Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
Solved

# Script to return user with most logons

Posted on 2010-09-09
Medium Priority
340 Views
Given this text file as input and using a shell or python script how would you ouput the Username with the highest Login Count, in this case Username Carl Hilton
``````    Username        : Administrator [500]
Last Login Date : Fri Oct 12 14:45:16 2007 Z
Last Login Date : Thu Jan  1 00:00:00 1970 Z
Last Login Date : Wed Sep  1 00:27:45 2010 Z
Last Login Date : Tue Sep  7 03:42:43 2010 Z
Last Login Date : Tue Sep  7 03:43:00 2010 Z
``````
0
Question by:veedar
[X]
###### Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

• Help others & share knowledge
• Earn cash & points
• 3
• 2

LVL 29

Accepted Solution

pepr earned 2000 total points
ID: 33643995
Try the following. Modify the filename -- here the data.txt.
``````import re

# Build the list of tuples (user, count)
status = 0        # ...of the finite automaton
user = 'unknown'  # init
count = -1        # init
ucList = []       # list of tuples (user, count)
f = open('data.txt')

for line in f:
if status == 0 :
if m:
user = m.group(1)
status = 1
elif status == 1:
if m:
count = int(m.group(1))
ucList.append( (user, count) )
status = 0
f.close()
##print ucList

# Now sort the list by the second element of the tuples.
ucList.sort(key=lambda x: x[1], reverse=True)
##print ucList

# The first element has the biggest count.
t = ucList[0]
print t[0], t[1]
``````
0

LVL 29

Expert Comment

ID: 33644034
In this special case it can be simplified -- no need for the finite automaton.  Each username line will remember the user name, each count line will build the tuple with the information and appends to the list.

Generally (if the task COULD become more complex), it is better to stick with the finite automaton as it can be easily modified.
``````import re

# Build the list of tuples (user, count)
user = 'unknown'  # init
count = -1        # init
ucList = []       # list of tuples (user, count)
f = open('data.txt')

for line in f:
if m:
user = m.group(1)

if m:
count = int(m.group(1))
ucList.append( (user, count) )  # when count, generate the tuple
f.close()
##print ucList

# Now sort the list by the second element of the tuples.
ucList.sort(key=lambda x: x[1], reverse=True)
##print ucList

# The first element has the biggest count.
t = ucList[0]
print t[0], t[1]
``````
0

LVL 11

Expert Comment

ID: 33644470
Hi

Have a look at logwatch. It is a brilliant log analyzer that can be configured to send you a daily report.
The ssh output is awesome.

Here is my output for yesterday, which shows only the ssh part. It also looks at other logs including email and kernel logs.
This is running on ubuntu 9, but I also have it installed on fedora core and freebsd.

--------------------- SSHD Begin ------------------------

Didn't receive an ident from these IPs:
174.122.67.72 (48.43.7aae.static.theplanet.com): 1 Time(s)
202.136.120.3: 1 Time(s)
220.135.212.6 (220-135-212-6.HINET-IP.hinet.net): 1 Time(s)
222.169.224.67: 1 Time(s)
58.49.104.164: 1 Time(s)
74.63.255.77 (SRV5-74-63-255-77.VPSWOW.COM): 1 Time(s)

[removed]: 2 times

Illegal users from:
58.49.104.164: 1 time
staff: 1 time
74.63.255.77 (SRV5-74-63-255-77.VPSWOW.COM): 8 times
david: 2 times
ant: 1 time
bureau: 1 time
jasmin: 1 time
laura: 1 time
office: 1 time
pc: 1 time
174.122.67.72 (48.43.7aae.static.theplanet.com): 6 times
fluffy: 1 time
root: 1 time
sifak: 1 time
slasher: 1 time
test: 1 time
202.57.42.162: 3 times
root: 3 times
202.136.120.3: 6 times
teamspeak: 2 times
ts: 2 times
nagios: 1 time
oracle: 1 time
220.135.212.6 (220-135-212-6.HINET-IP.hinet.net): 3 times
ant: 1 time
office: 1 time
pc: 1 time
222.169.224.67: 1 time
sales: 1 time

Login attempted when not in AllowUsers list:
root : 4 Time(s)

Refused incoming connections:
174.122.67.72 (174.122.67.72): 1 Time(s)
202.136.120.3 (202.136.120.3): 1 Time(s)
74.63.255.77 (74.63.255.77): 1 Time(s)

**Unmatched Entries**
reverse mapping checking getaddrinfo for 48.43.7aae.static.theplanet.com [174.122.67.72] failed - POSSIBLE BREAK-IN ATTEMPT! : 6 time(s)
reverse mapping checking getaddrinfo for srv5-74-63-255-77.vpswow.com [74.63.255.77] failed - POSSIBLE BREAK-IN ATTEMPT! : 8 time(s)

---------------------- SSHD End -------------------------
0

LVL 11

Expert Comment

ID: 33644491
The totals from logwatch:

--------------------- pam_unix Begin ------------------------

cron:
Sessions Opened:
root: 2262 Time(s)

passwd:
marco: 1 Time(s)

sshd:
Authentication Failures:
unknown (74.63.255.77): 8 Time(s)
unknown (202.136.120.3): 6 Time(s)
unknown (174.122.67.72): 5 Time(s)
root (202.57.42.162): 3 Time(s)
unknown (220-135-212-6.hinet-ip.hinet.net): 3 Time(s)
marco (removed): 1 Time(s)
root (174.122.67.72): 1 Time(s)
unknown (222.169.224.67): 1 Time(s)
unknown (58.49.104.164): 1 Time(s)
Invalid Users:
Unknown Account: 24 Time(s)
Sessions Opened:
hennie: 2 Time(s)
marco: 1 Time(s)

---------------------- pam_unix End -------------------------
0

LVL 15

Author Closing Comment

ID: 33646940
Perfect! Thanks again pepr
0

LVL 29

Expert Comment

ID: 33648757
I am glad that I could help ;)  Have a nice time.
0

## Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…