I have the lastlog from 100 machines that I need to parse. Since I have them all centrally located, is there a way to parse these? Or do I need to go back to each machine and type the "lastlog" command and then get the output?
Thank you.
I have the lastlog from 100 machines that I need to parse. Since I have them all centrally located, is there a way to parse these? Or do I need to go back to each machine and type the "lastlog" command and then get the output?
Thank you.
A super-hacky solution is simply to backup your machine's /var/log/lastlog
, and replace it with the file from a different machine. Run lastlog
to view its contents, the replace the one from your machine
mv /var/log/lastlog /var/log/lastlog.real
cp /your/custom/lastlog /var/log/lastlog
lastlog
mv /var/log/lastlog.real /var/log/lastlog
tail -n25 $(find /var/log/lastlog -maxdepth 1 -type f -mtime -1 | grep -v "wtmp" | grep -v "lastlog" ) | more
Might be helpful
The standard lastlog command doesn't have an option to read an alternate lastlog data file but you could just grab the source for this and tweak it. Or use your favourite language to parse it - just standard utmp records.
Be aware that copying lastlog files around can result in large destination files if your users have high uids. By default lastlog files are sparse (so ls -l shows them as large but du -s reflects real size).