HPE Community
Operating System - OpenVMS
1752278 Members
4614 Online
108786 Solutions
New Discussion юеВ

Re: Users accounting question

 
SOLVED
Go to solution
Darijo
Frequent Advisor

тАО12-19-2008 04:54 AM

тАО12-19-2008 04:54 AM

Users accounting question

How or where can I see which users were logged on the machine lately?

Thank you!
0 Kudos
Reply
11 REPLIES 11
Jim_McKinney
Honored Contributor

тАО12-19-2008 05:29 AM

тАО12-19-2008 05:29 AM

Re: Users accounting question

Presuming that ACCOUNTING is enabled for your system you could just choose your date and...

$ ACCO/SUMM=(PROC,USER)/SINC=1-DEC-2008

0 Kudos
Reply
marsh_1
Honored Contributor

тАО12-19-2008 05:39 AM

тАО12-19-2008 05:39 AM

Re: Users accounting question

hi,

for individual queries you can go into the sysuaf and check for the last interactive login field

$ set def sys$system
$ r authorize

there are also ways of producing reports from the uaf using dcl some examples of which are on dcl.openvms.org (which i can't seem to get to at the moment)

or if you have auditing enabled for login
then you can use anal/audit e.g

$ anal/audit/event=login/full

$ show audit (to see settings)

$ set audit/audit/enable=(login=all) (to change settings)

there are also entries in the sys$manager:operator.log for telnet login etc

take time to read the vms users , security and system managers essentials guides on the vms documentation site here to give you a good background on what is possible and the implications of using the various tools available :-

http://h71000.www7.hp.com/doc/os83_index.html

hope this helps

0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

тАО12-19-2008 05:52 AM

тАО12-19-2008 05:52 AM

Re: Users accounting question

Typically folks use the LAST_LOGIN time from SYSUAF to report who use the system.

Just GOOGLE for +LAST_LOGIN +SYSUAF for several examples.

Here is a starting point I wrote last year if you wanted to roll your own:

$!
$! uaf_lastlogin.com Hein van den Heuvel,August 2007.
$
$! List records from SYSUAF for which the Last Interactive Login is more
$! than 'p1' days ago (default 90).
$
$IF p1.eqs."" THEN p1 = "90"
$cutoff_date = f$cvtime("TODAY -''p1'-")
$!libr/extr=$uafdef/out=uafdef.tmp sys$library:lib.mlb
$!sea uafdef.tmp flag...
$!EQU UAF$Q_LASTLOGIN_I 396
$!EQU UAF$L_FLAGS 468
$!EQU UAF$V_DISACNT 4
$
$!define sysuaf sys$disk:[]sysuaf.dat ! Local copy for testting
$sysuaf = f$parse("SYSUAF","SYS$SYSTEM:.DAT",,,"SYNTAX_ONLY")
$open /read/share=write uaf 'sysuaf'
$loop:
$ read/end=done uaf rec
$ lastlogin_bin = F$EXTR(396,8,rec)
$ lastlogin_asc = F$FAO("!%D",f$cvui(32,32,f$fao("!AD",8,lastlogin_bin)))
$ IF f$cvtime(lastlogin_asc) .GTS. cutoff_date THEN GOTO loop
$ IF f$cvsi(468*8+4,1,rec) THEN GOTO loop ! disuser already?
$ username = F$EXTRACT(4,12,rec)
$ WRITE SYS$OUTPUT "MODIFY ''username' /FLAG=DISUSEER ! Last Login: ", lastlogin_asc
$ GOTO loop
$done:
$close uaf


hth,
Hein.
0 Kudos
Reply
Darijo
Frequent Advisor

тАО12-19-2008 06:05 AM

тАО12-19-2008 06:05 AM

Re: Users accounting question


OUTPUT:

From: 19-DEC-2008 00:00 VMS Accounting Report To: 19-DEC-2008 14:48Process type Username Total
Records
-----------------------------------
INTERACTIVE SYSTEM 2
NETWORK AECSYS 189
NETWORK FAL$SERVER 1


Thanks, but I also need IP addresses...
0 Kudos
Reply
marsh_1
Honored Contributor

тАО12-19-2008 06:13 AM

тАО12-19-2008 06:13 AM

Solution

Re: Users accounting question

hi ,

try
$ sear sys$manager:operator.log/win=(2,0)/out=nnn.tmp "login "
then

$ sear nnn.tmp/win=(0,2) "whatever date"



Reply
Darijo
Frequent Advisor

тАО12-19-2008 06:32 AM

тАО12-19-2008 06:32 AM

Re: Users accounting question

" hi ,

try
$ sear sys$manager:operator.log/win=(2,0)/out=nnn.tmp "login "
then

$ sear nnn.tmp/win=(0,2) "whatever date"
"

THATS IT!
Thank you so much!
0 Kudos
Reply
marsh_1
Honored Contributor

тАО12-19-2008 06:46 AM

тАО12-19-2008 06:46 AM

Re: Users accounting question


hi,

unless all your users have static ip addresses what is the importance of the address as it would vary from day to day. also if there are multiple systems with decnet enabled the users could potentially be hopping anywhere in which case you would be better using one of the sysuaf dcl report examples such as the one hein has posted up ?

0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

тАО12-19-2008 06:56 AM

тАО12-19-2008 06:56 AM

Re: Users accounting question

>> Thanks, but I also need IP addresses...

I don't think you can get that from ACC/SUM

You may need to write a program ro read and process the account file, or it's listing.

For example this trivial PERL:

$pipe ACCOUN/FULL/SINCE | perl -ane "$u=$F[1] if /^Us/; printf(qq(%12s %s\n),$u, $F[3]) if /^Remote f/"



And a little more elaborate, still just using 2 fields to report on see below.

hth,
Hein.


------ access_summary.pl --------------
for (qx(ACCOUNT/FULL/SINCE=YES)){
chomp;
#Remote node name: Pr
#0123456789012345678901234567890123456789
$user = $1 if /^Us\S+\s+(\S+)/;
$full = substr($_,18,27-18) if /^Remote node name:\s+(\S+)/;
if (/^Remote full name:(.*)/) { # Last interesting line?
$full = $1 if $1; # anything there?
$full =~ s/\s+/ /g; # trim whitespace some
$access{ $user . ',' . $full }++;
}
}
for (sort keys %access) {
my ($user, $full) = split /,/;
printf "%12s %5d %s\n", $user, $access{$_}, $full;
}
-------------------

$perl access_summary.pl
1
1 RX1
1 RX2
FAL$SERVER 2 RX2
HEIN 72
HEIN 1 192.168.1.152
HEIN 1 192.168.1.40
HEIN 1 192.168.1.45
HEIN 8 HEINPC
HEIN 4 RX2
SYSTEM 184
TCPIP$FTP 2 0.0.0.0 Port: 000
0 Kudos
Reply
Darijo
Frequent Advisor

тАО12-19-2008 06:58 AM

тАО12-19-2008 06:58 AM

Re: Users accounting question

No, all addresses in LAN are static, but machines are connected via WAN (ISDN) to other places. I just needed to know if someone has accessed the machine from non local-area-network.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.