Yup, I've been there for sure :-) Syslog is good because it doesn't
require a DB connection, but it's obviously bad because you don't get
all the historical data. One of the problems with querying the DB
directly is that the data gets rotated out. That's probably why it's
not available by the API. It wouldn't be a hard hack to make it work
though.
WRT the query you'd need, when I used to do it, I grepped through the
log_text field in the log_info table:
| $query = "SELECT log_text FROM log_info WHERE log_cat =
'Authentication' AND log_text LIKE '%$address%'";
|Here are a couple scripts with sample connections to the database:
http://oak.conncoll.edu/~aclan/public/code_samples/cam_stats.phpshttp://oak.conncoll.edu/~aclan/public/code_samples/cam_functions.phps
> Thanks Alex. Well, our admins are asking for the login use info, and
> the "login time" is missed on "getuserinfo" API.
--
Regards,
Alex Lanstein
Network/Systems Architect
FireEye, Inc.
860-625-4277
[log in to unmask]