Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

RSYSLOG reports

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting RSYSLOG reports
# 1  
Old 09-28-2015
RSYSLOG reports
I want to create reports using rsyslog in linux,Can someone help me out here ? Report Format must be "Hostname" "Username" "Hostname logged from" "Date" "Time"

Regards,
Ahmed.

---------- Post updated at 05:24 PM ---------- Previous update was at 05:24 PM ----------

Linux,Shell Script
# 2  
Old 09-29-2015
I noticed that you started similar thread before, but you never answered RudiC's question.

I would suggest you to post a representative sample of rsyslog and any attempts from your side to create this report.
# 3  
Old 09-29-2015
RSYSLOG reports
Yoda,

Please find the below rsyslog dump :-
Code:
Sep 28 17:16:37 samplehostname sshd[32092]: subsystem request for sftp
Sep 28 18:21:30 samplehostname sshd[23278]: pam_unix(sshd:session): session closed for user oracle
Sep 28 19:27:31 samplehostname sshd[30298]: pam_unix(sshd:session): session closed for user oracle
Sep 28 19:39:57 samplehostname sshd[21016]: pam_unix(sshd:session): session closed for user oracle
Sep 28 19:39:57 samplehostname su: pam_unix(su:session): session closed for user root
Sep 28 19:39:57 samplehostname su: pam_unix(su:session): session closed for user root
Sep 28 19:58:41 samplehostname sshd[32092]: pam_unix(sshd:session): session closed for user root
Sep 29 11:05:59 samplehostname sshd[4368]: Accepted password for oracle from 10.99.22.123 port 61494 ssh2
Sep 29 11:05:59 samplehostname sshd[4368]: pam_unix(sshd:session): session opened for user oracle by (uid=0)
Sep 29 11:09:59 samplehostname su: pam_unix(su:session): session opened for user root by oracle(uid=501)

Last edited by vbe; 09-29-2015 at 01:30 PM.. Reason: code tags
# 4  
Old 09-29-2015
Based on assumptions:-
Code:
awk '
        BEGIN {
                printf "%-15s\t%-15s\%-15s\t%-15s\n", "HOST", "USER", "FROM", "TIME"
        }
        /Accepted password/ {
                printf "%-15s\t%-15s\%-15s\t%-15s\n", $4, $9, $11, $1 FS $2 FS $3
        }
' OFS='\t' rsyslog_file

# 5  
Old 09-29-2015
Thanks a ton it is working,But the log file may vary it is not constant all the time you can see only two users logging here,But in real lot of users may log.

Can you help me in that case what i need to do ?
# 6  
Old 09-29-2015
What's your concern? Yoda's suggestion would accommodate any arbitrary amount of login sessions reported in the rsyslog file you feed it. Any user will show as many times as the password is accepted.
# 7  
Old 09-29-2015
Processing large volumes of text is exactly what awk is made for. Processing millions of records in a reasonably small amount of time is not difficult.
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. Red Hat

intodns.com reports old IP

Hello, I have this problem: I have a domain which worked well until my ISP changed my ip. Since then my DNS is not working, and intodns.com reports still the old IP. The DNS remains the same. I made changes in named.conf, in ifcfg-Auto_eth0, I flushed the cache but it;s the same thing. What... (6 Replies)
Discussion started by: doe_ro
6 Replies

2. UNIX for Advanced & Expert Users

Why command df and du reports different output?

There a mismatch between df and du outputs Both df and du reporting different output. It is confusing. the answer that I get is that Open file descriptor is main causes of such wrong information. For example if file is open by third party application OR by a user and same file is deleted, both... (3 Replies)
Discussion started by: ynixon
3 Replies

3. HP-UX

Hp-ux 11.11 and Oracle reports

HI I am battling to find why oracle reports dont work from the Oracle applications and work from the Command line Finally, whern these reports error out in the Oracle apps, I see the error that the x server killed the process. Please let me know if any one has some chi-chi sheet on the os setup... (1 Reply)
Discussion started by: schilukuri
1 Replies
Login or Register to Ask a Question