在我的Debian Squeeze服务器中,所有用户登录和注销都记录在文件/var/log/auth.log中
Jan 28 07:11:06 xen8 sshd[29826]: pam_unix(sshd:session): session opened for user root by (uid=0) Jan 28 07:33:47 xen8 sshd[29826]: pam_unix(sshd:session): session closed for user root Jan 28 09:45:58 xen8 sshd[14374]: pam_unix(sshd:session): session opened for user root by (uid=0) Jan 28 09:47:36 xen8 sshd[14374]: pam_unix(sshd:session): session closed for user root Jan 29 07:37:48 xen8 sshd[24940]: pam_unix(sshd:session): session opened for user root by (uid=0) Jan 29 07:38:11 xen8 sshd[24940]: pam_unix(sshd:session): session closed for user root Jan 29 08:35:13 xen8 sshd[25707]: pam_unix(sshd:session): session opened for user root by (uid=0) Jan 29 08:37:06 xen8 sshd[25707]: pam_unix(sshd:session): session closed for user root Jan 29 16:59:39 xen8 sshd[30725]: pam_unix(sshd:session): session opened for user root by (uid=0) Jan 29 17:00:58 xen8 sshd[30725]: pam_unix(sshd:session): session closed for user root Jan 29 17:11:17 xen8 sshd[30832]: pam_unix(sshd:session): session opened for user root by (uid=0) Jan 29 18:11:37 xen8 sshd[30832]: pam_unix(sshd:session): session closed for user root
通过进程ID,应该能够找到匹配的登录/注销,然后可以计算时间.但我的sed / awk技能非常有限,甚至可能还有现成的脚本/工具来完成这项任务?
是否有一种简单的方法来提取用户登录的时间?总计(每个文件),或者甚至是一些漂亮的图形?