On Monday 19 March 2001 14:42, omicron wrote:
hi i installed whowatch, and while it is better than anything i've seen it still does not tell me about ftp, pop,etc. Surely the OS knows who are logged in and all i've to do is get the info from the OS . But how ?
Well, not really. The OS, per se, does not know anything about logins. For regular login, this is handled by getty(1m) and login(1m) which do the user logging reported by who(1) and its kin. FTP and POP daemons are applications which do their own logging. Bear in mind that connecting to FTP or POP daemons is not at all the same thing as logging in, no process group is started, all you get is one end of a socket connection. Telnetc connections are like regular login, the difference being that the telnet daemon uses a psuedo-tty instead of a console tty (even this is simplified). I checked the ftpd man page and it sez that it logs users to /var/run/utmp, which is where login putes them. The wrinkle here is that there exists a whole slew of FTP daemons and they may all be different and, for that matter, there may be more than one flavor of login in use. No idea what the situation is for POP servers, but I'd guess it's all over the map. The net is that you really do have to look in a bunch of separate logs so you may as well write that perl program and get it over with. :-) And, be aware that your perl program will be specific to the collection of servers on your particular host. best regards, Gerard Bras