/adm/syslog/syslog.log|grep -i keyboard-interactive |grep "$yesterday" |awk '{print $1" "$2" "$3" "$9" "$11}'


actually i am newbee in scripting trying myself to mofify the changes.I want to remove perl and insert schell script for grepping..

Regards
himacs
Michael Steele_2
Honored Contributor

Re: script captures logins

Hi

See 'last' command, lastb, wtmp, utmp.
Support Fatherhood - Stop Family Law
James R. Ferguson
Acclaimed Contributor

Re: script captures logins

Hi Himacs:

> I have a script written in perl, which lists login details of yesterday's...But problem is now it lists for 2009 also with current one.Please suggest with shell script which lists the data for current year...Its grepping keyboard interactive from syslog....I want to remove perl and insert schell script for grepping..

The problem isn't with the Perl portion! If you examine it's output you will see that it returns yesterday as a short month name and day, for example, "Jan 23". Adding the year could be trivial (below) but that won't solve your problem and neither will any shell script.

# perl -MPOSIX -le 'print strftime "%b %e %Y",localtime(time-(60*60*24))'

Unfortunately the 'syslog' doesn't record the *year* as part of the date information it stores. You could trim your 'syslog' to begin with the current year or filter your output to reject months that are *greater* than the current month since those would represent a previous year.

Regards!

...JRF...








James R. Ferguson
Acclaimed Contributor

Re: script captures logins

Hi (again):

As noted, if you are tracking login information, the 'wtmps' file (used by 'last') might be better suited to your use.

While the 'last' command doesn't include the year in the dates printed, the information is present in the underlying input.

Instead of using 'last' you could do:

/usr/sbin/acct/fwtmp -X < /var/adm/wtmps

...which includes the year in the record's date. For that matter, not only is the date given in month, day and year, but the time too and more importantly the representation of the timestamp in epoch seconds for easily parsing ranges of timestamps.

Regards!

...JRF...