1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
Version 1.8
- Added -I hours[:min[:sec]] option to ignore specific amount of time
before starting accounting (per person (-p) accounting only).
- Added --seconds option to display time in seconds.
- Properly handles null usernames in radius detail logs (reported as the
username "UNKNOWN").
- Added simple fixtmp program to fixers directory.
- Define in the Makefile USE_FRAMED_IP_ADDR to 1 and sac will use the
Framed-IP-Address as the users hostname instead of NAS-IP-Address if
present (otherwise use NAS-IP-Address).
- Added support for min/max (-m) usage with per user (-p) accounting.
- Sac prints an alert and approximate time stamp if it encounters a zapped
(zeroed out) wtmp entry. These often indicate a hacker hiding their
tracks. Logouts w/o logins also may be suspicious, but sac does not as
yet report such occurances.
- Added -U option to report simultaneous usage on tty lines. Useful for
determining how often (-a) and when (-h) you reach peak modem usage.
- removed punctuation (,.) from output.
- -l option now honors -s & -e options.
- Fixed login reporting under tty accounting (-at) when -s or -e used.
- Added some support for Solaris machines (*ick*).
- Discovered min/max problem when processing more than one log.
- Updated fixtime slightly to work better.
- Added writetmp program.
- Updated INSTALL and README files.
- Fixed small error in -l logging where login listing could be attributed
to wrong day (if login wrapped at midnight) and could be cut out with the
-s option.
- Added -P option to perform IP accounting with radius detail logs that
log the octets and packet usage for each login. (Known to work with
Ascend terminal servers).
- Internal changes to support more accounting features than wtmp provides,
such as those provided in radius logs. Optimized some function value
passing (switched to pointer passing instead of stack).
Version 1.7
- Fixed error in rawtmp where it could get stuck in an infinite loop.
- Changed formatting of -p option to nicely format up to 16 character
usernames (for glibc) > 16 character usernames will still screw up
formatting.
- Fixed error in do_reboot() where usr was not being moved forward to
avoid problems with the clipping logic, which caused segmentation faults
on glibc machines.
- Excluded users (via -x) will not be accounted for even if listed by the
-u command.
- Added support for reading lists of users, excluded users, ttys and host
names from files if the file name is preceded with a '@' sign.
(i.e. sac -apm @/path/to/userlist)
- Add support for wildcards with the -R option to select multiple
portmasters more easily. (i.e. sac -apm -R "*")
- Stops processing logs and reports what it has when it hits major time
corruption -- to avoid endlessly processing corrupted logs.
- Added fixterm.c courtesy of Thomas Roessler.
- Moved fixterm.c and fixtime.c into fixers subdir with their own Makefile.
- Added -a option (show contents of ut_addr field) to rawtmp.
Version 1.6
- Added support for NAS-* type records in radius logs.
- Fixed "-s <todays date>". Sac thought the start date was > than the end
date and exited without reporting.
- Added HTML/CGI interface example to scripts directory.
- Fixed problem with "-" (read from stdin) for filename to -w option (sac
thought it was a new option).
- Added experimental fast seek option (-S). uses binary search of wtmp to
position for reading just before start of date given with -s option.
Fast seeking will ignore any data before the start location it finds
so accounting may not be accurate. If it fails for any reason it will
attempt to rewind input and start from the beginning just like normal.
- Strips off leading ! on usernames in radius logs.
- Strips off @hostname in radius logs
- Added -D option to use @hostname (from user@host) in hostname field of
radius logs instead of the portmasters hostname.
- Added time format options --hms (hours:minutes:seconds) --hm
(hours:minutes) --hours (hours only) and --round (round to nearest
hour (--hours) or minute (--hms)).
- Added -i option to support tacacs accounting which puts accounting info
for multiple term servers in one log.
- Fixed radius processing where last radius record would be lost due to
end of file detection.
- Added missing start detection to radius code. If at the beginning of a
detail file, there are stop records with no start records, sac simulates
the start records so all accounting information is used. Also detects
and ignores extraneous stop records in the detail log.
- Support for more radius detail file formats added.
- Added -l option, which lists each login during the total time period,
day, user or tty, depending on which report was asked for.
- Included experimental "fixtime" program to remove netdate time warps by
resyncing the time stamps on wtmp records.
