I want a count of the number of times a user, say root or ubuntu has logged in that week - lastlog gives me the information but without doing some parsing, is there a straighforward command to obtain the information.
lastlog | grep logged | awk '{print $1}'
The above for example, gives me who are the users who never logged in.
try last command:
last -F |grep user |wc -l
https://linux-commands-examples.blogspot.com/2018/12/last.html
Related
I'm trying to tweak a bash script to pull back PID's of the individual application accounts when there are multiple applications running as a masterId. This used to run under individual user accounts, but recent changes have forced the applications to all run under a combined "masterId", but still maintain a unique application Id that I can grep against.
Normally
pgrep -u "appId"
would give me a single PID. Now I have to run:
pgrep -u "masterId"
it returns all of the PID's (each one is it's own application).
1234
2345
3456
I'm trying to come up with a command to bring me back just the PID of the appAccount(n) so I can pipe it into other useful commands. I can do a double grep (which is closer to what I want):
ps aux | grep -i "masterId" | grep -i "appAccount(n)"
and that will get me the entire single process information, but I just want the PID to do something like:
ps aux | grep -i "masterId" | grep -i "appAccount(n)" | xargs sudo -u appAccount(n) kill -9
How do I modify the initial above command to get just the PID? Is there a better way to do this?
pgrep --euid "masterId" --list-full | awk '/appAccount(n)/ {print $1}'
Output the full process command line, then select the one with the desired account and print the first field (pid).
I'm writing a bash script that will print on the screen all the latest logs from a service that has already died (or still lives, both situations must work). I know its name and don't have to guess.
I'm having difficulty getting the latest PID for a process that has already died from journalctl. I'm not talking about this:
journalctl | grep "<processname>"
This will give me all the logs that include processname in their text.
I've also tried:
journalctl | pgrep -f "<processname>"
This command gave me a list of numbers which supposedly should include the pid of my process. It was not there.
These ideas came from searching for previous questions. I haven't found a question that answers specifically what I asked.
How can I extract the latest PID from journalctl for a specific process?
I figured this out.
First, you must be printing your PID in your logs. It doesn't appear there automatically. Then, you can use grep -E and awk to grab exactly the expression you want from your log:
Var=$(journalctl --since "24 hours ago" | grep -E "\[([0-9]+)\]" | tail -n 1 | awk '{print $5}' | awk -F"[][{}]" '{print $2}'
This one-liner script takes the logs from the last 24 hours, grep with -E to use an expression, tail -n 1 to grab the last most updated line from those results and then, using awk to delimit the line and grab the exact expression you need from it.
I created a script called monitornsuaccounts.sh that should append its output file to useraccountstatus.log. useraccountstatus.log is in the directory /var/local/nsu/logs/.
The output of this script should state every username and the following information about each username: username, last login, user home directory and associated groups. Preferably there should be columns with each information.
The command I use for the usernames is sudo cat /etc/passwd | grep ‘/home’. Last is to find the last login of each user. Groups is to the find the group of each user. When I run the command, the output file only shows the data I need for my current user rather than all users. Any recommendations that anyone has would be greatly appreciated.
#!/bin/bash
usernames=sudo cat /etc/passwd | grep ‘/home’
echo “$usernames” > /home/daniel/names.txt
mlast=$(cat names.txt | xargs -n1 last)
mgroup=$(cat names.txt | xargs -n1 groups)
cat names.txt > /var/local/nsu/logs/useraccountstatus.log
echo “$mlast” >>/var/local/nsu/logs/useraccountstatus.log
echo “$mgroup” >>/var/local/nsu/logs/useraccountstatus.log
There are a lot of issues in your script.
Your definition of users. Are you sure that this is what you want? For example: root does not have a directory under /home.
Watch your quotes. cat /etc/passwd | grep ‘/home’ returns nothing, while cat /etc/passwd | grep 'home' returns a list of stanzas in /etc/passwd
You'll probably want just a list of usernames, not a list of stanzas. Something along the line of
cat /etc/passwd | grep 'home' | sed 's/:.*//'
Why sudo in sudo cat /etc/passwd?
Look at your assignment in the
usernames=sudo cat /etc/passwd | grep ‘/home’
This does not make sense. You might try to do a
usernames=`sudo cat /etc/passwd | grep '/home'| sed 's/:.*//'`
And that is just the first line of the script.
Anyway, if your script does not work as intended, you will need to do some debugging. First question, especially if you are inexperienced, is "do the commands that I write give the result that I expect?" So in your case, you should have tried cat /etc/passwd | grep ‘/home’ and you would have seen that it does not give you the expected results. Even with the correct quotes, you'll get a list of stanzas, which is also not what you expected. Have you looked at /home/daniel/names.txt and was the content of the file what you wanted? I guess not: it was empty.
Just a quick hint, to get you started in the right direction (although there are still some issues and pepole might object to the backtics)
#!/bin/bash
usernames=`sudo cat /etc/passwd | grep '/home'| sed 's/:.*//'`
mlast=`echo $usernames | xargs -n1 last`
mgroup=`echo $usernames| xargs -n1 groups`
echo $usernames > /var/local/nsu/logs/useraccountstatus.log
echo "$mlast" >>/var/local/nsu/logs/useraccountstatus.log
echo "$mgroup" >>/var/local/nsu/logs/useraccountstatus.log
You will want to polish this and make the output more useful.
I am working in linux environment as a non root user. I am using users command to get the logged in users
users
But it returns the user names multiple times because multiple shells are created with same login. Is there any way to print the unique user list using users commad.
Even i tried by
users | sort -u
Still it returns the user names multiple times.
Try with this -
who| awk '{print $1}'|sort -u
users | sort -u
Still it returns the user names multiple times.
Of course. sort is line based, and users only prints a single line.
What you want is to just look at the first word per line before sort -u in who output:
$ who|cut -f 1 -d " "|sort -u
barney
fred
wilma
or
$ who|sed 's/ .*//' |sort -u
barney
fred
wilma
However, if you are interested in some of the actual lines output by who you can also use
$ who|sort -u -k 1,1
barney pts/23 Aug 26 10:11 (:5.0)
fred pts/3 Jun 11 18:38 (:6.0)
wilma pts/0 Jul 31 07:29 (:3.0)
You can try this command: who | cut -d' ' -f1 | sort | uniq
You can use w command to get the list of logged in users and the details
This one is a bit shorter:
users | tr ' ' '\n' | sort -u
Is there way of counting the number of processes being run by a user in the unix/linux/os x terminal?
For instance, top -u taha lists my processes. I want to be able to count these.
This will show all of the users with their counts (I believe this would be close enough for you. :)
ps -u "$(echo $(w -h | cut -d ' ' -f1 | sort -u))" o user= | sort | uniq -c | sort -rn
You can use ps to output it and count the number using wc, as:
ps -u user | sed 1d | wc -l
You can also dump top output and grep it, something like:
top -u user -n1 | grep user | wc -l
I'm somewhat new to *nix, so perhaps I did not fully understand the context of your question, but here is a possible solution:
jobs | wc -l
The output of the above command is a count of all the processes reported by the jobs command. You can manipulate the parameters of the jobs command to change which processes get reported.
EDIT: Just FYI, this would only work if interested in commands originating from a particular shell. If you want more control in looking at system-wide processes you probably want to use ps as others have suggested. However, if you use wc to do your counting, make sure you take into account any extraneous white space jobs, ps or top may have generated as that will affect the output of wc.