azureuser@puppetagent-ubuntu1:/tmp$ cat /bin/user_activity.sh
#!/bin/bash
echo `last` > /tmp/login_history.txt
我正在通过“last”命令跟踪 Linux 中的用户数据,因此我将数据附加到 .txt 和 .csv 文件,但数据仍然没有按照我期望的格式出现。
cat out.txt:
azureuse pts/1 157.47.38.139 Mon Sep 20 14:30 still logged in
azureuse pts/0 157.47.56.225 Mon Sep 20 12:33 - 14:34 (02:00) azureuse pts/0 157.47.56.225 Mon Sep 20 10:29 - 12:33 (02:03) azureuse pts/0 157.47.56.225 Mon Sep 20 09:53 - 10:28 (00:35) azureuse pts/0 157.47.37.28 Mon Sep 20 09:09 - 09:53 (00:43) azureuse pts/1 157.47.40.253 Mon Sep 20 05:30 - 08:51 (03:20) azureuse pts/0 157.47.40.253 Mon Sep 20 05:28 - 08:51 (03:22) azureuse pts/0 157.48.201.134 Fri Sep 17 12:15 - 16:10 (03:54) azureuse pts/0 157.48.201.134 Fri Sep 17 08:47 - 11:38 (02:50) azureuse pts/0 157.48.201.134 Fri Sep 17 06:07 - 08:17 (02:09) azureuse pts/0 157.48.139.114 Thu Sep 16 14:53 - 14:57 (00:04) azureuse pts/0 157.48.139.114 Thu Sep 16 14:48 - 14:48 (00:00) azureuse pts/0 157.48.139.114 Thu Sep 16 13:49 - 14:47 (00:58) reboot system boot 5.8.0-1041-azure Thu Sep 16 13:29 still running wtmp begins Thu Sep 16 13:29:48 2021
我期望如下
testvm:/etc/puppetlabs/code/environments/production/manifests$ last
azureuse pts/0 104.46.119.134 Mon Sep 20 14:29 still logged in
azureuse pts/1 104.46.119.134 Mon Sep 20 09:52 - 14:35 (04: 42)
azureuse pts/0 104.46.119.134 Mon Sep 20 09:10 - 09:53 (00:42)
答案1
您可以使用utmpdump转储/var/log/wtmp:
utmpdump < /var/log/wtmp | IFS=\] mapfile -d \[; a=("${MAPFILE[@]%% *}"); IFS=,; for ((i=0; i<${#a[@]}; i+=8)); do echo "${a[*]:$i:8}"; done