Simple bash script help
I wrote up a simply script to find out which users have and have not logged into our mail server over the past month. It works if I only analyze one log file ('checklist' is a list of usernames we want to check):
for user in $userlist; do
if grep "Login: $user " /var/log/dovecot.imap.info.log.1 > /dev/null; then
echo $user has logged on
echo $user has NOT logged on
The problem is that we have a lot of log files to go through, and when I try to use a wildcard in the filename to search through all the logs (var/log/dovecot.*.info.log.*) it doesn't work. I don't know exactly what's happening, but it incorrectly reports that accounts have logged in that I know have not. Does anyone know how I can modify this script to search through multiple log files to find any instance of "Login: $user "?
Remove the /dev/null redirection and add -n, so you can see where and in which file the grep is picking up false positives:
$ sudo ./activeacct
root has logged on
daemon has logged on
adm has logged on
sync has logged on
shutdown has logged on
/var/log/dovecot.imap.info.log.21.gz:3897:imap-login: Nov 23 10:57:58 Info: Login: jjames [130.X.X.X]
jjames has logged on
skane1 has logged on
As you can see, grep does find something for jjames and correctly reports that he has logged on, but it doesn't find anything for daemon, adm, sync, etc, yet still reports that they have logged on. (By the way, I'm using zgrep instead of grep, since most of the logs are zipped).
~[user@host]if zgrep poppy mail.info.1.gz; then echo yes; else echo no; fi
~[user@host]if zgrep poppy mail.info.2.gz; then echo yes; else echo no; fi
~[user@host]if zgrep poppy mail.info.1.gz mail.info.2.gz; then echo yes; else echo no; fi
So, as you see, when grep has more than one file argument, its exit status is true. I don't know why this is, but you can fix it with something like:
if gunzip -c mail.info* | grep "Login: poppy"; then echo yes; else echo no; fi
So the wildcard expansion is done for the arguments to gzip, and grep checks stdin for your usernames. But you'll need to make a special case in your script for the non-zipped logfiles, or figure out a more elegant way of doing it.
I suggest trying this. You can adjust the find command to include other directories and files.
for i in `find /var/log/ -name dovecot.\*.log\*`
for user in `cat checklist`
if grep "Login: $user " $i >/dev/null 2>&1
echo "$user has logged on"
echo "$user has NOT logged on"
|All times are GMT -5. The time now is 08:50 PM.|