bash script for showing last users

Hi! I'm new in scripting and I need some help with one simple script. I have to write a program that shows in a predetermined period (using "last" command), to draw up a list of users who have used the machine during this period. Each user to indicate how many sessions it has been during this period. Output must be sorted alphabetically by usernames (increasing alphabetically).

The code should be something like???:

cat lastfile | cut -c1-8 | egrep -v '(^reboot)|(^$)|(^wtmp a)|(^ftp)' | sort | uniq -c | sort -rn

But how to I predetermine the period and sort alphabetically(increasing)?

Regards,
Vassu

---------- Post updated at 06:48 PM ---------- Previous update was at 01:12 PM ----------

Really nobody can help:confused:

  1. sort by name

name occurs in the second field, so specify that field to sort.

sort -k 2
  1. What do you mean by predetermining ? Cant understand that.

I think you're going to have a significant challenge in doing this since you'll have to determine (for each entry) whether the session time range falls within the range you would be specifying. I think I'd convert all of the dates to seconds since epoch which would make your math a bit easier.

It means that user inserts some date [example input: Oct 26 11:00 - Oct 27 14.00] and script output shows all users, who have been logged in during this time, alphabetically. And shows how many sessions they have had in this period. Somehow it can be predetermined to show according to "date" field. Right now without script it shows like this:

frogger rubiin/wazzar> cat lastfile | cut -c1-8 | egrep -v '(^reboot)|(^$)|(^wtmp a)|(^ftp)' | sort | uniq -c | sort -k 1 | last -10
a72093   pts/6        172.17.1.42      Tue Oct 27 14:00   still logged in
wazzar   pts/4        218.255.196.88.s Tue Oct 27 13:55   still logged in
a72093   pts/15       172.17.1.42      Tue Oct 27 13:50 - 13:59  (00:09)
aller    pts/16                        Tue Oct 27 13:45 - 13:45  (00:00)
aller    pts/15                        Tue Oct 27 13:45 - 13:46  (00:00)
aller    pts/7                         Tue Oct 27 13:45 - 13:50  (00:04)
aller    pts/6                         Tue Oct 27 13:45 - 13:50  (00:04)
a83553   pts/14       fl01.fil.ut.ee   Tue Oct 27 13:38   still logged in
laure    pts/13                        Tue Oct 27 13:34   still logged in
laure    pts/9                         Tue Oct 27 13:31   still logged in

wtmp begins Wed Oct 21 19:10:34 2009
frogger rubiin/wazzar>

Script should show something like this:

Example:\\>users.sh  Oct 26 11:00 - Oct 27 14.00
 SESSIONS      USER              LAST LOGIN
   12              userA      Tue Oct 27 13:45 - 13:50  (00:04)
    3               userB      Tue Oct 27 13:31   still logged in
    5               userC      Tue Oct 27 13:31   still logged in
   ...              .......        ............................................

Ok, I'm still sticking with this being a more complex problem than a single pipe-line command. If someone else has a better solution, that'd be great.

Some pseudo code:

Convert your date range input to seconds since epoch for easier calculation (date command can do this depending on version)
  (input start point and input end point ISP and IEP)
Get your pared down output from the 'last' command
for each entry{
  convert that logged in range to seconds since epoch for easier calculation
    (entry start point and entry end point ESP and EEP)
  determine if ((ESP > ISP) and (ESP < IEP)) or ((EEP > ISP) and (EEP < IEP))     # Entry is somewhere within specified range
  If the entry is within the range, save it for later calculations
  Determine when to stop reading 'last' input because the rest don't fall
  into your specified range.
}
Now take the entries that are within your range
  find the unique names and their number of entries and sort by alpha

This would be a useful script if you get it working. Maybe you could post it when done.

It is probably easier to work with the raw wtmp file than with "last" if only because "last" is always in reverse chronological order.
I'm assuming that you want to do this in shell rather than a "C".

The fact that you can process an entire "output from "last" suggests that you properly maintain your wtmp file(s) to a manageable size.

Tip: process the wtmp file with program "fwtmp" and you will have all the raw material in chronological order in a format suitable for splitting into fields with "cut". Each record includes the date since the epoch as well as in character format. Each record contains a code as to the type of record. Beware that some records don't have a username because "wtmp" records that fact that someone is running a login process (hence the reason to use "cut").

There are many possible ways to deal with the timespan. You could run "fwtmp" at the start of the period and again at the end of the period. Count the records in each file and you then know how many have changed. Use "sed" not "tail" to get the records you require. At this point you could convert the selected records back to wtmp format in a file with a new name and run "last" on that file.

That's pretty cool. What OS is that applicable to? Also, what OS is the original post using?

The "fwtmp" program is supplied with most mainstream unix systems as part of unix System Accounting. If "man last" doesn't lead to "man wtmp" and thence to "man fwtmp" then I'd suspect that it is not supplied.

Might not exist on Linux varieties - anybody know either way?

It shoult be suited for linux. I have been using linux server over putty. And it shows that there's SuSE.

It is probably easier to work with the raw wtmp file than with "last" if only because "last" is always in reverse chronological order.
I'm assuming that you want to do this in shell rather than a "C".

I will have to make it with "last" command and if "last" is always in reverse chronological order then let it be reversed. I need to make it as a shell not in "C".

I have fwtmp on my Solaris systems but it's not on any of our Linux boxes.