asked on AIX 5.3.12 Script Last Login Across Network
Hello everyone,
I need a script that will give me the last user information (username, date and time only) for over 200 servers across the network. What I am trying to do is track user activity on the server. I would like to be able to have this information dumped into a file which I can export into a spreadsheet. I want to run this script from any box that I log into. I will be able to run it with root access. I also need to be able to exclude certain users as a few users like myself log into boxes just to see when the last time owners have used it. Output should be
servername username date time
I am new to scripting so I dont have a clue where to start.
Can someone please help. AIX 5.3.12 - Shell Script
I need a script that will give me the last user information (username, date and time only) for over 200 servers across the network. What I am trying to do is track user activity on the server. I would like to be able to have this information dumped into a file which I can export into a spreadsheet. I want to run this script from any box that I log into. I will be able to run it with root access. I also need to be able to exclude certain users as a few users like myself log into boxes just to see when the last time owners have used it. Output should be
servername username date time
I am new to scripting so I dont have a clue where to start.
Can someone please help. AIX 5.3.12 - Shell Script
Unix OSShell Scripting
Last Comment
Nem Schlecht
What do you use right now to access the various hosts? I'm hoping SSH and that you have your keys set up along with an 'authorized_hosts' file (and that you've turned on ForwardAgent)
ASKER
Yes I am using ssh. I will have to check on the other setup. It should be in place though.
Well, you shouldn't need root access. What you *do* need is a file of all the servers you want to dump to your file. Lets say this file is just named "servers" and is stored in your home directory. You'll want a 'master' copy of this file in a safe location as well.
For example, you decide to place your "servers" file in a directory named "etc" on all of the hosts. On your workstation, or even, let's say server 'A' you create a directory called "master" and you have a "safe" copy of "servers" file in this directory (ie - you do NOT want to store your master in "etc"). So, on server A, in ~/master/servers, you'll have a list of hostnames:
A
B
C
D
E
First thing to do, create the 'etc' directory on all of these. We'll create a script later, but for now, right from the command line, we can do:
If you have *not* SSH'ed into some of these hosts, you may be prompted to store their key. If it were me, I would set up my SSH with an "authorized_keys" file so I don't need to type in my keyphrase for each host (search the web on how to set this up - its easy).
Then, we copy our master 'server' file to all of our hosts (note: these command still should work even if we are on server A)
Okay... now we have our "master" file everything. We can now create a script that let us go off to *all* of the hosts from *any* of the hosts (once we've done the 2 above steps, we can run the following anywhere).
Our script to gather last login data. I'll try to get this as close to what you want as possible. Put the following in a shell script named "gatherlast":
Then, on any machine, you would run:
gatherlast > lastlog.csv
The output should look something like this:
hostname,nemws1,Mon May 7,23:30
hostname,nemws1,Wed May 2,10:09
hostname,nemws1,Wed May 2,08:50
hostname,nemws1,Tue May 1,16:30
Be careful though, sometimes 'last' produces some odd output. I'm assuming you do NOT need to be root to run 'last' on these hosts. If you do, that'll kind of suck, since you'll have to type in your password for 'sudo' 200 times. If you want to get around that, you'd have to set up a cron job on each server to dump out the data from 'last' to file that is readable by you (easily done, actually)
For example, you decide to place your "servers" file in a directory named "etc" on all of the hosts. On your workstation, or even, let's say server 'A' you create a directory called "master" and you have a "safe" copy of "servers" file in this directory (ie - you do NOT want to store your master in "etc"). So, on server A, in ~/master/servers, you'll have a list of hostnames:
A
B
C
D
E
First thing to do, create the 'etc' directory on all of these. We'll create a script later, but for now, right from the command line, we can do:
for serv in `cat ~/master/servers`
do
echo $serv
ssh $serv 'mkdir etc'
done
If you have *not* SSH'ed into some of these hosts, you may be prompted to store their key. If it were me, I would set up my SSH with an "authorized_keys" file so I don't need to type in my keyphrase for each host (search the web on how to set this up - its easy).
Then, we copy our master 'server' file to all of our hosts (note: these command still should work even if we are on server A)
for serv in `cat ~/master/servers`
do
echo $serv
scp ~/master/servers $serv:etc
done
Okay... now we have our "master" file everything. We can now create a script that let us go off to *all* of the hosts from *any* of the hosts (once we've done the 2 above steps, we can run the following anywhere).
