Hi,
The logins module was not terribly useful for me b/c I just ended up
seeing the same set of logins over and over and over again b/c my users
are those who do the same thing, commonly. It ended up just being noise
in the log report and I couldn't sensibly parse it.
With that in mind I modified it to keep a sqlite db of all system
logins. It uses this db to determine what is common login.
so if user skvidal logs in once at 2pm using ssh(pk) on the host
login.mydomain.org. I should get a notice about it.
However, the next time they do the same thing, to the same place, at the
same time of day(plus or minus a time_fuzz) amount using the same
service don't add it to the report. Just skip it.
But if they login at 4pm, let me know that they logged in.
This helps me by just reporting the outliers the oddball logins. So if a
user has never logged into host X before, I'll see that in the log
report.
I checked it into git upstream:
http://git.fedorahosted.org/git/?p=epylog.git;a=commitdiff;h=84101b41b0eb...
let me know if it does or does not work for you.
the config file for the module is commented pretty well.
suggestions welcome.
-sv