On Tue, 10 Jul 2012 20:26:02 +0000, agarc wrote:

> I need your help. I was asked if there is a way to find out who logged
> in on June 11th, 2012. Plese let me know if there is a log that I can
> check of if there is a way to run a report in ConseoleOne, ZenWorks etc.

That would be a function of auditing. If you have auditing running, and
have been logging login and logout activity, then this is easy. If you
have not been auditing, then this is essentially impossible.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

Not unless you are gathering logs... no. And if you were, you would not be asking.

One of the easiest / ugly ways to do this is take or create a R/W replica which hold the users of interest and set up dstrace to log login events to a file. This can be scripted / cron'd to roll the log and other niceties. Then you will see the authentication events. The Auditing Starter Pack / Sentinel will do the same, but prettier and better and less kludgy. Of course you'd need a time machine capable of putting you back before June 11 to accomplish your mission. 😞

Also do these users use GroupWise? Perhaps they logged in, and those events are logged in the POA logs, even with default logging setup. Not many days are kept for the POA logs, and the default configuration doesn't help. Those would be on backups. And the defaults would most likely mean you get something. Same for webaccess and IMAP logs. It can pin a user down to an IP address.

Do you mean ZenWorks, as in "starter pack" or ZCM? Huge difference. There may be logs on the ZCM server when the user authenticates, like the ZCM server side CASA logs. These may make it into backups.

Like any sort of auditing, you do need to have planned ahead to have a verifiable audit trail. So I'm guessing the answer to your question is "no."

-- Bob