Subject: Re: How to determine which Mac s are connected?
From: Tom Fitzgerald (tfitz@MIT.EDU)
Date: Thu Mar 23 2000 - 15:54:30 EST
> Patrik Schindler, poc@pocnet.net writes:
>
> >Indeed, a little goodie to keep track which users were connected from
> >which machines would be nice, but I have no idea to keep track of
> >AppleTalk users.
> >
> We use "ps". Doing a 'ps aux|grep afp' will give you a list of all the
> afp processes. The one owned by "root" is the original. All the others
> are owned by the login id of the user. To track down machines, you have
> to go to the log file: /var/log/messages
>
> sudo grep afp /var/log/messages
>
> will list out everything, including the process ID. With a little
> scripting, it would be possible to "join" the two together by process ID,
> thus matching user with machine. Hmmmm....maybe I'll write it and donate
> it to the list.
>
Here's what I use on Solaris. It depends on /var/log/syslog having all
afpd log info (so when the syslog gets truncated, the info becomes
unreliable, but oh well).
Output looks like:
# atwho
USER GROUP PID RSS STIME TIME CMD HOST
susanrm mit 25601 940 Mar_20 0:25 afpd lycra
namkung mit 10641 852 Mar_22 0:02 afpd scanmac-116
h_chang mit 16964 864 19:31:26 0:00 afpd eastgate-four
susanrm mit 2621 904 13:56:31 0:00 afpd cro-g4
jmack mit 1959 1028 13:29:12 0:02 afpd fredrik
(etc)
all fields except the last are from ps(1), so RSS is process memory
size in KB, STIME is process start time, etc.
-------------------------- cut here --------------------------
#!/usr/local/bin/perl
use Socket;
%ip = (); # indexed by pid: IP address of client
%user = (); # and user logged in on that client
open (LOG, "/var/log/syslog") || die "Can't open syslog: $!";
while (<LOG>) {
next unless / afpd\[.*( login | logout | session| server_child)/;
@a = split (' ');
($pid = $a[4]) =~ s/^afpd\[(.*)\]:$/$1/;
if ($a[6] =~ /^session:/) {
($ip = $a[8]) =~ s/:.*//;
$ip {$pid} = $ip;
} elsif ($a[5] eq "login") {
$user {$pid} = $a[6];
} elsif ($a[5] eq "logout") {
delete $ip {$pid};
delete $user {$pid};
} elsif ($a[5] =~ /^server_child/) {
$pid = $a[6];
delete $ip {$pid};
delete $user {$pid};
}
}
close LOG;
open (PS, "ps -ae -o user,group,pid,rss,stime,time,fname|")
|| die "Can't fork ps: $!";
$_ = <PS>;
chop;
printf "%-57s %s\n", $_, "HOST";
while (<PS>) {
next if /^ root / || !/afpd$/;
chop;
@a = split(' ');
$pid = $a[2];
$packip = pack ('C4', split (/\./, $ip{$pid}));
($name, $rest) = gethostbyaddr ($packip, AF_INET);
printf "%-57s %s\n", $_, $name;
}
close PS;
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:30:17 EST