diff --git a/bin/collect_login_data.sh b/bin/collect_login_data.sh
index a2ec89a..594f26e 100755
--- a/bin/collect_login_data.sh
+++ b/bin/collect_login_data.sh
@@ -22,6 +22,37 @@ if [ ! -z "${1}" ] && [ "${1}" = "FULL" ]; then
 	RUN_FULL_LOG=1;
 fi;
 
+function parseLog()
+{
+	# do we have a key entry, if not add new with last log date
+	# clean up date from YYYY nam dd to YYYY-MM-DD HH:II:SS
+	line="${1}";
+	auth_log="${2}";
+	debug="${3}";
+	START_YEAR=$(date +%Y -d "1 day ago");
+
+	# echo "L: $line";
+
+	auth_date=$(echo "${line}" | cut -c 1-6)" ${START_YEAR} "$(echo "${line}" | cut -c 8-15);
+	auth_date=$(echo "${auth_date}" | date +"%F %T" -f -);
+	# auth user has . at the end, remove that one
+	auth_user=$(echo "${line}" | cut -d "]" -f 2 | cut -d " " -f 7 | cut -d "." -f 1);
+
+	# echo -n "USER: $auth_user | DATE: $auth_date";
+
+	# find auth user in current auth file
+	# if not there attach, else replace date only
+	found=$(grep "${auth_user};" "${auth_log}");
+	if [ -z "${found}" ]; then
+		# echo -n " | Write new";
+		echo "${auth_user};${auth_date}" >> "${auth_log}";
+	else
+		# echo -n " | Replace old";
+		sed -i "s/${auth_user};.*$/${auth_user};${auth_date}/" "${auth_log}";
+	fi;
+	# echo " [***]";
+}
+
 # Collector script for login information via journalctl
 # if no systemd installed, try to get info from /var/log/secure or /var/log/auth.log
 readonly init_version=$(/proc/1/exe --version | head -n 1);
@@ -30,7 +61,6 @@ if [ -z "${init_version##*systemd*}" ]; then
 	# for journalctl
 	START_DATE=$(date +%F -d "1 day ago");
 	END_DATE=$(date +%F);
-	START_YEAR=$(date +%Y -d "1 day ago");
 	OPT_START_DATE='';
 	if [ $RUN_FULL_LOG -eq 0 ]; then
 		OPT_START_DATE="-S ${START_DATE}";
@@ -46,48 +76,15 @@ if [ -z "${init_version##*systemd*}" ]; then
 		# " of user <username>"
 		# we want date + time + username
 		# prefix year with start date year
-
-		# echo "L: $line";
-
-		# do we have a key entry, if not add new with last log date
-		# clean up date from YYYY nam dd to YYYY-MM-DD HH:II:SS
-		# auth_date=$(echo "${line}" | cut -c 1-15 | date +"%F %T" -f -);
-		# auth_date=$($(echo "${line}" | cut -c 1-6)" ${START_YEAR} "$(echo "${line}" | cut -c 8-15)) | date +"%F %T" -f -;
-		auth_date=$(echo "${line}" | cut -c 1-6)" ${START_YEAR} "$(echo "${line}" | cut -c 8-15);
-		auth_date=$(echo "${auth_date}" | date +"%F %T" -f -);
-		# auth user has . at the end, remove that one
-		auth_user=$(echo "${line}" | cut -d "]" -f 2 | cut -d " " -f 7 | cut -d "." -f 1);
-
-		# echo -n "USER: $auth_user | DATE: $auth_date";
-
-		# find auth user in current auth file
-		# if not there attach, else replace date only
-		found=$(grep "${auth_user};" "${AUTH_LOG}");
-		if [ -z "${found}" ]; then
-			# echo -n " | Write new";
-			echo "${auth_user};${auth_date}" >> "${AUTH_LOG}";
-		else
-			# echo -n " | Replace old";
-			sed -i "s/${auth_user};.*$/${auth_user};${auth_date}/" "${AUTH_LOG}";
-		fi;
-		# echo " [***]";
+		parseLog "${line}" "${AUTH_LOG}" 0;
 	done;
 else
 	LOG_TARGET="syslog";
 	# for secure/auth log
-	if [ $RUN_FULL_LOG -eq 0 ]; then
-		bunzip -ck /var/log/secure*.bz2 | grep ": session opened for user" |
+	if [ $RUN_FULL_LOG -eq 1 ]; then
+		bunzip2 -ck /var/log/secure*.bz2 | grep ": session opened for user" |
 		while read line; do
-			# Nov 21 14:15:56 some.hostname.com sshd[12345]: pam_unix(sshd:session): session opened for user some-user(uid=6789) by (uid=0)
-			auth_date=$($(echo "${line}" | cut -c 1-6)" ${START_YEAR} "$(echo "${line}" | cut -c 8-15) | date +"%F %T" -f -);
-			auth_user=$(echo "${line}" | cut -d ")" -f 2 | cut -d " " -f 6 | cut -d "(" -f 1);
-			# find auth user in current auth file
-			# if not there attach, else replace date only
-			if [ -z grep "${auth_user}" "${AUTH_LOG}" ]; then
-				cat "${auth_user};${auth_date}"  >> "${AUTH_LOG}";
-			else
-				sed -i "s/${auth_user};.*$/${auth_user};${auth_date}/" "${AUTH_LOG}";
-			fi;
+			parseLog "${line}" "${AUTH_LOG}" 0;
 		done;
 		# read all
 		START_DATE="sshd"
@@ -96,16 +93,7 @@ else
 	fi;
 	cat /var/log/secure | grep "${START_DATE}" | grep ": session opened for user" |
 	while read line; do
-		# Nov 21 14:15:56 some.hostname.com sshd[12345]: pam_unix(sshd:session): session opened for user some-user(uid=6789) by (uid=0)
-		auth_date=$($(echo "${line}" | cut -c 1-6)" ${START_YEAR} "$(echo "${line}" | cut -c 8-15) | date +"%F %T" -f -);
-		auth_user=$(echo "${line}" | cut -d ")" -f 2 | cut -d " " -f 6 | cut -d "(" -f 1);
-		# find auth user in current auth file
-		# if not there attach, else replace date only
-		if [ -z grep "${auth_user}" "${AUTH_LOG}" ]; then
-			cat "${auth_user};${auth_date}"  >> "${AUTH_LOG}";
-		else
-			sed -i "s/${auth_user};.*$/${auth_user};${auth_date}/" "${AUTH_LOG}";
-		fi;
+		parseLog "${line}" "${AUTH_LOG}" 0;
 	done;
 fi;