Hi,
I am interested in logging when a user accessed the server. Whether that user went through the web api, went through SSH, went and accessed an SMB share. Whatever the mode is, I would like to see a history of who accessed the server and when they terminated that session. The end result after cleaning up the data would be something in the format of....
And certainly data supporting this goal would exist in...
One might think utx.lastlogin or especially userlog would provide some info.... hard nope.
Thoughts? - Thank you
	
		
			
		
		
	
			
			I am interested in logging when a user accessed the server. Whether that user went through the web api, went through SSH, went and accessed an SMB share. Whatever the mode is, I would like to see a history of who accessed the server and when they terminated that session. The end result after cleaning up the data would be something in the format of....
| SessionID | DATE_TIME | USER | HOST | Service | 
| 12ABC | 12-20-20 12:23 | root | 10.0.0.50 | FreeNAS GUI | 
| 12ABC | 12-20-20 12:30 | root | terminated session | FreeNAS GUI | 
| 12EFG | 12-21-20 5:45 | John | 10.0.0.32 | SMB | 
| 12EFG | 12-24-20 14:23 | John | terminated session | SMB | 
| 12EGG | 12-25-20 0:00 | root | 10.0.0.50 | SSH | 
And certainly data supporting this goal would exist in...
Code:
/var/log/messages /var/log/auth.log /var/log/utx.log /var/log/utx.lastlogin /var/log/userlog
One might think utx.lastlogin or especially userlog would provide some info.... hard nope.
Thoughts? - Thank you
 
				 
 
		 
 
		 
 
		