veedar
asked on
Script to return user with most logons
Given this text file as input and using a shell or python script how would you ouput the Username with the highest Login Count, in this case Username Carl Hilton
Username : Administrator [500]
Last Login Date : Fri Oct 12 14:45:16 2007 Z
Login Count : 6
Username : Guest [501]
Last Login Date : Thu Jan 1 00:00:00 1970 Z
Login Count : 0
Username : Walter [1000]
Last Login Date : Wed Sep 1 00:27:45 2010 Z
Login Count : 57
Username : Carl Hilton [1001]
Last Login Date : Tue Sep 7 03:42:43 2010 Z
Login Count : 328
Username : __vmware_user__ [1003]
Last Login Date : Tue Sep 7 03:43:00 2010 Z
Login Count : 303
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi
Have a look at logwatch. It is a brilliant log analyzer that can be configured to send you a daily report.
The ssh output is awesome.
Here is my output for yesterday, which shows only the ssh part. It also looks at other logs including email and kernel logs.
This is running on ubuntu 9, but I also have it installed on fedora core and freebsd.
--------------------- SSHD Begin ------------------------
Didn't receive an ident from these IPs:
174.122.67.72 (48.43.7aae.static.theplan et.com): 1 Time(s)
202.136.120.3: 1 Time(s)
220.135.212.6 (220-135-212-6.HINET-IP.hi net.net): 1 Time(s)
222.169.224.67: 1 Time(s)
58.49.104.164: 1 Time(s)
74.63.255.77 (SRV5-74-63-255-77.VPSWOW. COM): 1 Time(s)
Failed logins from:
[removed]: 2 times
marco/password: 2 times
Illegal users from:
58.49.104.164: 1 time
staff: 1 time
74.63.255.77 (SRV5-74-63-255-77.VPSWOW. COM): 8 times
david: 2 times
ant: 1 time
bureau: 1 time
jasmin: 1 time
laura: 1 time
office: 1 time
pc: 1 time
174.122.67.72 (48.43.7aae.static.theplan et.com): 6 times
admin: 1 time
fluffy: 1 time
root: 1 time
sifak: 1 time
slasher: 1 time
test: 1 time
202.57.42.162: 3 times
root: 3 times
202.136.120.3: 6 times
teamspeak: 2 times
ts: 2 times
nagios: 1 time
oracle: 1 time
220.135.212.6 (220-135-212-6.HINET-IP.hi net.net): 3 times
ant: 1 time
office: 1 time
pc: 1 time
222.169.224.67: 1 time
sales: 1 time
Login attempted when not in AllowUsers list:
root : 4 Time(s)
Refused incoming connections:
174.122.67.72 (174.122.67.72): 1 Time(s)
202.136.120.3 (202.136.120.3): 1 Time(s)
74.63.255.77 (74.63.255.77): 1 Time(s)
**Unmatched Entries**
reverse mapping checking getaddrinfo for 48.43.7aae.static.theplane t.com [174.122.67.72] failed - POSSIBLE BREAK-IN ATTEMPT! : 6 time(s)
reverse mapping checking getaddrinfo for srv5-74-63-255-77.vpswow.c om [74.63.255.77] failed - POSSIBLE BREAK-IN ATTEMPT! : 8 time(s)
---------------------- SSHD End -------------------------
Have a look at logwatch. It is a brilliant log analyzer that can be configured to send you a daily report.
The ssh output is awesome.
Here is my output for yesterday, which shows only the ssh part. It also looks at other logs including email and kernel logs.
This is running on ubuntu 9, but I also have it installed on fedora core and freebsd.
--------------------- SSHD Begin ------------------------
Didn't receive an ident from these IPs:
174.122.67.72 (48.43.7aae.static.theplan
202.136.120.3: 1 Time(s)
220.135.212.6 (220-135-212-6.HINET-IP.hi
222.169.224.67: 1 Time(s)
58.49.104.164: 1 Time(s)
74.63.255.77 (SRV5-74-63-255-77.VPSWOW.
Failed logins from:
[removed]: 2 times
marco/password: 2 times
Illegal users from:
58.49.104.164: 1 time
staff: 1 time
74.63.255.77 (SRV5-74-63-255-77.VPSWOW.
david: 2 times
ant: 1 time
bureau: 1 time
jasmin: 1 time
laura: 1 time
office: 1 time
pc: 1 time
174.122.67.72 (48.43.7aae.static.theplan
admin: 1 time
fluffy: 1 time
root: 1 time
sifak: 1 time
slasher: 1 time
test: 1 time
202.57.42.162: 3 times
root: 3 times
202.136.120.3: 6 times
teamspeak: 2 times
ts: 2 times
nagios: 1 time
oracle: 1 time
220.135.212.6 (220-135-212-6.HINET-IP.hi
ant: 1 time
office: 1 time
pc: 1 time
222.169.224.67: 1 time
sales: 1 time
Login attempted when not in AllowUsers list:
root : 4 Time(s)
Refused incoming connections:
174.122.67.72 (174.122.67.72): 1 Time(s)
202.136.120.3 (202.136.120.3): 1 Time(s)
74.63.255.77 (74.63.255.77): 1 Time(s)
**Unmatched Entries**
reverse mapping checking getaddrinfo for 48.43.7aae.static.theplane
reverse mapping checking getaddrinfo for srv5-74-63-255-77.vpswow.c
---------------------- SSHD End -------------------------
The totals from logwatch:
--------------------- pam_unix Begin ------------------------
cron:
Sessions Opened:
root: 2262 Time(s)
passwd:
Password changed:
marco: 1 Time(s)
sshd:
Authentication Failures:
unknown (74.63.255.77): 8 Time(s)
unknown (202.136.120.3): 6 Time(s)
unknown (174.122.67.72): 5 Time(s)
root (202.57.42.162): 3 Time(s)
unknown (220-135-212-6.hinet-ip.hi net.net): 3 Time(s)
marco (removed): 1 Time(s)
root (174.122.67.72): 1 Time(s)
unknown (222.169.224.67): 1 Time(s)
unknown (58.49.104.164): 1 Time(s)
Invalid Users:
Unknown Account: 24 Time(s)
Sessions Opened:
hennie: 2 Time(s)
marco: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- pam_unix Begin ------------------------
cron:
Sessions Opened:
root: 2262 Time(s)
passwd:
Password changed:
marco: 1 Time(s)
sshd:
Authentication Failures:
unknown (74.63.255.77): 8 Time(s)
unknown (202.136.120.3): 6 Time(s)
unknown (174.122.67.72): 5 Time(s)
root (202.57.42.162): 3 Time(s)
unknown (220-135-212-6.hinet-ip.hi
marco (removed): 1 Time(s)
root (174.122.67.72): 1 Time(s)
unknown (222.169.224.67): 1 Time(s)
unknown (58.49.104.164): 1 Time(s)
Invalid Users:
Unknown Account: 24 Time(s)
Sessions Opened:
hennie: 2 Time(s)
marco: 1 Time(s)
---------------------- pam_unix End -------------------------
ASKER
Perfect! Thanks again pepr
I am glad that I could help ;) Have a nice time.
Generally (if the task COULD become more complex), it is better to stick with the finite automaton as it can be easily modified.
Open in new window