AIX 5.3.12 Script Last Login Across Network

What do you use right now to access the various hosts?  I'm hoping SSH and that you have your keys set up along with an 'authorized_hosts' file (and that you've turned on ForwardAgent)

Yes I am using ssh.  I will have to check on the other setup. It should be in place though.

Well, you shouldn't need root access.  What you *do* need is a file of all the servers you want to dump to your file.  Lets say this file is just named "servers" and is stored in your home directory.  You'll want a 'master' copy of this file in a safe location as well.

For example, you decide to place your "servers" file in a directory named "etc" on all of the hosts.  On your workstation, or even, let's say server 'A' you create a directory called "master" and you have a "safe" copy of "servers" file in this directory (ie - you do NOT want to store your master in "etc").  So, on server A, in ~/master/servers, you'll have a list of hostnames:

A
B
C
D
E

First thing to do, create the 'etc' directory on all of these.  We'll create a script later, but for now, right from the command line, we can do:

for serv in `cat ~/master/servers`
do
   echo $serv
   ssh $serv 'mkdir etc'
done

Select all Open in new window

If you have *not* SSH'ed into some of these hosts, you may be prompted to store their key.  If it were me, I would set up my SSH with an "authorized_keys" file so I don't need to type in my keyphrase for each host (search the web on how to set this up - its easy).

Then, we copy our master 'server' file to all of our hosts (note: these command still should work even if we are on server A)

for serv in `cat ~/master/servers`
do
   echo $serv
   scp ~/master/servers $serv:etc
done

Select all Open in new window

Okay... now we have our "master" file everything.  We can now create a script that let us go off to *all* of the hosts from *any* of the hosts (once we've done the 2 above steps, we can run the following anywhere).

Our script to gather last login data.  I'll try to get this as close to what you want as possible.  Put the following in a shell script named "gatherlast":

#!/bin/bash
for serv in `cat ~/etc/servers`
do
  ssh $serv 'last' | \
    egrep -v "^(reboot|shutdown|root|your_username|other_admin_username)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "$serv,%"
done

Select all Open in new window

Then, on any machine, you would run:

gatherlast > lastlog.csv

The output should look something like this:

hostname,nemws1,Mon May 7,23:30
hostname,nemws1,Wed May 2,10:09
hostname,nemws1,Wed May 2,08:50
hostname,nemws1,Tue May 1,16:30


Be careful though, sometimes 'last' produces some odd output.  I'm assuming you do NOT need to be root to run 'last' on these hosts.  If you do, that'll kind of suck, since you'll have to type in your password for 'sudo' 200 times.  If you want to get around that, you'd have to set up a cron job on each server to dump out the data from 'last' to file that is readable by you (easily done, actually)

Hi nemws1

I setup 3 boxes to test your solution on and cant get it to work. I manually created a master file on 1 box with the 3 box numbers I want to use. Then I created files on each box called /master/store_numbers.

mkdir master
cd master
mkdir store_numbers
cd store_numbers
touch 1234
touch 2345
touch 3456

Then I logged on to one of the boxes and  ran put your script in a file

#!/bin/bash
for serv in `cat ~/master/store_numbers`
do
  ssh $serv 'last' | \
    egrep -v "^(reboot|shutdown|root|me_id|me2_id)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "$serv,%"
done

Whenever I tired to run gatherlast > lastlog.csv, I get ¦/tmp/xxx1-3xxa: gatherlast: not found.

'store_numbers' should be a plain-text file with a server-name per line, not a directory with one server-per-file.

As for the last-line, error, you need to run your script as:

./gatherlast > lastlog.csv

and *not*:

gatherlast > lastlog.csv

See the difference?  Your current directory is *NOT* in your path.  This is considered to be a good/secure thing to do. :)

I deleted the directory store_numbers and created a store_nubmers.txt file with vi and included the three box numbers. I also changed two lines of the script from serv to xxxx to match 4 characters i have to use when logging into a box. for ex. 'xxxx.1111' is the box name.


#!/bin/bash
for xxxx in `cat ~/master/store_numbers`
do
  ssh xxxx.$1 'last' | \
    egrep -v "^(reboot|shutdown|root|me1xxxx|me2xxxx)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "xxxx.$1,%"
done


I get
XXXX.1111:/home/mexxxx-> ./gatherlast > lastlog.csv
ksh: ./gatherlast: 0403-006 Execute permission denied.

 /tmp/yyyy-yyyy: gatherlast: not found.


I am probably doing something really obviously to you but I cant figure it out. Cant make it work.

No biggie. ;-)  I'll take the blame, since this stuff is obvious to me, but less so to others. ;-)

If you named your text file 'store_numbers.txt', we should reflect that in the script.  Change line 2 to:

for xxxx in `cat ~/master/store_numbers.txt`

Lastly, we just need to make this script "executable".  Run this:

chmod +x gatherlast

in "/home/mexxxx" and then try it again:

./gatherlast > lastlog.csv

Hi nemws1,

Hey I wanted to let you know I apprerciate your help.

I made the change but could not get it to work. So I made other changes and got information to come up but not so much as in what I as looking for.  Here is what I got to give me some info.

#!/bin/bash
for i in $(cat master/store_numbers)
do
  ssh -o BatchMode=yes isp1.$i 'last'

    egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "isp1.$i,%"
done


This brought me back alot of information from last. It did not exclude the usernames that I listed in the line 'egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
'. It also didnt list the store_numbers so I cant tell what login is for what box and if it is only for the same box or what. Where did I go wrong?

Missing one thing and I see a bug in my old code as well.  New code, with comments:

#!/bin/bash
for i in $(cat master/store_numbers)
do
    # this next line was missing "| \"
    # the awk line had the "|" "\" switched around (my bad)
    ssh -o BatchMode=yes isp1.$i 'last' | \
    egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
    awk '{print $1","$4" "$5" "$6","$7}' | \
    xargs -I% echo "isp1.$i,%"
done

Select all Open in new window

Ok, this works I only have two issues. For each box it is showing me 60 entires and i only need one or 2. I also want the duration of time they were logged in shown from last. It shows me everything else I need except that . Can that be tweaked?

I'm not sure what you're asking with your second question.  Can you give me an example of the output you're receiving and an example of what you want?

To fix your first part, we would just do a 'head' in the loop part of our script:

    ssh -o BatchMode=yes isp1.$i 'last' | \
    egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
    awk '{print $1","$4" "$5" "$6","$7}' | \
    head -2 | \
    xargs -I% echo "isp1.$i,%"

Select all Open in new window

When I run last I can not only see the time they logged in but the time they logged out and how many minutes they were logged in. I need to find out if someone logged in just to be logging in but not really using the server. Right now I get everything I need except the amount of time they logged in. I dont need to know the time they logged out as long as I have the minutes.

for example I get '' '' '' May 23 1300 -   when I run the script now
If I run last without the script I get '' '' '' May 23 1300 - 1301 (00:01)
I would like to get '' '' '' May 23 1300 (00:01)
('' = all the stuff that suppose to be there)

I dont know if that is possible or is it that im just not getting all of last when the script runs for some other reason.

I changed $7 to $8 and $10 to $9 and it works perfectly. Thanks so much for your help on this.

Very quick with responses and very helpful throughout all my newbie questions. Thanks alot!

You're welcome.  Happy auditing of who is logging into your servers! ;-)