I am using SLES Enterprise 9, and 10 and I was hoping I could implement a user login logs like how medusa does for HP-UX. Is there an equivalent tool for Linux? I am heavily depended on /var/log/lastlog and last commands but surely there must be something more out there.
Or if anyone has medusa for Linux and is willing to share it it would be great!
Thank you
---------- Post updated 11-23-11 at 06:34 PM ---------- Previous update was 11-22-11 at 10:23 PM ----------
Ok, this is what I did. I googled for logwatch (apparently this is the only thing they have for free, and it works great with Linux) and downloaded the tarball. The report comes out like this:
Code:
my-xftp0:~ # logwatch
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Thu Nov 24 10:31:32 2011
Date Range Processed: yesterday
( 2011-Nov-23 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: stdout / text
Logfiles for Host: my-xftp0
##################################################################
--------------------- SSHD Begin ------------------------
Users logging in through sshd:
priti:
191.255.XXX.XXX(my-c0005.myhq.itelligence.com.my): 2 times
root:
191.255.XXX.XXX(my-c0005.myhq.itelligence.com.my): 2 times
SFTP subsystem requests: 2 Time(s)
---------------------- SSHD End -------------------------
--------------------- Syslog-ng Begin ------------------------
Syslog-ng reloaded: 1 Time(s)
---------------------- Syslog-ng End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 50G 413M 47G 1% /
devtmpfs 1.9G 140K 1.9G 1% /dev
/dev/sda2 10G 9.6M 10G 1% /boot/efi
/dev/sda4 50G 184M 47G 1% /home
/dev/sda7 9.9G 151M 9.2G 2% /opt
/dev/sda8 9.9G 165M 9.2G 2% /tmp
/dev/sda5 9.9G 2.5G 7.0G 26% /usr
/dev/sda6 9.9G 250M 9.1G 3% /var
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
But is there anything else out there? I am also not sure on how to tweak logwatch
---------- Post updated at 09:56 PM ---------- Previous update was at 06:34 PM ----------
Also I checked the services available for logwatch in /usr/share/logwatch/scripts/services and it doesn't track wtmp logs, I was hoping if anyone would know on how to add this to the logwatch monitoring. I am terrible at scripting!
I googled for a perl script that works when run as it is (output is a nice list of user logins) but when the script is incorporated with logwatch i get this error:
Code:
--------------------- wmtp logs Begin ------------------------
String found where operator expected at /etc/logwatch/scripts/services/my-report line 1, at end of line
(Do you need to predeclare we?)
Warning: Use of "log" without parentheses is ambiguous at /etc/logwatch/scripts/services/my-report line 1.
syntax error at /etc/logwatch/scripts/services/my-report line 1, next token ???
Search pattern not terminated at /etc/logwatch/scripts/services/my-report line 1.
---------------------- wmtp logs End -------------------------
otherwise the script runs fine as it is:
Code:
my-mnag0:/etc/logwatch/scripts/services # ./my-report | more
Fri Dec 18 22:17:17 2009 Login LOGIN tty1
Fri Dec 18 22:17:17 2009 Login LOGIN tty2
Fri Dec 18 22:17:17 2009 Login LOGIN tty3
Fri Dec 18 22:17:17 2009 Login LOGIN tty4
Fri Dec 18 22:17:17 2009 Login LOGIN tty5
Fri Dec 18 22:17:17 2009 Login LOGIN tty6
...
I got the solution from perl forum, click on this link for the help I had
This is the documentated perl script for wtmp logs parsed for logwatch monitoring:
Code:
1. Download the logwatch tar file from the internet. The latest running version is logwatch-7.4.0
2. Look here for the version-------------http://sourceforge.net/projects/logwatch/files/
3. Look here for developer details---http://logwatch.isoc.lu/tabs/docs/index.html
4. Download and store the tarball into your /tmp directory
5. Unzip, untar and cd into the folder
gunzip logwatch-7.4.0.tar.gz
untar -xvf logwatch-7.4.0.tar
cd logwatch-7.4.0
6. Create these directories and soft links:
mkdir /etc/logwatch
mkdir /etc/logwatch/scripts
mkdir /etc/logwatch/conf
mkdir /etc/logwatch/conf/logfiles
mkdir /etc/logwatch/conf/services
touch /etc/logwatch/conf/logwatch.conf
touch /etc/logwatch/conf/ignore.conf
touch /etc/logwatch/conf/override.conf
mkdir /usr/share/logwatch
mkdir /usr/share/logwatch/dist.conf
mkdir /usr/share/logwatch/dist.conf/logfiles
mkdir /usr/share/logwatch/dist.conf/services
mv conf/ /usr/share/logwatch/default.conf
mv scripts/ /usr/share/logwatch/scripts
mv lib /usr/share/logwatch/lib
mkdir /var/cache/logwatch
ln -s /usr/share/logwatch/scripts/logwatch.pl /etc/cron.daily/0logwatch
ln -s /usr/share/logwatch/scripts/logwatch.pl /usr/sbin/logwatch
7. Backup and edit the config file accordingly
/usr/share/logwatch/default.conf/logwatch.conf
##to edit html format, edit these lines in the config file stated above
#Output/Format Options
#By default Logwatch will print to stdout in text with no encoding.
