Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi , I want a perl script which will monitor the traffic on ssh port and 1) will catch the user name of the user 2) the ip address of the user 3) will log the connection time as hours and date beginning and ending All these information will be logged in another file. The question will be which user, when, at what time, has connected to server and left the server. The program should answer all these questions . Can anyone suggest me how I can design this script . Thankyou !

Replies are listed 'Best First'.
Re: Perl Monitoring Script
by cleverett (Friar) on Jul 31, 2003 at 05:47 UTC
    Every OS is different, up to and including different flavors of and installations of the same flavor of Linux.

    But if you are using a Unix (including Linux, *BSD, etc), somewhere under /var/log, you might find a file that the activity of various daemons. On my box, I have /var/log/daemon.log, which gives the time, process id and username for every ssh connection opened and closed, as well as ftp, etc.

    If I were to write such a program, all I would have to do is parse /var/log/daemon.log line by line matching usernames and process ids for get the starting and opening times.

    However, keep in mind that lots of log analysis programs have been written. You'd probably be better of finding one by googling on "linux log analysis programs written in perl".

[reply]
Re: Perl Monitoring Script
by nega (Scribe) on Jul 31, 2003 at 13:22 UTC
    See this thread, this thread, and this thread. If you want to do this on the local host, just use the Unix command grep to get the information you want out of sshd's log files.
[reply]

Back to Seekers of Perl Wisdom