- Modified to support glibc 2.0.
Version 1.5
- Changed the way sac handles -w so that it works similar to -R so you
may specify multiple wtmp's (or radius detail files). The type of wtmp
file or radius file is determined by its position in the command line.
- Added -r option to sac to output "raw" output. Prints about everything
sac knows about your wtmp. Quite verbose. Useful for a back-end to
a graphics filter or accounting package.
- Small fix to fix daylight savings time that broke for Brazil, possibly
others.
- Added --version option to sac.
- Displays # of hours used for each hour in the hourly profile display.
- Fixed -t option when used with -s and/or -e options.
- Added some argument processing sanity checks.
- Fixed hourly profile output I broke in 1.4.
- Fixed -t option which would report incorrect times when using an old wtmp
file.
- Added support for tacacs 4.x utmp format with -X4 option. 3.4 - 3.5
format is the default with -X3 or just -X.
- Made output of -am report only # of logins that are applied to total
time.
- Added radius support with -R [portmaster-name [portmaster-name [...]]].
The radius accounting directory is compile time definable in the
Makefile.
- Rawtmp: added -X[3|4] and --version options.
Version 1.4
- Added wildcard support to -H and -T options, to make it easy to select
many ttys or hostnames with wildcards. "*", "?", "[...]" and "[^...]" are
supported.
- Fixed xtacacs wtmp support, does anyone need this anymore?
- Maybe, possibly, hopefully, finally fixed the damn daylight savings time
problem! ARRRGHH!!! We no longer assume 24 hours in a day.
- Added -d option to rawtmp to show time in a more human readable format,
and made rawtmp read from stdin if "-" given as filename to -w option.
- Made +0/-0 work with the -s and -e options.
- Fixed "check" script to actually work properly with fractions.
- Changed -t (read xtacacs format) to -X. Also changed in rawtmp.
- Report by tty line (-t option), nice for looking at the usage on your
modems.
- Added -M option to perform accounting for specific hours of a day instead
of the entire day.
Version 1.3.1
- Fixed problem with -s and -e options which would not function during
daylight savings time (We don't have the cursed daylight savings time in
Indiana, so it took a while before I realized there really was a
problem).
- Small insignificant code changes.
Version 1.3
- Added -f option to perform ftp login accounting in addition to normal
login accounting.
- Added -F option to perform ftp login accounting only.
- Added some example scripts.
- Fixed speeling misteaks.
- Fixed error where clipping could in certain cases incorrectly report the
correct amount of clipped login time while the user was stilled logged in.
- Added -m option to show minimum and maximum concurrent logins.
- Made sac read from stdin if "-" given as filename to -w option.
- Added -H host-list to perform accounting on logins from specific hosts.
- Made sac utmp size independent, for huge utmp sizes. (256 bytes for a
host-name? That's gonna make wtmp HUGE! 6x as large as it is now! I
already have a wtmp that grows 30MB in a month! Must be a Posix thing.)
- _Finally_ made sac properly handle -s and -e options with per user
accounting. STOP BOTHERING ME ABOUT IT ALREADY! =)
Version 1.2
- Added -o option to handle old or broken wtmp's not created by linux
itself, such as those created by the tacacs terminal server.
- Added -t option to handle some ancient format that tacacs apparently
uses.
- Added -b for producing a determination of how much login time has
precisely been used over the last few hours. Useful for determining
if someone has been logged in say the last 4 hours: sac -bp 4 bubba
- Added -c option to perform login clipping, thus only show how much login
is really being used by counting multiple logins as only one login.
- Handles xterms that work (sorta) by logging login and logout as a user
process and dead process respectfully.
- Added --help option to print a verbose usage listing.
- Added -x user-list for excluding certain users from accounting.
- Added -u user-list which is the default.
- Added -T tty-list to perform accounting on only certain ttys.
- Added --help, -s, -e, -b, and -t options to rawtmp.
Version 1.1
- Added the -s and -e options for starting and ending dates.
- Handles time changes that netdate logs in wtmp file (I think).
- Fixed, err, made more robust, some possible divide by zero errors.
- Throws out null wtmp entries (where do these come from?)
- Corrected(?) argument parsing.
- Added rawtmp command.
Version 1.0
- The original, perfect as it was.
|
