Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: Faisal Abbas on May 18, 2022, 10:03:53 am
-
MY Question is
how we monitor Domain users LOGON and LOGOUT Events in Zentyal Server , although in Windows Server we just go to Event Viewer and see all
please reply
Regards
Faisal Abbas
-
Hi,
You can get that information from the log file '/var/log/samba/samba.log'. So, the best approach is to create a shell script that search, parse and display the information as you want.
Below you have two commands that you can try to retrieve the information you are looking for:
## Login
grep -B 1 'connect to service netlogon' /var/log/samba/samba.log
## Logout
grep -B 1 -P 'closed connection to service (?!.*IPC|netlogon)' /var/log/samba/samba.log
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
-
Thanks for this information
how can save this login logoff log
Regards
Faisal Abbas
-
Hi Faisal,
The things I would do are:
1. Create a shell script that formats the output as I wish.
2. Create a cron job that runs the script each hour and sends (redirects) the results to a log file in the directory '/var/log/'.
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
-
is it any other method for collecting it at the end of the day or any example for above method ??
-
Hi,
I don't know a simpler method than the above.
My recommendation is:
1. Mark a mark in the log file '/var/log/samba/samba.log'
2. Log in and log out of a domain computer with a domain user.
3. Make another mark in the log file.
4. Analyze the records from the marks.
5. 'Create' the command that retrieves the records in the format you like (you can use the commands: 'grep', 'cut', 'awk').
I hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".