Solved

AIX 5.3.12 Script Last Login Across Network

Posted on 2013-05-13
16
541 Views
Last Modified: 2013-05-23
Hello everyone,

I need a script that will give me the last user information (username, date and time only) for over 200 servers across the network. What I am trying to do is track user activity on the server. I would like to be able to have this information dumped into a file which I can export into a spreadsheet. I want to run this script from any box that I log into. I will be able to run it with root access. I also need to be able to exclude certain users as a few users like myself log into boxes just to see when the last time owners have used it. Output should be

servername username date time

I am new to scripting so I dont have a clue where to start.

Can someone please help.  AIX 5.3.12  - Shell Script
0
Comment
Question by:Bryant
  • 8
  • 8
16 Comments
 
LVL 23

Expert Comment

by:nemws1
ID: 39162967
What do you use right now to access the various hosts?  I'm hoping SSH and that you have your keys set up along with an 'authorized_hosts' file (and that you've turned on ForwardAgent)
0
 

Author Comment

by:Bryant
ID: 39163560
Yes I am using ssh.  I will have to check on the other setup. It should be in place though.
0
 
LVL 23

Expert Comment

by:nemws1
ID: 39163587
Well, you shouldn't need root access.  What you *do* need is a file of all the servers you want to dump to your file.  Lets say this file is just named "servers" and is stored in your home directory.  You'll want a 'master' copy of this file in a safe location as well.

For example, you decide to place your "servers" file in a directory named "etc" on all of the hosts.  On your workstation, or even, let's say server 'A' you create a directory called "master" and you have a "safe" copy of "servers" file in this directory (ie - you do NOT want to store your master in "etc").  So, on server A, in ~/master/servers, you'll have a list of hostnames:

A
B
C
D
E

First thing to do, create the 'etc' directory on all of these.  We'll create a script later, but for now, right from the command line, we can do:

for serv in `cat ~/master/servers`
do
   echo $serv
   ssh $serv 'mkdir etc'
done

Open in new window


If you have *not* SSH'ed into some of these hosts, you may be prompted to store their key.  If it were me, I would set up my SSH with an "authorized_keys" file so I don't need to type in my keyphrase for each host (search the web on how to set this up - its easy).

Then, we copy our master 'server' file to all of our hosts (note: these command still should work even if we are on server A)

for serv in `cat ~/master/servers`
do
   echo $serv
   scp ~/master/servers $serv:etc
done

Open in new window


Okay... now we have our "master" file everything.  We can now create a script that let us go off to *all* of the hosts from *any* of the hosts (once we've done the 2 above steps, we can run the following anywhere).

Our script to gather last login data.  I'll try to get this as close to what you want as possible.  Put the following in a shell script named "gatherlast":

#!/bin/bash
for serv in `cat ~/etc/servers`
do
  ssh $serv 'last' | \
    egrep -v "^(reboot|shutdown|root|your_username|other_admin_username)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "$serv,%"
done

Open in new window


Then, on any machine, you would run:

gatherlast > lastlog.csv

The output should look something like this:

hostname,nemws1,Mon May 7,23:30
hostname,nemws1,Wed May 2,10:09
hostname,nemws1,Wed May 2,08:50
hostname,nemws1,Tue May 1,16:30


Be careful though, sometimes 'last' produces some odd output.  I'm assuming you do NOT need to be root to run 'last' on these hosts.  If you do, that'll kind of suck, since you'll have to type in your password for 'sudo' 200 times.  If you want to get around that, you'd have to set up a cron job on each server to dump out the data from 'last' to file that is readable by you (easily done, actually)
0
 

Author Comment

by:Bryant
ID: 39182531
Hi nemws1

I setup 3 boxes to test your solution on and cant get it to work. I manually created a master file on 1 box with the 3 box numbers I want to use. Then I created files on each box called /master/store_numbers.

mkdir master
cd master
mkdir store_numbers
cd store_numbers
touch 1234
touch 2345
touch 3456

Then I logged on to one of the boxes and  ran put your script in a file

#!/bin/bash
for serv in `cat ~/master/store_numbers`
do
  ssh $serv 'last' | \
    egrep -v "^(reboot|shutdown|root|me_id|me2_id)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "$serv,%"
done

Whenever I tired to run gatherlast > lastlog.csv, I get ¦/tmp/xxx1-3xxa: gatherlast: not found.
0
 
LVL 23

Expert Comment

by:nemws1
ID: 39182564
'store_numbers' should be a plain-text file with a server-name per line, not a directory with one server-per-file.

As for the last-line, error, you need to run your script as:

./gatherlast > lastlog.csv

and *not*:

gatherlast > lastlog.csv

See the difference?  Your current directory is *NOT* in your path.  This is considered to be a good/secure thing to do. :)
0
 

Author Comment

by:Bryant
ID: 39185738
I deleted the directory store_numbers and created a store_nubmers.txt file with vi and included the three box numbers. I also changed two lines of the script from serv to xxxx to match 4 characters i have to use when logging into a box. for ex. 'xxxx.1111' is the box name.


