Some SSO hub usage data collected manually

2 posts / 0 new
Last post
Some SSO hub usage data collected manually

Operations SysOps already keeps track of SSO Hub usage including total number of logins and unique user logins monthly as an Ops metric to track.  Ops has this information from Sept 2015 until Sept 2017 except for two months where the SSO hub admin did not have the logrotate service installed to save log files (Nov 15) which has been fixed and a syslog failure problem (May 2016). 

It would be great to automate this which should not take much time.  Here is the information Ops has currently

Month   Total-Logins    Unique-User-Logins
Sep-15  9879    806
Oct-15  12000   902
Nov-15  0       0
Dec-15  9655    736
Jan-16  10461   859
Feb-16  14534   1025
Mar-16  15261   1136
Apr-16  15254   1011
May-16  0       0
Jun-16  5270    605
Jul-16  9372    764
Aug-16  9758    868
Sep-16  9714    936
Oct-16  12242   1082
Nov-16  12223   1001
Dec-16  7835    798
Jan-17  5890    625
Feb-17  7612    721
Mar-17  9092    756
Apr-17  8117    745
May-17  7440    688
Jun-17  7662    635
Jul-17  7246    599
Aug-17  5807    554
Sep-17  6267    669

Ops staff go in and manually collect this (Actually, I am the one who collects this).  Here is the script used for Sept which was run after Oct 1st

echo -n "Sep-2017"; last -f /var/log/wtmp-20170901 | grep Sep > /tmp/last-201709; last -f /var/log/wtmp-20171001 | grep -v Oct >> /tmp/last-201709; echo -n " "; echo -n `cat /tmp/last-201709 | cut -c 1-8,43-50,67-71 | wc -l`; echo -n " "; cat /tmp/last-201709 | cut -c 1-8,43-50,67-71 | cut -c 1-8 | sort -u | wc -l

Because of the way the wtmp files are created for Sept data you have to look in the wtmp-20171001 and the wtmp-20170901 file to get all the Sept data.  See the first few lines of the output of last -f (file) to see what I am talking about.

I don't know the difference between items "Number of logins to the SSO Hub during this period" and "Maximum number of simultaneous SSO Hub sessions during this period (to understand load)".  The wtmp information is recorded for each SSH session so logins and sso login sessions are the same thing I think.  The last item to find out who is going to SPs from the SSO hub would be some type of wrapper as you mentioned.  That could be interesting and is not collected currently.  I would not do that with linux process accounting because that method does not capture arguments.  You could do it by turning on the NERSC command logging and parse the logs for that as another alternative.  As far as I know Linux process accounting only logs the unix "basename" (that is a unix command) of the command in process accounting logs unless that changed in Linux 7 or 7.4.

Feel free to ask me any questions about this.

Delivery Effort Stage: 


Thanks for the script and the info. Are you analyzing the wtmp files off-line? If so, I would appreciate info on that. Also, it looks like auditd could be used to capture all invocations to gsissh along with the arguments.


Log in to post comments