Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
976 views

Who was logged into the system (Novell) on Monday June 11.

Hello everybody,

I need your help. I was asked if there is a way to find out who logged in on June 11th, 2012. Plese let me know if there is a log that I can check of if there is a way to run a report in ConseoleOne, ZenWorks etc.
I am currnelty running NetWare 6.5 sp8.
Thank you very much.
Labels (1)
0 Likes
2 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

On Tue, 10 Jul 2012 20:26:02 +0000, agarc wrote:

> I need your help. I was asked if there is a way to find out who logged
> in on June 11th, 2012. Plese let me know if there is a log that I can
> check of if there is a way to run a report in ConseoleOne, ZenWorks etc.


That would be a function of auditing. If you have auditing running, and
have been logging login and logout activity, then this is easy. If you
have not been auditing, then this is essentially impossible.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
Cadet 1st Class Cadet 1st Class
Cadet 1st Class

Not unless you are gathering logs... no. And if you were, you would not be asking.

One of the easiest / ugly ways to do this is take or create a R/W replica which hold the users of interest and set up dstrace to log login events to a file. This can be scripted / cron'd to roll the log and other niceties. Then you will see the authentication events. The Auditing Starter Pack / Sentinel will do the same, but prettier and better and less kludgy. Of course you'd need a time machine capable of putting you back before June 11 to accomplish your mission. 😞

Also do these users use GroupWise? Perhaps they logged in, and those events are logged in the POA logs, even with default logging setup. Not many days are kept for the POA logs, and the default configuration doesn't help. Those would be on backups. And the defaults would most likely mean you get something. Same for webaccess and IMAP logs. It can pin a user down to an IP address.

Do you mean ZenWorks, as in "starter pack" or ZCM? Huge difference. There may be logs on the ZCM server when the user authenticates, like the ZCM server side CASA logs. These may make it into backups.

Like any sort of auditing, you do need to have planned ahead to have a verifiable audit trail. So I'm guessing the answer to your question is "no."

-- Bob
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.