Solved

Script to return user with most logons

Posted on 2010-09-09
6
318 Views
Last Modified: 2012-05-10
Given this text file as input and using a shell or python script how would you ouput the Username with the highest Login Count, in this case Username Carl Hilton
    Username        : Administrator [500]

    Last Login Date : Fri Oct 12 14:45:16 2007 Z

    Login Count     : 6

    Username        : Guest [501]

    Last Login Date : Thu Jan  1 00:00:00 1970 Z

    Login Count     : 0

    Username        : Walter [1000]

    Last Login Date : Wed Sep  1 00:27:45 2010 Z

    Login Count     : 57

    Username        : Carl Hilton [1001]

    Last Login Date : Tue Sep  7 03:42:43 2010 Z

    Login Count     : 328

    Username        : __vmware_user__ [1003]

    Last Login Date : Tue Sep  7 03:43:00 2010 Z

    Login Count     : 303

Open in new window

0
Comment
Question by:veedar
  • 3
  • 2
6 Comments
 
LVL 28

Accepted Solution

by:
pepr earned 500 total points
ID: 33643995
Try the following. Modify the filename -- here the data.txt.
import re

rexUsername = re.compile(r'^\s*Username\s*:\s*(.+?)\s*\[')
rexLoginCount = re.compile(r'^\s*Login\s+Count\s*:\s*(\d+)\s*$')


# Build the list of tuples (user, count)
status = 0        # ...of the finite automaton
user = 'unknown'  # init
count = -1        # init
ucList = []       # list of tuples (user, count)
f = open('data.txt')

for line in f:
    if status == 0 :
        m = rexUsername.match(line)
        if m:
            user = m.group(1)        
            status = 1
    elif status == 1:
        m = rexLoginCount.match(line)
        if m:
            count = int(m.group(1))
            ucList.append( (user, count) )
            status = 0
f.close()
##print ucList

# Now sort the list by the second element of the tuples.
ucList.sort(key=lambda x: x[1], reverse=True)
##print ucList

# The first element has the biggest count.
t = ucList[0]
print t[0], t[1]

Open in new window

0
 
LVL 28

Expert Comment

by:pepr
ID: 33644034
In this special case it can be simplified -- no need for the finite automaton.  Each username line will remember the user name, each count line will build the tuple with the information and appends to the list.

Generally (if the task COULD become more complex), it is better to stick with the finite automaton as it can be easily modified.
import re

rexUsername = re.compile(r'^\s*Username\s*:\s*(.+?)\s*\[')
rexLoginCount = re.compile(r'^\s*Login\s+Count\s*:\s*(\d+)\s*$')


# Build the list of tuples (user, count)
user = 'unknown'  # init
count = -1        # init
ucList = []       # list of tuples (user, count)
f = open('data.txt')

for line in f:
    m = rexUsername.match(line)
    if m:
        user = m.group(1)        

    m = rexLoginCount.match(line)
    if m:
        count = int(m.group(1))
        ucList.append( (user, count) )  # when count, generate the tuple
f.close()
##print ucList

# Now sort the list by the second element of the tuples.
ucList.sort(key=lambda x: x[1], reverse=True)
##print ucList

# The first element has the biggest count.
t = ucList[0]
print t[0], t[1]

Open in new window

0
 
LVL 11

Expert Comment

by:Pieter Jordaan
ID: 33644470
Hi

Have a look at logwatch. It is a brilliant log analyzer that can be configured to send you a daily report.
The ssh output is awesome.

Here is my output for yesterday, which shows only the ssh part. It also looks at other logs including email and kernel logs.
This is running on ubuntu 9, but I also have it installed on fedora core and freebsd.

--------------------- SSHD Begin ------------------------

 
 Didn't receive an ident from these IPs:
    174.122.67.72 (48.43.7aae.static.theplanet.com): 1 Time(s)
    202.136.120.3: 1 Time(s)
    220.135.212.6 (220-135-212-6.HINET-IP.hinet.net): 1 Time(s)
    222.169.224.67: 1 Time(s)
    58.49.104.164: 1 Time(s)
    74.63.255.77 (SRV5-74-63-255-77.VPSWOW.COM): 1 Time(s)
 
 Failed logins from:
    [removed]: 2 times
       marco/password: 2 times

Illegal users from:
    58.49.104.164: 1 time
       staff: 1 time
    74.63.255.77 (SRV5-74-63-255-77.VPSWOW.COM): 8 times
       david: 2 times
       ant: 1 time
       bureau: 1 time
       jasmin: 1 time
       laura: 1 time
       office: 1 time
       pc: 1 time
    174.122.67.72 (48.43.7aae.static.theplanet.com): 6 times
       admin: 1 time
       fluffy: 1 time
       root: 1 time
       sifak: 1 time
       slasher: 1 time
       test: 1 time
    202.57.42.162: 3 times
       root: 3 times
    202.136.120.3: 6 times
       teamspeak: 2 times
       ts: 2 times
       nagios: 1 time
       oracle: 1 time
    220.135.212.6 (220-135-212-6.HINET-IP.hinet.net): 3 times
       ant: 1 time
       office: 1 time
       pc: 1 time
    222.169.224.67: 1 time
       sales: 1 time
 
 Login attempted when not in AllowUsers list:
    root : 4 Time(s)

 Refused incoming connections:
       174.122.67.72 (174.122.67.72): 1 Time(s)
       202.136.120.3 (202.136.120.3): 1 Time(s)
       74.63.255.77 (74.63.255.77): 1 Time(s)
 
 **Unmatched Entries**
 reverse mapping checking getaddrinfo for 48.43.7aae.static.theplanet.com [174.122.67.72] failed - POSSIBLE BREAK-IN ATTEMPT! : 6 time(s)
 reverse mapping checking getaddrinfo for srv5-74-63-255-77.vpswow.com [74.63.255.77] failed - POSSIBLE BREAK-IN ATTEMPT! : 8 time(s)
 
 ---------------------- SSHD End -------------------------
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 11

Expert Comment

by:Pieter Jordaan
ID: 33644491
The totals from logwatch:

--------------------- pam_unix Begin ------------------------

 cron:
    Sessions Opened:
       root: 2262 Time(s)
 
 passwd:
    Password changed:
       marco: 1 Time(s)
 
 sshd:
    Authentication Failures:
       unknown (74.63.255.77): 8 Time(s)
       unknown (202.136.120.3): 6 Time(s)
       unknown (174.122.67.72): 5 Time(s)
       root (202.57.42.162): 3 Time(s)
       unknown (220-135-212-6.hinet-ip.hinet.net): 3 Time(s)
       marco (removed): 1 Time(s)
       root (174.122.67.72): 1 Time(s)
       unknown (222.169.224.67): 1 Time(s)
       unknown (58.49.104.164): 1 Time(s)
    Invalid Users:
       Unknown Account: 24 Time(s)
    Sessions Opened:
       hennie: 2 Time(s)
       marco: 1 Time(s)
 
 
 ---------------------- pam_unix End -------------------------
0
 
LVL 15

Author Closing Comment

by:veedar
ID: 33646940
Perfect! Thanks again pepr
0
 
LVL 28

Expert Comment

by:pepr
ID: 33648757
I am glad that I could help ;)  Have a nice time.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
Recently, an awarded photographer, Selina De Maeyer (http://www.selinademaeyer.com/), completed a photo shoot of a beautiful event (http://www.sintjacobantwerpen.be/verslag-en-fotoreportage-van-de-sacramentsprocessie-door-antwerpen#thumbnails) in An…
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now