• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[FEATURE REQUEST] User Login Audit Trail
#1
Hi,

I don't know where to post this but here goes.

Would it be possible to add a Audit Trail into GLPI that loggs username and a time stamp when user loggs into PC (and why not also loggs out)?

http://en.wikipedia.org/wiki/Windows_Security_Log

Useful scenarios:

1. A PC is strangely missing, who used the computer last time?

2. Some odd action happening with PC, who used it last?

3. Is there currently a user logged into the computer?

Thanks in advance!

br,
Chris
  Reply
#2
1. You have it in the last inventory, in computer form, it's field 'Alternate username ' Wink

For 2 and 3, I don't know how to do this
Co-leader, official developper
DCS official PARTNER: dcs.glpi@dcsit-group.com
  Reply
#3
Thanks for Your reply!

ddurieux Wrote:1. You have it in the last inventory, in computer form, it's field 'Alternate username ' Wink

For 2 and 3, I don't know how to do this

Yes, 1. is there. I'll try to post some code example later today on howto get user login @ login :-)

br,
Chris
  Reply
#4
Ok, I'm not good at this and I'm not familiar with FI-Agent code at all. Here is an idea on HowTo trigger a .vbs script @ user login to get time stamp and logged in user. Data should be stored in database and listed on request.

VBS script that should be triggered @ userlogin on PC

=> get time stamp and who is logging in..

Code:
Function TimeStamp()
  Dim Temp, iHour, iMinute, iSecond
  Temp = Timer/3600
  iHour = Int(temp)
  iMinute = Int((temp - iHour) * 60)
  iSecond = Int((((temp - iHour) * 60 - iMinute) * 60)*1000)/1000
  
  '2 digit hour
  If Len(iHour) < 2 Then
    iHour = "0" & CStr(iHour)
  Else
    iHour = CStr(iHour)
  End If
  
  '2 digit minute
  If Len(iMinute) < 2 Then
    iMinute = "0" & CStr(iMinute)
  Else
    iMinute = CStr(iMinute)
  End If
  
  '2 digit second
  If Len(Int(iSecond)) < 2 Then
    iSecond = "0" & CStr(iSecond)
  Else
    iSecond = CStr(iSecond)
  End If
  
  '3 digit hundredths
  If Len(iSecond) < 6 Then
    iSecond = iSecond & "0"
  End If
  
  TimeStamp = Date & " " & iHour & ":" & iMinute & ":" & iSecond
End Function

  oReg.GetStringValue HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultUserName", net_user_name


or:

Code:
Dim objNetwork
Dim userName

Set objNetwork = CreateObject("WScript.Network")
userName = objNetwork.UserNam


DB: (UUID can GLPI data be used..?)
Code:
CREATE TABLE `system_audits` (
  `system_audits_id` int(10) unsigned NOT NULL auto_increment,
  `system_audits_uuid` varchar(100) NOT NULL default '',
  `system_audits_username` varchar(45) NOT NULL default '',
  `system_audits_time` varchar(45) NOT NULL default '',
  `system_audits_timestamp` bigint(20) unsigned NOT NULL default '0',
  PRIMARY KEY  (`system_audits_id`),
  KEY `Index_1` (`system_audits_timestamp`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;


VBS sends data to GLPI database, get the audit trail with:
Code:
<?php

$query_array=array("headline"=>__("List Audit Trail for Host"),
                   "sql"=>"SELECT * FROM system_audits WHERE system_audits_uuid = '".$_REQUEST["pc"]."' ",
                   "sort"=>"system_audits_timestamp",
                   "dir"=>"DESC",
                   "fields"=>array("10"=>array("name"=>"system_audits_timestamp",
                                               "head"=>__("Date Audited"),
                                               "show"=>"y",
                                               "link"=>"y",
                                               "search"=>"n",
                                              ),
                                   "20"=>array("name"=>"system_audits_username",
                                               "head"=>__("Audited User"),
                                               "show"=>"y",
                                               "link"=>"y",
                                               "search"=>"n",
                                              ),
                                  ),
                  );
?>

Some of the code examples are a direct copy from http://www.open-audit.org/

To get rid of .vbs script @ login, why not make an option to force FI-Agent to run @ user login. This way only some PHP-code & DB changes should be necessary?

br,
Chris
  Reply
#5
But you can have a problem, since Vista you can have more than one user connected on the computer.

We use primary PERL language in agent
Co-leader, official developper
DCS official PARTNER: dcs.glpi@dcsit-group.com
  Reply
#6
ddurieux Wrote:But you can have a problem, since Vista you can have more than one user connected on the computer.

We use primary PERL language in agent

Yes, I know that it is not perfect but it would be a good add-on.
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)