HPE Community
Operating System - HP-UX
1847893 Members
5292 Online
104021 Solutions
New Discussion

Analysis user log files

 
ajk_5
Frequent Advisor

‎06-23-2003 06:54 PM

‎06-23-2003 06:54 PM

Analysis user log files

Dear all,

I use command "who -u" capture a file in the cron job daily that wants to analysis which users didn't login to the system more than 3 months. How can I use those daily log files to do the result?
Thanks!

Best Regards
Ajk
0 Kudos
Reply
6 REPLIES 6
twang
Honored Contributor

‎06-23-2003 07:09 PM

‎06-23-2003 07:09 PM

Re: Analysis user log files

In your case, I think you can simply usr "last" to find out who logged onto the system in the past 3 months and use "listusers" to list all users, then compare both files to find out who didn't login more than 3 months.
0 Kudos
Reply
ajk_5
Frequent Advisor

‎06-23-2003 07:14 PM

‎06-23-2003 07:14 PM

Re: Analysis user log files

Hi Twang,

I don't know how to do it. Would you mind to tell me in detail, please?

Best Regards
Ajk
0 Kudos
Reply
Michael Tully
Honored Contributor

‎06-23-2003 07:17 PM

‎06-23-2003 07:17 PM

Re: Analysis user log files

You should be able to do this as long as the data files that store this information have not been removed or changed (purged within your timeframe. (/var/adm/wtmp and /etc/utmp)

Have a look at a very similar discussion from earlier today.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x53650ea029a2d711abdc0090277a778c,00.html

The 'last' command uses the same data file (/var/adm/wtmp) as 'who -u'
Anyone for a Mutiny ?
0 Kudos
Reply
ajk_5
Frequent Advisor

‎06-23-2003 07:19 PM

‎06-23-2003 07:19 PM

Re: Analysis user log files

How can I find out the result from those information in a unix script?
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎06-23-2003 07:24 PM

‎06-23-2003 07:24 PM

Re: Analysis user log files

check this link

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x9ba3ee3e323bd5118fef0090279cd0f9,00.html
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎06-23-2003 07:33 PM

‎06-23-2003 07:33 PM

Re: Analysis user log files

Hi Ajk,

There isn't a simple way of finding this out. If you want to find this out, the best way is to use last command. However, this pulls out the information from wtmp. So, if you trimmed it anywhere in the last three months, then you won't get the information. So, you will have to plan. Either keep the wtmp file for 3 months or regularly recycle (using /usr/sbin/acct/fwtmp
) but keep the old files somewhere.

Then it is just a question of writing a script that can take care of it.

last -R > last.log

(Edit this and remove standard logins like root, bin, sys etc., or you can put a grep -v in the above)

for LOGIN in $(awk '{FS=":";print $1}' /etc/passwd)
do
grep -q $LOGIN last.log
if [ $? != 0 ]
then
echo $LOGIN >> nologin.out
fi
done

if [ $(wc -l nologin.out|awk '{print $1}') -eq 0 ]
then
echo |mailx -s "No LOGINS" your_id@yourdomain.com
else
mailx -s "NO LOGIN REPORT" yourid@yourdomain.com < nologin.out
fi


-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.