Results 1 to 7 of 7

Thread: How to redirect /var/log/wtmp to a linux log server

  1. #1
    Join Date
    Feb 2013
    Beans
    4

    How to redirect /var/log/wtmp to a linux log server

    Hi all...
    I need to obtain logs for all logins in ubuntu computers in my environment.
    I have one log server that can retrieve the /var/log/auth.log, but i need information like "last" command:

    user pts/0 host Fri Feb 8 14:24 - 17:01 (02:37)

    How can i do this? There are some way to retrieve the /var/log/wtmp from my linux clients? How to redirect wtmp from clients to my log server?

    Thanks

  2. #2
    Join Date
    Nov 2008
    Location
    Lleida, Spain
    Beans
    1,157
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How to redirect /var/log/wtmp to a linux log server

    Quote Originally Posted by tlparolin View Post
    Hi all...
    I need to obtain logs for all logins in ubuntu computers in my environment.
    I have one log server that can retrieve the /var/log/auth.log, but i need information like "last" command:

    user pts/0 host Fri Feb 8 14:24 - 17:01 (02:37)

    How can i do this? There are some way to retrieve the /var/log/wtmp from my linux clients? How to redirect wtmp from clients to my log server?

    Thanks
    Make the authentication happen in the server, for example with NIS.

  3. #3
    Join Date
    Feb 2013
    Beans
    4

    Re: How to redirect /var/log/wtmp to a linux log server

    All logins is validated with ldap.
    But in ldap's log, doesn't retrieve the information that i need (like last command)
    Windows logins, using ldap/samba appears in last command on the server, so i think that redirecting wtmp from linux clients would be usefull to know users logins..
    thanks

  4. #4
    Join Date
    Feb 2013
    Beans
    Hidden!

    Re: How to redirect /var/log/wtmp to a linux log server

    With last -f file you can specify which file last should use instead of /var/log/wtmp. So, retrieve /var/log/wtmp like you do with /var/log/auth.log, then last -f retrieved file.

  5. #5
    Join Date
    Feb 2013
    Beans
    4

    Re: How to redirect /var/log/wtmp to a linux log server

    Thank for all reply...
    This is a great community!!!
    Well.. i send my /var/log/auth.log with rsyslog:

    auth,autpriv.* @logserver

    How can i send wtmp?
    I don't know how can i send through rsyslog

  6. #6
    Join Date
    Feb 2013
    Beans
    Hidden!

    Re: How to redirect /var/log/wtmp to a linux log server

    Sorry, I didn't think about it. AIUI, you cannot redirect wtmp through rsyslogd. Would a cron job that periodically sends the output of last to the remote server fit your purpose? Also, some LDAP-based directory services like OpenDJ let you define password policy that logs last login time for each user, but I guess it's beyond the abilities of a vanilla LDAP server.

  7. #7
    Join Date
    Feb 2013
    Beans
    4

    Re: How to redirect /var/log/wtmp to a linux log server

    Thanks again..Now i solved my problem...
    I did like you said: an script to call last command putting out to /var/log/auth.log

    My steps:

    1 - schedule to /etc/cron.daily/users:
    #!/bin/bash
    sudo last >> /var/log/auth.log

    2 - make executable: chmod +x /etc/cron.daily/users

    3 - changed wtmp in /etc/logrotate.conf to daily and rotate 90 days

    Now, i get the auth.log in server with output from "last"
    from now on, i can do some kind of filter to clean auth.log in server to get only last output...

    This is more or less what i did to get working.
    Thanks

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •