Author Topic: How to Monitor All User Logоns in a Zentyal Server  (Read 1281 times)

Faisal Abbas

  • Zen Apprentice
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
How to Monitor All User Logоns in a Zentyal Server
« on: May 18, 2022, 10:03:53 am »
MY Question is

how we monitor Domain users LOGON and LOGOUT Events in Zentyal Server , although in Windows Server we just go to Event Viewer and see all

please reply

Regards
Faisal Abbas

turalyon

  • Zen Warrior
  • ***
  • Posts: 197
  • Karma: +15/-0
    • View Profile
Re: How to Monitor All User Logоns in a Zentyal Server
« Reply #1 on: May 18, 2022, 11:03:38 am »
Hi,

You can get that information from the log file '/var/log/samba/samba.log'. So, the best approach is to create a shell script that search, parse and display the information as you want.

Below you have two commands that you can try to retrieve the information you are looking for:

Code: [Select]
## Login
grep -B 1 'connect to service netlogon' /var/log/samba/samba.log

## Logout
grep -B 1  -P 'closed connection to service (?!.*IPC|netlogon)' /var/log/samba/samba.log

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

Faisal Abbas

  • Zen Apprentice
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
Re: How to Monitor All User Logоns in a Zentyal Server
« Reply #2 on: May 18, 2022, 03:01:56 pm »
Thanks for this information

how can save this login logoff log

Regards
Faisal Abbas

turalyon

  • Zen Warrior
  • ***
  • Posts: 197
  • Karma: +15/-0
    • View Profile
Re: How to Monitor All User Logоns in a Zentyal Server
« Reply #3 on: May 19, 2022, 03:40:24 pm »
Hi Faisal,

The things I would do are:

1. Create a shell script that formats the output as I wish.
2. Create a cron job that runs the script each hour and sends (redirects) the results to a log file in the directory '/var/log/'.

Hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

Faisal Abbas

  • Zen Apprentice
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
Re: How to Monitor All User Logоns in a Zentyal Server
« Reply #4 on: May 23, 2022, 07:19:06 am »
is it any other method for collecting it at the end of the day or any example for above method ??

turalyon

  • Zen Warrior
  • ***
  • Posts: 197
  • Karma: +15/-0
    • View Profile
Re: How to Monitor All User Logоns in a Zentyal Server
« Reply #5 on: May 23, 2022, 10:49:37 am »
Hi,

I don't know a simpler method than the above.

My recommendation is:

1. Mark a mark in the log file '/var/log/samba/samba.log'
2. Log in and log out of a domain computer with a domain user.
3. Make another mark in the log file.
4. Analyze the records from the marks.
5. 'Create' the command that retrieves the records in the format you like (you can use the commands: 'grep', 'cut', 'awk').

I hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".