#To make email Default set Output = mail to save to file set Output = file
#Output = stdout
Output = mail
#To make Html the default formatting Format = html
Format = html
##to edit the email recipients, edit this line, separate multiple recipients with space
# Default person to mail reports to. Can be a local account or a
# complete email address. Variable Output should be set to mail, or
# --output mail should be passed on command line to enable mail feature.
MailTo = Priti.Patel@xxx.com.my onepatel@xxx.com
8. to add wtmp logs into monitoring you need to define 3 things:
8.1 /usr/share/logwatch/scripts/services >>> this is where the script/work will be done
my-mnag0:/etc/logwatch/conf/logfiles # more /usr/share/logwatch/scripts/services/my-report
#!/usr/bin/perl
@type = (
"Empty", "Run Lvl", "Boot", "New Time", "Old Time", "Init",
"Login", "Normal", "Term", "Account"
);
$recs = "";
while (<>) {
$recs .= $_;
}
foreach ( split( /(.{384})/s, $recs ) ) {
next if length($_) == 0 ;
my ( $type, $pid, $line, $inittab, $user, $host, $t1, $t2, $t3, $t4, $t5 ) =
$_ =~ /(.{4})(.{4})(.{32})(.{4})(.{32})(.{256})(.{4})(.{4})(.{4})(.{4})(.{4})/s;
if ( defined $line && $line =~ /\w/ ) {
$line =~ s/\
x00+//g;
$host =~ s/\x00+//g;
$user =~ s/\x00+//g;
printf(
"%s %-8s %-12s %10s %-45s \n",
scalar( gmtime( unpack( "I4", $t3 ) ) ),
$type[
unpack( "
I4", $type )
],
$user,
$line,
$host
);
}
}
printf "\n"
8.2 /usr/share/logwatch/default.conf/services >>> this is where you define the services/config options of your script above
my-mnag0:/etc/logwatch/conf/logfiles # more /usr/share/logwatch/default.conf/services/my-report.conf
Title = "WTMP logs"
Logfile = wtmp
8.3 /etc/logwatch/conf/logfiles >>> this is where the log files will be parsed
my-mnag0:/etc/logwatch/conf/logfiles # more /etc/logwatch/conf/logfiles/wtmp.conf
#Define log file group for wtmp log
Logfile = /var/log/wtmp
The reason the wtmp and wtmp.conf is in red is because both names must be same. different names will call different logs/generate error
You can close this thread now...
Last edited by hedkandi; 12-02-2011 at 12:10 AM..
Reason: edited email addresses
These 2 Users Gave Thanks to hedkandi For This Post:
I have the below script, but when i execute it is still printing to screen is there a way i can stop this and just print everything to the log file. Thank you.
#!/bin/bash
exec > >(tee "/var/log/ScriptLogs/called_from_incrontab.log") 2>&1
DIR="$1"
FILE="$2"
echo "STEP 1: Datafile... (5 Replies)
This is Solaris 10 and sorce+destination are non root user. Somehow it is broke and I am not able to fix it. Already checked permissions on both servers and authorized_keys entry of destination is same as id_rsa.pub of source server. I can not regenerate keys on source server because I do not know,... (0 Replies)
Hi people
I have a bash script with a line like this:
python example.py >> log &
But i can't see anything in the log file while python program is running only if the program ends seems to write the log file.
"$ cat log" for example don't show anything until the program ends.
Is there... (4 Replies)
Hi,
While running my ksh file, I require the logs to be written to another file. For this I use the below code:
write_log()
{
echo `date +"%d %h, %Y %H:%M:%S"` " : " $* >> ${LOG_FILE}
}
But inside my ksh file, am connecting to sftp server and executing some commands.
So while i see... (8 Replies)
Discussion started by: confused_info
8 Replies
5. Forum Support Area for Unregistered Users & Account Problems
Hi,
This is user : matrixmadhan. Am unable to login despite repeated attempts. I tried recovering via forgot password, but neither of the email ids I gave isnt being recognized.
Is there a way I could get some help?
Thanks,
-matrixmadhan (4 Replies)
i vi .profile Set DATE `date +%m%d%Y%H%M`, but after logout/login, echo $DATE, it shows: Fri Mar 23 15:01:53 EDT 2012, i want to show: 032320121501
please ignore.
vi /etc/profile, and export DATE=`date +%m%d%Y%H%M`, worked fine now. (0 Replies)
Dear all,
cannot login to a HP unix server using root as well as other logins.
Even root also cannot enter. It seems that they have changed some permissions in /
Any way of recovering the system or getting logged in .
Thanks in advance
Rj (8 Replies)
Hi guys,
I have just installed Solaris 10 x86. My system boots into graphical login by default, I want to have text login only, where can I change that. I tried to use the linux and bsd concept of editing /etc/inittab, and change the default value to 3, but that doesn't work in Solaris. Please... (6 Replies)
Hey everyone,
I am trying to get a 2GB patch cluster FTP'd to a solaris 10 server. I have tried logging in via ftp, and both with root as well as my personal account, I get "Login Incorrect." I have verified that I can log in using telnet.
-bash-3.00$ netstat -a |grep ftp
*.ftp ... (10 Replies)
I know I can use the who and finger commands to see what users are currently logged in.
Is there a log to show when a user last logged in & out?
Or a way to see users that logged in & out on a specific date?
Thanks. (2 Replies)
11-29-2011