#!/bin/bash
for xxxx in `cat ~/master/store_numbers`
do
  ssh xxxx.$1 'last' | \
    egrep -v "^(reboot|shutdown|root|me1xxxx|me2xxxx)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "xxxx.$1,%"
done


I get
XXXX.1111:/home/mexxxx-> ./gatherlast > lastlog.csv
ksh: ./gatherlast: 0403-006 Execute permission denied.

 /tmp/yyyy-yyyy: gatherlast: not found.


I am probably doing something really obviously to you but I cant figure it out. Cant make it work.
0
 
LVL 23

Expert Comment

by:nemws1
ID: 39185749
No biggie. ;-)  I'll take the blame, since this stuff is obvious to me, but less so to others. ;-)

If you named your text file 'store_numbers.txt', we should reflect that in the script.  Change line 2 to:

for xxxx in `cat ~/master/store_numbers.txt`

Lastly, we just need to make this script "executable".  Run this:

chmod +x gatherlast

in "/home/mexxxx" and then try it again:

./gatherlast > lastlog.csv
0
 

Author Comment

by:Bryant
ID: 39188746
Hi nemws1,

Hey I wanted to let you know I apprerciate your help.

I made the change but could not get it to work. So I made other changes and got information to come up but not so much as in what I as looking for.  Here is what I got to give me some info.

#!/bin/bash
for i in $(cat master/store_numbers)
do
  ssh -o BatchMode=yes isp1.$i 'last'

    egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "isp1.$i,%"
done


This brought me back alot of information from last. It did not exclude the usernames that I listed in the line 'egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
'. It also didnt list the store_numbers so I cant tell what login is for what box and if it is only for the same box or what. Where did I go wrong?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 23

Expert Comment

by:nemws1
ID: 39188892
Missing one thing and I see a bug in my old code as well.  New code, with comments:

#!/bin/bash
for i in $(cat master/store_numbers)
do
    # this next line was missing "| \"
    # the awk line had the "|" "\" switched around (my bad)
    ssh -o BatchMode=yes isp1.$i 'last' | \
    egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
    awk '{print $1","$4" "$5" "$6","$7}' | \
    xargs -I% echo "isp1.$i,%"
done

Open in new window

0
 

Author Comment

by:Bryant
ID: 39189109
Ok, this works I only have two issues. For each box it is showing me 60 entires and i only need one or 2. I also want the duration of time they were logged in shown from last. It shows me everything else I need except that . Can that be tweaked?
0
 
LVL 23

Expert Comment

by:nemws1
ID: 39189146
I'm not sure what you're asking with your second question.  Can you give me an example of the output you're receiving and an example of what you want?

To fix your first part, we would just do a 'head' in the loop part of our script:
    ssh -o BatchMode=yes isp1.$i 'last' | \
    egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
    awk '{print $1","$4" "$5" "$6","$7}' | \
    head -2 | \
    xargs -I% echo "isp1.$i,%"

Open in new window

0
 

Author Comment

by:Bryant
ID: 39190929
When I run last I can not only see the time they logged in but the time they logged out and how many minutes they were logged in. I need to find out if someone logged in just to be logging in but not really using the server. Right now I get everything I need except the amount of time they logged in. I dont need to know the time they logged out as long as I have the minutes.

for example I get '' '' '' May 23 1300 -   when I run the script now
If I run last without the script I get '' '' '' May 23 1300 - 1301 (00:01)
I would like to get '' '' '' May 23 1300 (00:01)
('' = all the stuff that suppose to be there)

I dont know if that is possible or is it that im just not getting all of last when the script runs for some other reason.
0
 
LVL 23

Accepted Solution

by:
nemws1 earned 500 total points
ID: 39190989
Aha.  Gotcha.  We just need to modify the 'awk' command, which is seperating out the stuff for us based on whitespace.  Each $n refers to a new "column" of data.

I think what you want is this:

#!/bin/bash
for i in $(cat master/store_numbers)
do
    ssh -o BatchMode=yes isp1.$i 'last' | \
    egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
    awk '{print $1","$4" "$5" "$6","$7","$10}' | \
    head -2 | \
    xargs -I% echo "isp1.$i,%"
done

Open in new window

0
 

Author Comment

by:Bryant
ID: 39191898
I changed $7 to $8 and $10 to $9 and it works perfectly. Thanks so much for your help on this.
0
 

Author Closing Comment

by:Bryant
ID: 39191900
Very quick with responses and very helpful throughout all my newbie questions. Thanks alot!
0
 
LVL 23

Expert Comment

by:nemws1
ID: 39191922
You're welcome.  Happy auditing of who is logging into your servers! ;-)
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now