Re: Need script to extract from /etc/security/lastlog -> list of users and their last login time in human readable format

• Previous message: tatasalak_at_yahoo.com: "Re: 3581 Tape Drive performance"
• In reply to:(deleted message) Michael Vilain: "Re: Need script to extract from /etc/security/lastlog -> list of users and their last login time in human readable format"
• Next in thread: Stephane CHAZELAS: "Re: Need script to extract from /etc/security/lastlog -> list of users and their last login time in human readable format"
• Reply: Stephane CHAZELAS: "Re: Need script to extract from /etc/security/lastlog -> list of users and their last login time in human readable format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 17 Dec 2004 11:31:18 GMT

In comp.unix.aix Michael Vilain <vilain@spamcop.net> wrote:
MV> In article <32e0g1F3kgu42U3@individual.net>,
MV> "Chris F.A. Johnson" <cfajohnson@gmail.com> wrote:

>> On Thu, 16 Dec 2004 at 11:43 GMT, Tom Brehony wrote:
>> > The subject lines says it all. I am looking for a script (ideally Korn
>> > Shell)
>> > to extract from /etc/security/lastlog a list of users and their last login
>> > time
>> > in human readable format.
>> >
>> > I have seen perl scripts to convert the Unix time in seconds to a human
>> > readable form, but I do not have perl installed on the AIX 4.2 box
>> > I am using and I am not familiar with perl anyway and would not be
>> > able to modify the script to do what I need.
>> >
>> > Anyone have something that will do this?
>>
>> I would use "last". What do you need that "last" doesn't provide?
>> (I assume that AIX has last; I haven't seen a Unix without it.)
>>
>> If that isn't adequate, what is the format of
>> /etc/security/lastlog?
>>
>> What capabilities does the "date" command have on AIX?

MV> The problem with using last is that, at least on Solaris, if you recycle
MV> wtmp regularly on a busy system, last will have only the entries since
MV> it was recycled. lastlog has a single entry for every login, IIRC.
MV> It's updated as that account logins in and it's what's printed when you
MV> login to a terminal session on Solaris "Last login: <date> from <remote>"

Correct. Recycling wtmp, most of the times, means: cat /dev/null > /var/adm/wtmp

Here's a script that I use:
-------------------------------<start script>---------------------------------
#!/bin/ksh
          info=$(/usr/sbin/lsuser -c -a time_last_login tty_last_login host_last_login $1)
#checking this one now is useful in case its null (i.e. never logged in)
          attributes=$( print $info | /bin/cut -d" " -f2- )
          if [[ $attributes = $1 ]]; then
            lastlogin=""
          else
            lastlogin=$( print $attributes | /bin/cut -d: -f2)
            lastterm=$( print $attributes | /bin/cut -d: -f3)
            lasthost=$( print $attributes | /bin/cut -d: -f4)
          fi

          #...print a line about the last login time
          if [[ $lastlogin = "" ]]; then
            print Never logged in.
          else
            print ""
            print Last login was: \
                  $(/usr/local/bin/get_date_from_secs $lastlogin )
            print On tty: $lastterm
            print From host: $lasthost
          fi
----------------------------<end script>--------------------------------------
get_date_from_secs.c is a short C code:

---------------------------<begin get_date_from_secs.c>-----------------------
/*
  get_date_from_secs.c
  pass the number of seconds since
  the Epoch, and return a Gregorian
  date argument
*/
#include <stdio.h>
#include <time.h>

void main(int argc, char **argv)
{
char *secarg;
struct tm rettm;
time_t now;

/* grab the first argument, time in seconds */
if((secarg = *++argv) == NULL)
   { /* error */
   printf("-1");
   exit(1);
   }
else
   {
   if((now=atol(secarg)) == NULL)
      { /* error */
      printf("-2");
      exit(1);
      }
   else
      {
      rettm=*localtime(&now);
      printf("%s", asctime(&rettm));
/*printf("%2d/%d/%d", rettm.tm_mon+1, rettm.tm_mday, rettm.tm_year+1900); */
      }
   }
exit(0);
}
-----------------------------<end get_date_from_secs.c>------------------------

P.S.: You have to be root or use sudo to run the script with argument 'username'
      other than yours. The script can be easily modified to spit out
      _unsuccessful_ events as well.

-Bela

• Previous message: tatasalak_at_yahoo.com: "Re: 3581 Tape Drive performance"
• In reply to:(deleted message) Michael Vilain: "Re: Need script to extract from /etc/security/lastlog -> list of users and their last login time in human readable format"
• Next in thread: Stephane CHAZELAS: "Re: Need script to extract from /etc/security/lastlog -> list of users and their last login time in human readable format"
• Reply: Stephane CHAZELAS: "Re: Need script to extract from /etc/security/lastlog -> list of users and their last login time in human readable format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]