I'm trying to write a simple script to identify every user who tried to �sudo� on the system. I have the first portion down to grep the log file
grep �sudo� /var/log/secure.
What I want to do is have the script identify the person just one time not every instance the user tried to sudo.
Thanks for your help.
Give us a small sample of the log file -- /var/log/secure.
Jim,
This is a sample of what is in the file. The only thing that changes is the sudo user, pwd and the command
sudo: pam_tally(sudo:setcred): unknown option: no_magic_root
sudo: usera : TTY=pts/2 ; PWD=/home/usera ; USER=root ; COMMAND=/bin/grep sudo /var/log/secure
Thanks.
awk ' /^sudo:/ && !arr[$2]++ ' /var/log/secure
Thanks for the suggestion - I'll give this a try when I get to work.