Jaime Cifuentes wrote:
My customer is planning a migration of OpenAFS to a different filesystem
platform and is requesting information about when was the last time
usernames accessed AFS. We use "kas" as an authentication method and I
have not found any way to display that information. Is there such a
possibility? We can find when the password was last changed with "kas
e", but is all I can see.
As Russ pointed out its in the logs, at least for the last few weeks.
Look at the attached script that will show by host kas access and last access.
Jaime Cifuentes
DCE/DFS-AFS Support, Hitachi
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
#!/bin/bash
# get klog stats for selected users
#
# option $1 old get last weeks AuthLog.old
#
#
LOG=/tmp/get.klog.stats.log
TMP=/tmp/get.klog.stats.tmp
# $1 is hex string like 928960a0
# HOST is set the hostname
HexIpToHost()
{
local UADDR
local DADDR
UADDR=`echo "$1" | tr "[a-f]" "[A-F]"`
DADDR=`echo "ibase=16; a=$UADDR; " \
"d=a%100; a=/100; c=a%100; a=/100; b=a%100; a=/100;"\
"a;b;c;d"| bc | sed -e 'N;N;N;s/\n/./g'`
HOST=`dig +short -x $DADDR | sed -e 's/[.]$//'`
}
####### MAIN #######
if [ "X$1" = "Xold" ] ; then
LOGVER=".old"
fi
LOG=/tmp/get.klog.stats$LOGVER.log
TMP=/tmp/get.klog.stats$LOGVER.tmp
rm $LOG 2>/dev/null
rm $TMP 2>/dev/null
touch $LOG
# | sed -e 's?^\([^ ]* [^ ]* \) \([0-9]\)?\10\2/' \
# -e 's?^\([^ ]* [^ ]* \) \([0-9]\)?\10\2/' >> $LOG
AFSSERVERS="list of your AFS database servers"
for S in $AFSSERVERS
do
bos getlog $S AuthLog$LOGVER > /tmp/dee.test.$S
bos getlog $S AuthLog$LOGVER | grep ",afs:[a-z][a-z][a-z][a-z] from" \
| sed \
-e 's?^\([^ ]* [^ ]* \) \([0-9]\)?\10\2?' \
-e 's?^\([^ ]* \)Jan ?\101 ?' \
-e 's?^\([^ ]* \)Feb ?\102 ?' \
-e 's?^\([^ ]* \)Mar ?\103 ?' \
-e 's?^\([^ ]* \)Apr ?\104 ?' \
-e 's?^\([^ ]* \)May ?\105 ?' \
-e 's?^\([^ ]* \)Jun ?\106 ?' \
-e 's?^\([^ ]* \)Jul ?\107 ?' \
-e 's?^\([^ ]* \)Aug ?\108 ?' \
-e 's?^\([^ ]* \)Sep ?\109 ?' \
-e 's?^\([^ ]* \)Oct ?\110 ?' \
-e 's?^\([^ ]* \)Nov ?\111 ?' \
-e 's?^\([^ ]* \)Dec ?\112 ?' \
-e 's?^\([^ ]*\) \([^ ]*\) \([^ ]*\) \([^ ]*\) \([^
]*\)?\5/\2/\3-\4 \1?'
done \
| sort > $LOG
# $1 is hex string like 928960a0
# HOST is set the hostname
HexIpToHost()
{
local UADDR
local DADDR
UADDR=`echo "$1" | tr "[a-f]" "[A-F]"`
DADDR=`echo "ibase=16; a=$UADDR; " \
"d=a%100; a=/100; c=a%100; a=/100; b=a%100; a=/100;"\
"a;b;c;d"| bc | sed -e 'N;N;N;s/\n/./g'`
HOST=`dig +short -x $DADDR | sed -e 's/[.]$//'`
}
grep ",afs:" $LOG | sed \
-e 's/^.* \([^ ,]*\),afs:.* from \([0-9a-f]*\)$/\1 \2/' \
| sort | uniq -c > $TMP
while read COUNT NAME HADDR ; do
HexIpToHost $HADDR
LAST=`grep "$NAME,afs:.* from $HADDR" <$LOG\
| tail -1 | sed -e 's/^\(.*\)'$NAME',afs:.*$/\1/'`
printf "%5s %-15s %s %-25s %s\n" $COUNT $NAME $HADDR $HOST "$LAST"
done < $TMP
