ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Start year fix for log file parsing

Browse Source
This commit is contained in:
Clemens Schwaighofer
2022-11-21 18:19:03 +09:00
parent 424277ff2e
commit 16e6b98399
1 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
bin/collect_login_data.sh
View File

@@ -28,12 +28,12 @@ function parseLog()
# clean up date from YYYY nam dd to YYYY-MM-DD HH:II:SS
line="${1}";
auth_log="${2}";
debug="${3}";
START_YEAR=$(date +%Y -d "1 day ago");
start_year="${3}";
debug="${4}";
# echo "L: $line";
auth_date=$(echo "${line}" | cut -c 1-6)" ${START_YEAR} "$(echo "${line}" | cut -c 8-15);
auth_date=$(echo "${line}" | cut -c 1-6)" ${start_year} "$(echo "${line}" | cut -c 8-15);
auth_date=$(echo "${auth_date}" | date +"%F %T" -f -);
# auth user has . at the end, remove that one
auth_user=$(echo "${line}" | cut -d "]" -f 2 | cut -d " " -f 7 | cut -d "." -f 1);
@@ -66,6 +66,8 @@ if [ -z "${init_version##*systemd*}" ]; then
OPT_START_DATE="-S ${START_DATE}";
OPT_END_DATE="-U ${END_DATE}";
fi;
# READ as other format so we get the YEAR (JSON )
START_YEAR=$(date +%Y -d "1 day ago");
journalctl -u systemd-logind --no-pager ${OPT_START_DATE} ${OPT_END_DATE} | grep ": New session" |
while read line; do
# # Nov 21 14:15:46 we.are.hostname.com systemd-logind[1865]: New session 12345 of user some^user.
@@ -76,24 +78,28 @@ if [ -z "${init_version##*systemd*}" ]; then
# " of user <username>"
# we want date + time + username
# prefix year with start date year
parseLog "${line}" "${AUTH_LOG}" 0;
parseLog "${line}" "${AUTH_LOG}" "${START_YEAR}" 0;
done;
else
LOG_TARGET="syslog";
# for secure/auth log
if [ $RUN_FULL_LOG -eq 1 ]; then
bunzip2 -ck /var/log/secure*.bz2 | grep ": session opened for user" |
while read line; do
parseLog "${line}" "${AUTH_LOG}" 0;
# we loop over EACH file and get the DATE so we can have the correct YEAR
for sfile in $(ls -1 /var/log/secure*bz2); do
tz=$(stat -c %z "${sfile}");
START_YEAR=$(date +%Y -d @${tz});
bunzip2 -ck "${sfile}" | grep ": session opened for user" |
while read line; do
parseLog "${line}" "${AUTH_LOG}" "${START_YEAR}" 0;
done;
done;
# read all
START_DATE="sshd"
else
START_DATE=$(date +"%b %e" -d "1 day ago")
fi;
START_YEAR=$(date +%Y -d "1 day ago");
cat /var/log/secure | grep "${START_DATE}" | grep ": session opened for user" |
while read line; do
parseLog "${line}" "${AUTH_LOG}" 0;
parseLog "${line}" "${AUTH_LOG}" "${START_YEAR}" 0;
done;
fi;