好久木有分享代码了,今天找到一个,这个挺好,可以从log里面把用户登陆/登出的用户名和时间显示出来,对于想看看电脑何时/谁使用了多长时间电脑有所帮助,这个是网上抄过来的:
#!/usr/bin/python
# extracts the login attemps and successes from the audit logs.
# v.0.1
# Noel B.A. contact@nbalonso.com
from optparse import OptionParser
import os
import subprocess
from xml.dom import minidom
#import getopt, sys, ConfigParser, cStringIO, time, traceback, datetime
# import subprocess
# import plistlib
# import datetime
# import sys
# import stat
class BSMProcessor(object):
'''description'''
def __init__(self):
self.logPath = '/var/audit/'
self.auditreduceScript = '/usr/sbin/auditreduce'
self.prauditScript = '/usr/sbin/praudit'
def getLogs(self):
""" Read the logs using praudit """
#try:
for auditfile in os.listdir(self.logPath):
# the 'current' file is processed as .not_terminated
# filter it out to avoid duplicates
if auditfile != 'current':
# execute praudit and store the output in content
sp = subprocess.Popen([self.prauditScript, "-x", self.logPath + auditfile], stdout=subprocess.PIPE)
content, err = sp.communicate()
# parse the content with minidom and store it in xmldoc
xmldoc = minidom.parseString(content)
# loop within each <record> </record>
itemlist = xmldoc.getElementsByTagName('record')
for key in itemlist :
if key.attributes['event'].value == 'loginwindow login' or key.attributes['event'].value =='logout - local':
print key.attributes['event'].value,
print '\t\t',
#Print information within <subject></subject>
subject=key.getElementsByTagName('subject')
for skey in subject:
print skey.attributes['audit-uid'].value,
print '\t\t',
print key.attributes['time'].value
#Print information within <text></text>
# text=key.getElementsByTagName('text')
# for tkey in subject:
# print tkey.attributes['text'].Nodevalue
#except OSError:
# print 'Access denied. This program needs sudo access'
def main():
'''Main'''
bsmProc = BSMProcessor()
parser = OptionParser()
parser.add_option("-f", "--file", dest="filename",
help="Write the result to FILE.", metavar="FILE")
# parser.add_option("-x",
# help="Print the records in xml format.")
options, args = parser.parse_args()
# print 'Arguments:', args
# print 'Options:', options
# print '=============='
# Do the work....
bsmProc.getLogs()
if __name__ == '__main__':
main()