Hi there thanks for checking in.

I run a helpdesk with about 500 users login onto a network
and then onto a Unix box.

Sometimes people use other people's login's.:-(
All user's use there own PC.( I.P )
Is there a way that when somebody logs onto the unix box with a different I.P that the the system with e-mail me the I.P address
So that i can find the people who are doing this, which creates problems.

i'm thinking along the lines of a script that runs every 10-20 min's
in the background that uses the files in /var/adm/history

etc.

When you do a

who -u ( for the first time ) sleep 1000
root pts/tCe Jan 30 11:59 1:32 15442 000.00.000.000
helpdesk pts/tCe Jan 30 12:05 0.23 23633 196.13.235.333

who -u (for the Second time)
root pts/tCe Jan 30 11:59 1:32 15442 000.00.000.000
helpdesk pts/tCe Jan 30 12:05 0.23 23633 196.13.235.555

then it should pick up
That user "helpdesk" is not log onto 196.13.235.333 and it should E-mail me the I.P 196.13.235.555 including the User name that is supposed to log unto the unix box from that PC.

Please inform me if the above is unclear.

Thanks in advance

Nemex