OSX, security apple script that detects, logs, and emails all remote login instances

I need some help writing a short script that detects, logs, and emails all remote login instances; showing who remotely logs in, IP address if possible, and what files or applications were accessed. This log file will then be emailed to me.  There could be two emails. One when they first log in (showing who login and the time they login); a second email would be generated when they log out (showing files and applications that were accessed). Apple script or some shell script would be best... something real simple, if possible. No off-the-shelf logger appz.   I am fairly new to Unix/Mac
prophytAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ahoffmannCommented:
some questions:
  1) the script should run on the server where to check?
  2) the serveis OSX?
  3) to monitor "what files or applications were accessed" you have enabled some kind of monitor software, which one?
0
prophytAuthor Commented:
Hello,
The script should be on the same computer.  The computer runs OSX.  I'm not using any software.
0
ahoffmannCommented:
> .. emails all remote login instances; showing who remotely logs in, IP address ... login ... log out
    grep ssh /var/log/secure.log | mail -s "remote login" you@some.tld

> .. what files or applications were accessed
for that you need to enable accounting, I'm not sure if this can be done in the GUI (System Control) for each user, in a shell you (as root) usualy do like:

   touch var/account/acct
   /System/Library/StartupItems/Accounting/Accounting start

then (as root) you can use:

   lastcomm user-to-be-shown

Example to check user foo

  lastcomm foo|mail -s "access foo" you@some.tld
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
prophytAuthor Commented:
ahoffmann sorry for the delay....
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.