Avatar of Bryant
Bryant
Flag for United States of America asked on

AIX 5.3.12 Script Last Login Across Network

Hello everyone,

I need a script that will give me the last user information (username, date and time only) for over 200 servers across the network. What I am trying to do is track user activity on the server. I would like to be able to have this information dumped into a file which I can export into a spreadsheet. I want to run this script from any box that I log into. I will be able to run it with root access. I also need to be able to exclude certain users as a few users like myself log into boxes just to see when the last time owners have used it. Output should be

servername username date time

I am new to scripting so I dont have a clue where to start.

Can someone please help.  AIX 5.3.12  - Shell Script
Unix OSShell Scripting

Avatar of undefined
Last Comment
Nem Schlecht

8/22/2022 - Mon
Nem Schlecht

What do you use right now to access the various hosts?  I'm hoping SSH and that you have your keys set up along with an 'authorized_hosts' file (and that you've turned on ForwardAgent)
Bryant

ASKER
Yes I am using ssh.  I will have to check on the other setup. It should be in place though.
Nem Schlecht

Well, you shouldn't need root access.  What you *do* need is a file of all the servers you want to dump to your file.  Lets say this file is just named "servers" and is stored in your home directory.  You'll want a 'master' copy of this file in a safe location as well.

For example, you decide to place your "servers" file in a directory named "etc" on all of the hosts.  On your workstation, or even, let's say server 'A' you create a directory called "master" and you have a "safe" copy of "servers" file in this directory (ie - you do NOT want to store your master in "etc").  So, on server A, in ~/master/servers, you'll have a list of hostnames:

A
B
C
D
E

First thing to do, create the 'etc' directory on all of these.  We'll create a script later, but for now, right from the command line, we can do:

for serv in `cat ~/master/servers`
do
   echo $serv
   ssh $serv 'mkdir etc'
done

Open in new window


If you have *not* SSH'ed into some of these hosts, you may be prompted to store their key.  If it were me, I would set up my SSH with an "authorized_keys" file so I don't need to type in my keyphrase for each host (search the web on how to set this up - its easy).

Then, we copy our master 'server' file to all of our hosts (note: these command still should work even if we are on server A)

for serv in `cat ~/master/servers`
do
   echo $serv
   scp ~/master/servers $serv:etc
done

Open in new window


Okay... now we have our "master" file everything.  We can now create a script that let us go off to *all* of the hosts from *any* of the hosts (once we've done the 2 above steps, we can run the following anywhere).

Our script to gather last login data.  I'll try to get this as close to what you want as possible.  Put the following in a shell script named "gatherlast":

#!/bin/bash
for serv in `cat ~/etc/servers`
do
  ssh $serv 'last' | \
    egrep -v "^(reboot|shutdown|root|your_username|other_admin_username)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "$serv,%"
done

Open in new window


Then, on any machine, you would run:

gatherlast > lastlog.csv

The output should look something like this:

hostname,nemws1,Mon May 7,23:30
hostname,nemws1,Wed May 2,10:09
hostname,nemws1,Wed May 2,08:50
hostname,nemws1,Tue May 1,16:30


Be careful though, sometimes 'last' produces some odd output.  I'm assuming you do NOT need to be root to run 'last' on these hosts.  If you do, that'll kind of suck, since you'll have to type in your password for 'sudo' 200 times.  If you want to get around that, you'd have to set up a cron job on each server to dump out the data from 'last' to file that is readable by you (easily done, actually)
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Bryant

ASKER
Hi nemws1

I setup 3 boxes to test your solution on and cant get it to work. I manually created a master file on 1 box with the 3 box numbers I want to use. Then I created files on each box called /master/store_numbers.

mkdir master
cd master
mkdir store_numbers
cd store_numbers
touch 1234
touch 2345
touch 3456

Then I logged on to one of the boxes and  ran put your script in a file

#!/bin/bash
for serv in `cat ~/master/store_numbers`
do
  ssh $serv 'last' | \
    egrep -v "^(reboot|shutdown|root|me_id|me2_id)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "$serv,%"
done

Whenever I tired to run gatherlast > lastlog.csv, I get ¦/tmp/xxx1-3xxa: gatherlast: not found.
Nem Schlecht

'store_numbers' should be a plain-text file with a server-name per line, not a directory with one server-per-file.

