followup on utmp/wtmp logging?
Mook, R.S. van (CIV)
R.S.vanMook at civ.utwente.nl
Tue Nov 23 13:01:56 GMT 1999
I've just developed a few tricks for myself to sort-of-achieve the same
thing,
it is only tested on one system, Your Mileage May Vary and Completely At
Your Own Risk:
Add to every share in smb.conf:
include = /etc/samba/logging.conf
/etc/samba/logging.conf:
root preexec = echo "LOGIN %u $PPID \"%S\" %M %T" >> /var/log/utmp-samba"
root postexec= echo "LOGOUT %u $PPID \"%S\" %M %T" >>/var/log/utmp-samba"
Which results in a file like this:
LOGOUT nobody 29330 "apps" cam031312.student.utwente.nl 1999/11/22 18:03:40
LOGIN remco 29493 "remco" arie 1999/11/22 21:10:50
LOGIN snt 29493 "snt" arie 1999/11/22 21:11:02
LOGOUT snt 29493 "snt" arie 1999/11/22 21:49:05
LOGOUT remco 29493 "remco" arie 1999/11/22 21:49:05
LOGIN remco 29493 "remco" arie 1999/11/22 23:04:09
LOGIN nobody 31304 "apps" cal038041.student.utwente.nl 1999/11/23 09:40:59
LOGIN nobody 31335 "apps" cal007205.student.utwente.nl 1999/11/23 11:04:37
LOGOUT nobody 31335 "apps" cal007205.student.utwente.nl 1999/11/23 11:07:17
LOGOUT nobody 31304 "apps" cal038041.student.utwente.nl 1999/11/23 12:37:51
Which can be parsed with the following perl script:
#! /usr/bin/perl
# quick hack to emulate a 'last' command for samba
use Time::Local;
use strict;
my ($search,$max);
sub usage {
print << "EOF";
smblast - 'last' command for Samba.
Version 0.1, Remco van Mook 1999
Usage: smblast [-num] [username]
EOF
}
foreach (@ARGV) {
if (/^-(\d+)/) { $max=$1 } elsif (! /^$/) { $search=$_ }
if (/-h/) { usage; exit 0}
}
sub bytime { $b->[0] <=> $a->[0] }
open (IN,"/var/log/utmp-samba");
my %log;
while (<IN>) {
my ($action,$pid,$share,$user,$host,$date,$time);
(/^(LOGIN|LOGOUT) (.+)? (.+)? "(.+)?" (.+)? (.+)? (.+)$/);
($action,$user,$pid,$share,$host,$date,$time)=($1,$2,$3,$4,$5,$6,$7);
if ($action eq "LOGIN") {
$log{"$share/$user/$pid"}[0]=$date;
$log{"$share/$user/$pid"}[1]=$time;
$log{"$share/$user/$pid"}[4]=$host;
} else {
$log{"$share/$user/$pid"}[2]=$date;
$log{"$share/$user/$pid"}[3]=$time;
$log{"$share/$user/$pid"}[5]=$host;
}
}
close IN;
my $key;
my $counter;
my @output;
$counter=0;
foreach $key (keys %log) {
my ($itime,$ihour,$imin,$isec,$iday,$imon,$iyear)=0;
my ($otime,$ohour,$omin,$osec,$oday,$omon,$oyear)=0;
my $rest;
my ($share,$user,$pid) = split ("/",$key);
if ((! $search) or ($search eq $user)) {
my $host=$log{$key}[4]||$log{$key}[5];
if ($log{$key}[1].$log{$key}[0] ne "") {
($ihour,$imin,$isec)=split(":",$log{$key}[1]);
($iyear,$imon,$iday)=split("/",$log{$key}[0]);
$itime=timelocal($isec,$imin,$ihour,$iday,$imon,$iyear-1900);
} else {
$itime=0;
$iday=1;
$ihour="00";
$imin="00";
$imon=1;
}
my
$day=("Sun","Mon","Tue","Wed","Thu","Fri","Sat","Sun")[(localtime($itime))[6
]];
my
$mon=("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec
")[$imon-1];
if ($log{$key}[3].$log{$key}[2] ne "") {
($ohour,$omin,$osec)=split(":",$log{$key}[3]);
($oyear,$omon,$oday)=split("/",$log{$key}[2]);
$otime=timelocal($osec,$omin,$ohour,$oday,$omon,$oyear-1900);
}
if ($otime != 0) {
my $timediff=$otime-$itime;
my
$dur=sprintf("(%2s:%2s)",int($timediff/3600),int(($timediff%3600)/60));
$dur=~s/ /0/g;
$rest=sprintf("- %2s:%2s %8s",$ohour,$omin,$dur);
} else {
$rest=" still logged in";
}
$output[$counter][0]=$itime;
$output[$counter][1]=sprintf ("%-8s SMB/%-8s %-16s %3s %3s %2s %2s:%2s
%s\n",$user,$share,substr($host,0,16),$day,$mon,$iday,$ihour,$imin,$rest);
$counter++;
}
}
my @sorted = sort bytime @output;
if ($max) { @sorted=splice(@sorted,0,$max) }
foreach (@sorted) {
print ${$_}[1];
}
Remember it's just a quick hack, not particularly elegant or efficient :)
You get the following output:
nobody SMB/apps cal007205.studen Thu Nov 23 11:04 - 11:07 (00:02)
nobody SMB/apps cal038041.studen Thu Nov 23 09:40 - 12:37 (02:56)
snt SMB/snt arie Wed Nov 22 21:11 - 21:49 (00:38)
nobody SMB/apps cam031312.studen Wed Nov 22 18:03 - 18:03 (00:00)
nobody SMB/Install cam031312.studen Wed Nov 22 18:03 - 18:03 (00:00)
nobody SMB/Install cal040031.studen Wed Nov 22 17:21 - 17:21 (00:00)
Surely the logging.conf part could be integrated in some form into smbd.
Hope this helps,
Remco
-----Original message-----
Van: Harald Hannelius [mailto:Harald at iki.fi]
Verzonden: Tuesday, November 23, 1999 11:09 AM
Aan: Multiple recipients of list SAMBA-TECHNICAL
Onderwerp: followup on utmp/wtmp logging?
Has there been any more talk about the recent question about utmp/wtmp
support in samba?
This would really be a nice feature. It would abstract the windows clients
even more and one could use standard unix tools when messaging. Above all,
I would get the users login/logouts logged properly.
===========================================================
Harald H Hannelius | Harald at iki.fi | GSM +358405470870
===========================================================
More information about the samba-technical
mailing list