Our script to gather last login data. I'll try to get this as close to what you want as possible. Put the following in a shell script named "gatherlast":
#!/bin/bash
for serv in `cat ~/etc/servers`
do
ssh $serv 'last' | \
egrep -v "^(reboot|shutdown|root|your_username|other_admin_username)" | \
awk '{print $1","$4" "$5" "$6","$7}' \ |
xargs -I% echo "$serv,%"
done
Then, on any machine, you would run:
gatherlast > lastlog.csv
The output should look something like this:
hostname,nemws1,Mon May 7,23:30
hostname,nemws1,Wed May 2,10:09
hostname,nemws1,Wed May 2,08:50
hostname,nemws1,Tue May 1,16:30
Be careful though, sometimes 'last' produces some odd output. I'm assuming you do NOT need to be root to run 'last' on these hosts. If you do, that'll kind of suck, since you'll have to type in your password for 'sudo' 200 times. If you want to get around that, you'd have to set up a cron job on each server to dump out the data from 'last' to file that is readable by you (easily done, actually)
ASKER
Hi nemws1
I setup 3 boxes to test your solution on and cant get it to work. I manually created a master file on 1 box with the 3 box numbers I want to use. Then I created files on each box called /master/store_numbers.
mkdir master
cd master
mkdir store_numbers
cd store_numbers
touch 1234
touch 2345
touch 3456
Then I logged on to one of the boxes and ran put your script in a file
#!/bin/bash
for serv in `cat ~/master/store_numbers`
do
ssh $serv 'last' | \
egrep -v "^(reboot|shutdown|root|me
awk '{print $1","$4" "$5" "$6","$7}' \ |
xargs -I% echo "$serv,%"
done
Whenever I tired to run gatherlast > lastlog.csv, I get ¦/tmp/xxx1-3xxa: gatherlast: not found.
I setup 3 boxes to test your solution on and cant get it to work. I manually created a master file on 1 box with the 3 box numbers I want to use. Then I created files on each box called /master/store_numbers.
mkdir master
cd master
mkdir store_numbers
cd store_numbers
touch 1234
touch 2345
touch 3456
Then I logged on to one of the boxes and ran put your script in a file
#!/bin/bash
for serv in `cat ~/master/store_numbers`
do
ssh $serv 'last' | \
egrep -v "^(reboot|shutdown|root|me
awk '{print $1","$4" "$5" "$6","$7}' \ |
xargs -I% echo "$serv,%"
done
Whenever I tired to run gatherlast > lastlog.csv, I get ¦/tmp/xxx1-3xxa: gatherlast: not found.
'store_numbers' should be a plain-text file with a server-name per line, not a directory with one server-per-file.
As for the last-line, error, you need to run your script as:
./gatherlast > lastlog.csv
and *not*:
gatherlast > lastlog.csv
See the difference? Your current directory is *NOT* in your path. This is considered to be a good/secure thing to do. :)
As for the last-line, error, you need to run your script as:
./gatherlast > lastlog.csv
and *not*:
gatherlast > lastlog.csv
See the difference? Your current directory is *NOT* in your path. This is considered to be a good/secure thing to do. :)
ASKER
I deleted the directory store_numbers and created a store_nubmers.txt file with vi and included the three box numbers. I also changed two lines of the script from serv to xxxx to match 4 characters i have to use when logging into a box. for ex. 'xxxx.1111' is the box name.
#!/bin/bash
for xxxx in `cat ~/master/store_numbers`
do
ssh xxxx.$1 'last' | \
egrep -v "^(reboot|shutdown|root|me
awk '{print $1","$4" "$5" "$6","$7}' \ |
xargs -I% echo "xxxx.$1,%"
done
I get
XXXX.1111:/home/mexxxx-> ./gatherlast > lastlog.csv
ksh: ./gatherlast: 0403-006 Execute permission denied.
/tmp/yyyy-yyyy: gatherlast: not found.
I am probably doing something really obviously to you but I cant figure it out. Cant make it work.
#!/bin/bash
for xxxx in `cat ~/master/store_numbers`
do
ssh xxxx.$1 'last' | \
egrep -v "^(reboot|shutdown|root|me
awk '{print $1","$4" "$5" "$6","$7}' \ |
xargs -I% echo "xxxx.$1,%"
done
I get
XXXX.1111:/home/mexxxx-> ./gatherlast > lastlog.csv
ksh: ./gatherlast: 0403-006 Execute permission denied.
/tmp/yyyy-yyyy: gatherlast: not found.
I am probably doing something really obviously to you but I cant figure it out. Cant make it work.
