I am using the following command to save wtmp (last command) to a logfile:
last -F | grep -i -e pv -e nv -e pp > last.log
Result:
I want to extract the username (first block) and the time of login (second block) using a bash script. The problem I have is that I do not know how to read the results of the log. How can I retrieve specific parts of the log. It seems to me that these are rows and collumns. Can I use that to extract the data?
Regards
I'm using this as I want to have the real name of a sudoer user
added in /etc/bashrc :
export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
and in rsyslog.conf (addition of a logger local6 to fill in the /var/log/commads.log (it add it below boot.log):
sed -ie '/log\/boot.log/a local6.* /var/log/commands.log' /etc/rsyslog.conf
systemctl restart rsyslog
As the /var/log/command is like history you can treat it with awk to get only the required fields.
