I want to Shows last login time for users who have ever logged in AIX.
And enable the lastlog stanza:
[script://./bin/lastlog.sh]
sourcetype = lastlog
source = lastlog
interval = 300
index = os
disabled = 0
but I found it didn't work, and i see the lastlog.sh scripts:
if [ "x$KERNEL" = "xLinux" ] ; then
CMD='lastlog'
FILTER='/Never logged in/ {next} (NR==1) {next}'
FORMAT='{username = $1; from = (NF==9) ? $3 : "<console>"; latest=$(NF-4) " " $(NF-3) " " $(NF-2) " " $NF}'
elif [ "x$KERNEL" = "xSunOS" ] ; then
CMD='last -n 999'
FILTER='{if ($0 == "") exit; if ($1 ~ /reboot|shutdown/ || $1 in users) next; users[$1]=1}'
FORMAT='{username = $1; from = (NF==10) ? $3 : "<console>"; latest = $(NF-6) " " $(NF-5) " " $(NF-4) " " $(NF-3)}'
elif [ "x$KERNEL" = "xAIX" ] ; then
failUnsupportedScript
elif [ "x$KERNEL" = "xDarwin" ] ; then
CMD='last -99'
FILTER='{if ($0 == "") exit; if ($1 ~ /reboot|shutdown/ || $1 in users) next; users[$1]=1}'
FORMAT='{username = $1; from = ($0 !~ / /) ? $3 : "<console>"; latest = $(NF-6) " " $(NF-5) " " $(NF-4) " " $(NF-3)}'
elif [ "x$KERNEL" = "xHP-UX" ] ; then
CMD='lastb -Rx'
FORMAT='{username = $1; from = ($2=="console") ? $2 : $3; latest = $(NF-3) " " $(NF-2)" " $(NF-1)}'
FILTER='{if ($1 == "BTMPS_FILE") next; if (NF==0) next; if (NF<=6) next;}'
elif [ "x$KERNEL" = "xFreeBSD" ] ; then
CMD='lastlogin'
FORMAT='{username = $1; from = (NF==8) ? $3 : "<console>"; latest=$(NF-4) " " $(NF-3) " " $(NF-2) " " $(NF-1) " " $NF}'
fi
It say does not support AIX !
does any one can help me to add backup the script for AIX? AIX also has "last" command for last login time for users who have ever logged in.
thanks a lot.
Hi gif_support,
to have successful logins in AIX (if enabled) you could also take audit logs from “ /var/log/secure
” and search string " Accepted password for
" OR " session opened for
".
Bye.
Giuseppe
does any reference about monitor the logs file such as /var/log/secure ?
and how to achieve?
Hi gif_support,
I'm not an AIX specialist but for my knowledge in "/var/log/secure" (as other linux based systems) there are audit logs.
When I worked for AIX logins, I remember that login auditing must be enabled by system administrator, but when enabled, in "/var/log/secure" you can find all that you need.
Bye.
Giuseppe