I'm trying to find if anyone have logged into the servers in past 1 month or not. Servers include both Windows and Linux. Please help if anyone have already working script or suggestion on how to proceed.
For Linux i have tried using last command output, but i don't know how to put it in same script which can fetch output from Windows servers as well, also I'm looking for commands for Windows.
The linux part is easy: Set up the connection with putty (especially the keys for passwordless ssh) and then run it like:
putty -ssh user@server -m 'last|egrep -v "(user|reboot)"|head -n 1'
For Windows: You'll find all the information in the security log in event viewer. You can use the powershell commandlet Get-Winevent or eventquery.vbs (You'll find that in %WINDIR%\System32). Writing filters for event log is not exactly quick, though.
In answer to your question below (since comments don't allow enough text):
last -n 1000 --since $(date --date="last month" +%Y-%m-%d)|grep -v reboot|wc -lwill return the number of logins in the last month plus 2 (empty line plus wtmp begins [...]).
In Windows you can use Get-WinEvent -FilterHashTable @{LogName="system";StartTime=$((Get-Date).AddMonths(-1));ID=4624}. The problem here is that there are a lot of logons (Interactive and RemoteInteractive are probably what you want, but also Service, Network (For SMB, for example), ...).
So you'll have to filter those according to your needs. You might also want to filter accounts. In those cases, replace -FilterHashTable and it's value with -FilterXPath or -FilterXml.
The advantage of -FilterXml is that you can use event log viewer to build your filter bit by bit. A starting point is this Technet post. I'd also recommend the Get-WinEvent reference
