I can't take credit for this fully, partly because I had some help from PerlMonks and from Linux & Unix forum to make this script work. So, I'll share it out with you folks. I have tested it on Suse and Redhat so it ought to work on these platforms for you as well
# vi wtmp.pl
#!/usr/bin/perl
@type = (
"Empty", "Run Lvl", "Boot", "New Time", "Old Time", "Init",
"Login", "Normal", "Term", "Account"
);
$recs = "";
while (<>) {
$recs .= $_;
}
foreach ( split( /(.{384})/s, $recs ) ) {
next if length($_) == 0 ;
my ( $type, $pid, $line, $inittab, $user, $host, $t1, $t2, $t3, $t4, $t5 ) =
$_ =~ /(.{4})(.{4})(.{32})(.{4})(.{32})(.{256})(.{4})(.{4})(.{4})(.{4})(.{4})/s;
if ( defined $line && $line =~ /\w/ ) {
$line =~ s/\
x00+//g;
$host =~ s/\x00+//g;
$user =~ s/\x00+//g;
printf(
"%s %-8s %-12s %10s %-45s \n",
scalar( gmtime( unpack( "I4", $t3 ) ) ),
$type[
unpack( "
I4", $type )
],
$user,
$line,
$host
);
}
}
printf "\n"
# vi wtmp.pl
#!/usr/bin/perl
@type = (
"Empty", "Run Lvl", "Boot", "New Time", "Old Time", "Init",
"Login", "Normal", "Term", "Account"
);
$recs = "";
while (<>) {
$recs .= $_;
}
foreach ( split( /(.{384})/s, $recs ) ) {
next if length($_) == 0 ;
my ( $type, $pid, $line, $inittab, $user, $host, $t1, $t2, $t3, $t4, $t5 ) =
$_ =~ /(.{4})(.{4})(.{32})(.{4})(.{32})(.{256})(.{4})(.{4})(.{4})(.{4})(.{4})/s;
if ( defined $line && $line =~ /\w/ ) {
$line =~ s/\
x00+//g;
$host =~ s/\x00+//g;
$user =~ s/\x00+//g;
printf(
"%s %-8s %-12s %10s %-45s \n",
scalar( gmtime( unpack( "I4", $t3 ) ) ),
$type[
unpack( "
I4", $type )
],
$user,
$line,
$host
);
}
}
printf "\n"
On your server, run the script as such
# wtmp.pl < /var/log/wtmp > /tmp/wtmp-report
You could change the input path to wherever your wtmp is stored. The final report opens with wordpad. In notepad the spaces are not recognized and it writes in a continuous lines so please use Microsoft Word or wordpad to read the report!
No comments:
Post a Comment