As for the last-line, error, you need to run your script as:

./gatherlast > lastlog.csv

and *not*:

gatherlast > lastlog.csv

See the difference?  Your current directory is *NOT* in your path.  This is considered to be a good/secure thing to do. :)
Bryant

ASKER
I deleted the directory store_numbers and created a store_nubmers.txt file with vi and included the three box numbers. I also changed two lines of the script from serv to xxxx to match 4 characters i have to use when logging into a box. for ex. 'xxxx.1111' is the box name.


#!/bin/bash
for xxxx in `cat ~/master/store_numbers`
do
  ssh xxxx.$1 'last' | \
    egrep -v "^(reboot|shutdown|root|me1xxxx|me2xxxx)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "xxxx.$1,%"
done


I get
XXXX.1111:/home/mexxxx-> ./gatherlast > lastlog.csv
ksh: ./gatherlast: 0403-006 Execute permission denied.

 /tmp/yyyy-yyyy: gatherlast: not found.


I am probably doing something really obviously to you but I cant figure it out. Cant make it work.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Nem Schlecht

No biggie. ;-)  I'll take the blame, since this stuff is obvious to me, but less so to others. ;-)

If you named your text file 'store_numbers.txt', we should reflect that in the script.  Change line 2 to:

for xxxx in `cat ~/master/store_numbers.txt`

Lastly, we just need to make this script "executable".  Run this:

chmod +x gatherlast

in "/home/mexxxx" and then try it again:

./gatherlast > lastlog.csv
Bryant

ASKER
Hi nemws1,

Hey I wanted to let you know I apprerciate your help.

I made the change but could not get it to work. So I made other changes and got information to come up but not so much as in what I as looking for.  Here is what I got to give me some info.

#!/bin/bash
for i in $(cat master/store_numbers)
do
  ssh -o BatchMode=yes isp1.$i 'last'

    egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
    awk '{print $1","$4" "$5" "$6","$7}' \ |
    xargs -I% echo "isp1.$i,%"
done


This brought me back alot of information from last. It did not exclude the usernames that I listed in the line 'egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
'. It also didnt list the store_numbers so I cant tell what login is for what box and if it is only for the same box or what. Where did I go wrong?
Nem Schlecht

Missing one thing and I see a bug in my old code as well.  New code, with comments:

#!/bin/bash
for i in $(cat master/store_numbers)
do
    # this next line was missing "| \"
    # the awk line had the "|" "\" switched around (my bad)
    ssh -o BatchMode=yes isp1.$i 'last' | \
    egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
    awk '{print $1","$4" "$5" "$6","$7}' | \
    xargs -I% echo "isp1.$i,%"
done

Open in new window

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Bryant

ASKER
Ok, this works I only have two issues. For each box it is showing me 60 entires and i only need one or 2. I also want the duration of time they were logged in shown from last. It shows me everything else I need except that . Can that be tweaked?
Nem Schlecht

I'm not sure what you're asking with your second question.  Can you give me an example of the output you're receiving and an example of what you want?

To fix your first part, we would just do a 'head' in the loop part of our script:
    ssh -o BatchMode=yes isp1.$i 'last' | \
    egrep -v "^(reboot|shutdown|root|nopriv|me1|cowo1|cowo2|cowo3|cowo4)" | \
    awk '{print $1","$4" "$5" "$6","$7}' | \
    head -2 | \
    xargs -I% echo "isp1.$i,%"

Open in new window

Bryant

ASKER
When I run last I can not only see the time they logged in but the time they logged out and how many minutes they were logged in. I need to find out if someone logged in just to be logging in but not really using the server. Right now I get everything I need except the amount of time they logged in. I dont need to know the time they logged out as long as I have the minutes.

for example I get '' '' '' May 23 1300 -   when I run the script now
If I run last without the script I get '' '' '' May 23 1300 - 1301 (00:01)
I would like to get '' '' '' May 23 1300 (00:01)
('' = all the stuff that suppose to be there)

I dont know if that is possible or is it that im just not getting all of last when the script runs for some other reason.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
Nem Schlecht

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Bryant

ASKER
I changed $7 to $8 and $10 to $9 and it works perfectly. Thanks so much for your help on this.
Bryant

ASKER
Very quick with responses and very helpful throughout all my newbie questions. Thanks alot!
Nem Schlecht

You're welcome.  Happy auditing of who is logging into your servers! ;-)
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23