LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-28-2014, 03:47 AM   #1
vipinsqa
Member
 
Registered: Oct 2014
Posts: 40

Rep: Reputation: Disabled
Shell script to find out all hosts which have connected ever to a given linux box.


Hello,

I have a Red Hat Linux box.
I need to find out all hosts which have ever connected to this host. I believe it should have all such information logged in the log files. I would just need the hostnames, date connected and operating system (if possible) information for all such hosts.

Can someone please help me with such a shell script? Which is when run, gives all the information on hostnames, date/time of connection and operating system of all such hosts.

Your help will be greatly appreciated.

Regards.
 
Old 10-28-2014, 04:13 AM   #2
rigor
Member
 
Registered: Sep 2011
Posts: 214

Rep: Reputation: Disabled
Hi vipinsqa!

Since you are talking what hosts have ever connected, the exact form of the script that would be needed, might depend on how log rotation is being done.

Also, in what type of connections are you interested? For example, if you were focusing on shell logins, you could get that sort of information from the last command.

Please give us some additional details, such as:
  1. in what type of connections are you interested?
  2. how is log rotation being handled?
  3. are the logs actually kept indefinitely?
 
Old 10-28-2014, 04:13 AM   #3
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
That be a hard task. First of all you would need to make a list of running services. After that check where they put there log files. Then you have to get the schema of the log file. Like apache has (per log line): date method URL browser-id client-ip. You then have to write a parser for each service log and get those into one file.

Just for the sake of it. Logfiles get rotate on default setups so you will not get every connectíon ever done with the machine. Same goes for otherwise deleted log files, deinstalled services and a like.
 
1 members found this post helpful.
Old 10-28-2014, 04:52 AM   #4
vipinsqa
Member
 
Registered: Oct 2014
Posts: 40

Original Poster
Rep: Reputation: Disabled
Hi Guys,

I will try to answer your questions.. We need the details of hosts which connected with this Linux host in past say a year or so. Not sure if log rotation would have been done for such a period.
Also, like we have event log in windows, do we have a mechanism in Linux host where we get all this information logged as in all the hosts which connected to this linux host?

Just looking for a shell script on this.
 
Old 10-28-2014, 05:01 AM   #5
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 8,122

Rep: Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270
just looking for a shell script .....
/var/log is the place (similar to the event log of windows) Logrotate will handle the information stored. If the requested information is not available (any more) there will be no such script to retrieve....
 
Old 10-28-2014, 05:01 AM   #6
vipinsqa
Member
 
Registered: Oct 2014
Posts: 40

Original Poster
Rep: Reputation: Disabled
Hi Zhjim,

Just wanted to clarify.. I do not need the information for all service logs.. Rather I just need shell script to pull out the information of all hosts (host name or IP) which connected to this linux host (purpose be anything) with the date and time.

Thanks.
 
Old 10-28-2014, 05:05 AM   #7
vipinsqa
Member
 
Registered: Oct 2014
Posts: 40

Original Poster
Rep: Reputation: Disabled
Thanks pan64 for your reply. I would appreciate if you can help me with actual log (in /var/log/) which logs all information on connected hosts and a sample script I can use to fetch all such information.
 
Old 10-28-2014, 05:37 AM   #8
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 8,122

Rep: Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270Reputation: 2270
you need to specify what kind of access do you want to look for (what kind of connection do you really mean, for example ssh, ???) and you need to check the log file related to that service. Probably you also need to configure those services to log the event you need.
But actually you know only the actual configuration of the host, therefore only you can find out the relevant information.
 
Old 10-28-2014, 07:43 AM   #9
vipinsqa
Member
 
Registered: Oct 2014
Posts: 40

Original Poster
Rep: Reputation: Disabled
Hi,

Thanks for the revert. I can confirm that we need to know hosts for ssh connections only to the linux box. Also, we do not need any service to log any information. We just need a list of all hostnames (or IP address) which connected to a particular linux box (say in last few months). I am trying to find the relevant log in /var/log/ which would store this information.

Any pointers here and a sample script would be appreciated.

Thanks.
 
Old 10-30-2014, 01:11 AM   #10
rigor
Member
 
Registered: Sep 2011
Posts: 214

Rep: Reputation: Disabled
On my Linux system, by default, any successful SSH logins can be shown by the last command:

Quote:
last -a
If I wish to see failed login attempts, I would have to look elsewhere.

Also, Linux systems tend to be very flexible when it comes to configuration. Even though it might be fair to say that it would be a strange thing to do, if I wanted to configure the system so that a certain type of events were logged in the file /var/log/toilet.log I could probably do so rather easily.

Log rotation tends to happen automatically. So you might need to know exactly how your system is configured as far as the events you are seeking are concerned. In my case, I can look in /var/log/messages to see failed ssh login attempts, but only those during a certain period of time. Due to automatic log rotation, there are currently already 17 compressed older messages files in /var/log from this year, so far, that I would also have to look through, if I wanted to check such things for the year, so far.

Then too, even different versions of the same Linux distribution might word a particular type of message somewhat differently. So looking for the exact wording from one version, might not work with another version.

There is a tendency to need to know how your particular system is configured.

I hope this helps in at least some way.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Write a shell script that pings a list of hosts and reports the unreachable ones. Beverly Linux - Newbie 8 11-25-2012 08:59 PM
help me list only linked files in my linux box using a shell script Hossana Linux - Newbie 4 09-06-2011 03:32 AM
Script for hosts, numbers of hosts and users connected to squid server arunabh_biswas Programming 5 08-28-2010 05:11 AM
Linux can't find a shell script?? jt1020 Linux - General 4 04-27-2003 09:27 AM


All times are GMT -5. The time now is 09:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration