分类: LINUX
2008-06-04 15:29:26
#!/usr/bin/perl
system "killall -9 watch";
open (AA,">/usr/zzxia/log");
@ttl="";
AAA:
@wda=`who`;
for ($i=0;$i<@wda;$i++) {
chomp ($wda[$i]);
@str=split(/\s+/,$wda[$i]);
$datestr=`date '+%Y-%m-%d %T'`;
system "echo 'use userlog;' > /usr/zzxia/$str[1].log1";
system qq ~ echo "INSERT INTO userip6 VALUES('$str[0]','$str[5]','$str[2]-$str[3]-$str[4]','$datestr','">> /usr/zzxia/$str[1].log1~;
chomp ($stty=$str[1]);
print AA "who value $stty\n";
@watchs1=`ps -ax | grep watch | grep -v grep `;
$tta=0;
for ($j=0;$j<@watchs1;$j++){
chomp ($watchs1[$j]);
@watchs=split(/\s+/,$watchs1[$j]);
chomp ($ws=$watchs[5]);
print AA "watch is $ws\n";
if ($stty eq $ws) {
$tta=1;
}
}
if ( $tta==0 ) {
system "/usr/sbin/watch $stty >/usr/zzxia/$stty.log2& ";
$ppid1=`ps -ax | grep $stty | grep -v sshd |grep -v grep `;
@ppid2=split (/\s+/,$ppid1);
chomp ($ppid=$ppid2[0]);
if ($ppid){
print AA "ppid is $ppid \n";
push (@ttl,"$stty,$ppid");
}
}
}
@ttl2="";
print AA "ttl is @ttl\n";
for ($l=1;$l<@ttl;$l++) {
@ttls=split(/,/,$ttl[$l]);
chomp ($kpid=$ttls[1]);
chomp ($ktty=$ttls[0]);
$sp=`ps -aux |grep $kpid |grep -v grep`;
if ( !$sp)
{
system "cat /usr/zzxia/$ktty.log1 /usr/zzxia/$ktty.log2>/usr/zzxia/$ktty.log3 ";
system qq~echo "');">>/usr/zzxia/$ktty.log3~;
system "rm /usr/zzxia/$ktty.log1 /usr/zzxia/$ktty.log2 ";
print AA "mysql -h 192.168.0.1 -utest -ptest `mysql -h 192.168.0.1 -utest -ptest system "rm /usr/zzxia/$ktty.log3";
}else {
push (@ttl2,"$ktty,$kpid");
}
}
@ttl=@ttl2;
sleep(3);
goto AAA;
chinaunix网友2010-01-04 09:35:48
linux下有watch这个命令,可是可以: watch '/dev/pts/1' 这样来使用吗? 我用centos这样用报没有权限,watch 'pts/1'的话报没有这个文件或者目录,这是为什么呢?
chinaunix网友2008-07-28 18:08:02
兄弟,用你的脚本试了一下(我把插入数据库那边的代码给去掉了),结果在/home/zzia/pts目录下面是看到了1.log1,1.log2等文件。cat出来后里面是insert语句,里面有用户登陆的时间IP等,不过在哪儿看到某个用户登陆进去操作的命令呢?请赐教~,我的系统是TURBO LINUX 10。谢谢!