No biggie. ;-) I'll take the blame, since this stuff is obvious to me, but less so to others. ;-)
If you named your text file 'store_numbers.txt', we should reflect that in the script. Change line 2 to:
for xxxx in `cat ~/master/store_numbers.txt
Lastly, we just need to make this script "executable". Run this:
chmod +x gatherlast
in "/home/mexxxx" and then try it again:
./gatherlast > lastlog.csv
If you named your text file 'store_numbers.txt', we should reflect that in the script. Change line 2 to:
for xxxx in `cat ~/master/store_numbers.txt
Lastly, we just need to make this script "executable". Run this:
chmod +x gatherlast
in "/home/mexxxx" and then try it again:
./gatherlast > lastlog.csv
ASKER
Hi nemws1,
Hey I wanted to let you know I apprerciate your help.
I made the change but could not get it to work. So I made other changes and got information to come up but not so much as in what I as looking for. Here is what I got to give me some info.
#!/bin/bash
for i in $(cat master/store_numbers)
do
ssh -o BatchMode=yes isp1.$i 'last'
egrep -v "^(reboot|shutdown|root|no
awk '{print $1","$4" "$5" "$6","$7}' \ |
xargs -I% echo "isp1.$i,%"
done
This brought me back alot of information from last. It did not exclude the usernames that I listed in the line 'egrep -v "^(reboot|shutdown|root|no
'. It also didnt list the store_numbers so I cant tell what login is for what box and if it is only for the same box or what. Where did I go wrong?
Hey I wanted to let you know I apprerciate your help.
I made the change but could not get it to work. So I made other changes and got information to come up but not so much as in what I as looking for. Here is what I got to give me some info.
#!/bin/bash
for i in $(cat master/store_numbers)
do
ssh -o BatchMode=yes isp1.$i 'last'
egrep -v "^(reboot|shutdown|root|no
awk '{print $1","$4" "$5" "$6","$7}' \ |
xargs -I% echo "isp1.$i,%"
done
This brought me back alot of information from last. It did not exclude the usernames that I listed in the line 'egrep -v "^(reboot|shutdown|root|no
'. It also didnt list the store_numbers so I cant tell what login is for what box and if it is only for the same box or what. Where did I go wrong?
Missing one thing and I see a bug in my old code as well. New code, with comments:
#!/bin/bash
for i in $(cat master/store_numbers)
do
# this next line was missing "| \"
# the awk line had the "|" "\" switched around (my bad)
ssh -o BatchMode=yes isp1.$i 'last' | \
egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
awk '{print $1","$4" "$5" "$6","$7}' | \
xargs -I% echo "isp1.$i,%"
done
ASKER
Ok, this works I only have two issues. For each box it is showing me 60 entires and i only need one or 2. I also want the duration of time they were logged in shown from last. It shows me everything else I need except that . Can that be tweaked?
I'm not sure what you're asking with your second question. Can you give me an example of the output you're receiving and an example of what you want?
To fix your first part, we would just do a 'head' in the loop part of our script:
To fix your first part, we would just do a 'head' in the loop part of our script:
ssh -o BatchMode=yes isp1.$i 'last' | \
egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
awk '{print $1","$4" "$5" "$6","$7}' | \
head -2 | \
xargs -I% echo "isp1.$i,%"
ASKER
When I run last I can not only see the time they logged in but the time they logged out and how many minutes they were logged in. I need to find out if someone logged in just to be logging in but not really using the server. Right now I get everything I need except the amount of time they logged in. I dont need to know the time they logged out as long as I have the minutes.
for example I get '' '' '' May 23 1300 - when I run the script now
If I run last without the script I get '' '' '' May 23 1300 - 1301 (00:01)
I would like to get '' '' '' May 23 1300 (00:01)
('' = all the stuff that suppose to be there)
I dont know if that is possible or is it that im just not getting all of last when the script runs for some other reason.
for example I get '' '' '' May 23 1300 - when I run the script now
If I run last without the script I get '' '' '' May 23 1300 - 1301 (00:01)
I would like to get '' '' '' May 23 1300 (00:01)
('' = all the stuff that suppose to be there)
I dont know if that is possible or is it that im just not getting all of last when the script runs for some other reason.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I changed $7 to $8 and $10 to $9 and it works perfectly. Thanks so much for your help on this.
ASKER
Very quick with responses and very helpful throughout all my newbie questions. Thanks alot!
You're welcome. Happy auditing of who is logging into your servers! ;-)