I want to create reports using rsyslog in linux,Can someone help me out here ? Report Format must be "Hostname" "Username" "Hostname logged from" "Date" "Time"
Regards,
Ahmed.
---------- Post updated at 05:24 PM ---------- Previous update was at 05:24 PM ----------
Sep 28 17:16:37 samplehostname sshd[32092]: subsystem request for sftp
Sep 28 18:21:30 samplehostname sshd[23278]: pam_unix(sshd:session): session closed for user oracle
Sep 28 19:27:31 samplehostname sshd[30298]: pam_unix(sshd:session): session closed for user oracle
Sep 28 19:39:57 samplehostname sshd[21016]: pam_unix(sshd:session): session closed for user oracle
Sep 28 19:39:57 samplehostname su: pam_unix(su:session): session closed for user root
Sep 28 19:39:57 samplehostname su: pam_unix(su:session): session closed for user root
Sep 28 19:58:41 samplehostname sshd[32092]: pam_unix(sshd:session): session closed for user root
Sep 29 11:05:59 samplehostname sshd[4368]: Accepted password for oracle from 10.99.22.123 port 61494 ssh2
Sep 29 11:05:59 samplehostname sshd[4368]: pam_unix(sshd:session): session opened for user oracle by (uid=0)
Sep 29 11:09:59 samplehostname su: pam_unix(su:session): session opened for user root by oracle(uid=501)
Last edited by vbe; 09-29-2015 at 01:30 PM..
Reason: code tags
Thanks a ton it is working,But the log file may vary it is not constant all the time you can see only two users logging here,But in real lot of users may log.
What's your concern? Yoda's suggestion would accommodate any arbitrary amount of login sessions reported in the rsyslog file you feed it. Any user will show as many times as the password is accepted.
Processing large volumes of text is exactly what awk is made for. Processing millions of records in a reasonably small amount of time is not difficult.
Hello,
I have this problem:
I have a domain which worked well until my ISP changed my ip. Since then my DNS is not working, and intodns.com reports still the old IP. The DNS remains the same.
I made changes in named.conf, in ifcfg-Auto_eth0, I flushed the cache but it;s the same thing.
What... (6 Replies)
There a mismatch between df and du outputs
Both df and du reporting different output. It is confusing.
the answer that I get is that Open file descriptor is main causes of such wrong information.
For example if file is open by third party application OR by a user and same file is deleted,
both... (3 Replies)
HI
I am battling to find why oracle reports dont work from the Oracle applications and work from the Command line
Finally, whern these reports error out in the Oracle apps, I see the error that the x server killed the process.
Please let me know if any one has some chi-chi sheet on the os setup... (1 Reply)