Posts: 411
Threads: 103
Joined: Oct 2016
Reputation:
9
Hi
Can I see opened sessions? I mean IP address, username, last request, idle time etc.
I haven't found such window so I'm thinking about a database query. Is it possible?
LM5Lp, firmware: 2018.08.22 and 2021.12.15, FlashSYS v2, ARMv7 Processor rev 5 (v7l), kernel 4.4.151 and 4.4.259
Posts: 1764
Threads: 6
Joined: Jul 2015
Reputation:
117
Hi,
Getting client IP is possible (also by .lp as this must be server side handled) but the other items are not available, at least not in the DB..
By why? What is the use case?
BR,
Erwin
Posts: 411
Threads: 103
Joined: Oct 2016
Reputation:
9
Hi
I would like to see who's online and from where. My actual problem was to identify computers where a specific user was logged on. Because I a plan to disable that user and I wanted to change credentials on affected computers.
But the main reason is security. I simply want to see who's logged on, from where and how long. Every other systems like databases, domain controllers etc. supports this function. I understand LM is mainly focused to home / SoHo market but I think if you add few security features like I mentioned above, access rights to user groups and not to user, roles, LDAP authorization, logging then LM will be great tool for enterprise too.
Could you send me that database query please?
Thank you
LM5Lp, firmware: 2018.08.22 and 2021.12.15, FlashSYS v2, ARMv7 Processor rev 5 (v7l), kernel 4.4.151 and 4.4.259
Posts: 1764
Threads: 6
Joined: Jul 2015
Reputation:
117
Hi,
As mentioned before, the data is not available in the DB so there is no query to get the data you want ..
BR,
Erwin
Posts: 411
Threads: 103
Joined: Oct 2016
Reputation:
9
You wrote "Getting client IP is possible". Could you please send me query for getting IP addresses?
Thank you.
LM5Lp, firmware: 2018.08.22 and 2021.12.15, FlashSYS v2, ARMv7 Processor rev 5 (v7l), kernel 4.4.151 and 4.4.259
Posts: 1764
Threads: 6
Joined: Jul 2015
Reputation:
117
24.10.2017, 20:50
(This post was last modified: 24.10.2017, 21:17 by Erwin van der Zwart.)
Hi,
If you want to have a solution for enterprise market you might better look at our solution Schneider Electric Ecostruxure Building Operation, this platform is fully compatible with latest IT standards, LDAP, SSO, domains and communicates secure over HTTPS between all locations (worldwide) of the enterprise. spaceLYnk and homeLYnk are used in these kind of architectures as powerfull bridge to KNX. This platform brings all power of KNX, BACnet (MSTP and IP), LON, Modbus (RTU and IP), Webservices and IT standards together in the most powerfull way. See: Ecostruxure Building Operation
But if you want to use LM for monitoring access logs you can try this:
Code: db:getall('SELECT * FROM user_logs')
BR,
Erwin
Posts: 411
Threads: 103
Joined: Oct 2016
Reputation:
9
If someone is interested in then there's working code:
Store the code in your library
Call it in your init script
Call user/sessions.lp in a frame in your visu.
Code: function ecl_init_sessions()
ls_app=[[<?
local lt_sessions
local ls_out
require('apps')
lt_sessions=db:getall('SELECT login, ip, created FROM user_logs group by login, ip order by Created desc')
ls_out="<html>"
ls_out=ls_out.."<style>\n"
ls_out=ls_out.."table {\n"
ls_out=ls_out.." font-family: arial, sans-serif;\n"
ls_out=ls_out.." border-collapse: collapse;\n"
ls_out=ls_out.." width: 100%;\n"
ls_out=ls_out.."}\n"
ls_out=ls_out.."td, th {\n"
ls_out=ls_out.." border: 1px solid #dddddd;\n"
ls_out=ls_out.." text-align: left;\n"
ls_out=ls_out.." padding: 2px;\n"
ls_out=ls_out.."}\n"
ls_out=ls_out.."tr:nth-child(even) {\n"
ls_out=ls_out.." background-color: #dddddd;\n"
ls_out=ls_out.."}\n"
ls_out=ls_out.."</style>\n"
ls_out=ls_out.."<body><table>"
ls_out=ls_out.."<tr>"
ls_out=ls_out.."<th>Login</th>"
ls_out=ls_out.."<th>IP</th>"
ls_out=ls_out.."<th>Created</th>"
ls_out=ls_out.."</tr>"
for index, value in ipairs(lt_sessions) do
ls_out=ls_out.."<tr>"
ls_out=ls_out.."<td>"..value.login.."</td>"
ls_out=ls_out.."<td>"..value.ip.."</td>"
ls_out=ls_out.."<td>"..os.date("%d.%m.%Y %X",value.created).."</td>"
ls_out=ls_out.."</tr>"
end
ls_out=ls_out.."</table></html></body>"
print(ls_out)
?>]]
io.writefile('/www/user/sessions.lp',ls_app)
end
LM5Lp, firmware: 2018.08.22 and 2021.12.15, FlashSYS v2, ARMv7 Processor rev 5 (v7l), kernel 4.4.151 and 4.4.259
Posts: 7764
Threads: 42
Joined: Jun 2015
Reputation:
447
The same data can be viewed in User access > Access logs
Posts: 411
Threads: 103
Joined: Oct 2016
Reputation:
9
(02.11.2017, 14:29)admin Wrote: The same data can be viewed in User access > Access logs
Hmm, you're right. Can I filter in the query just active sessions?
Thank you
LM5Lp, firmware: 2018.08.22 and 2021.12.15, FlashSYS v2, ARMv7 Processor rev 5 (v7l), kernel 4.4.151 and 4.4.259
Posts: 1764
Threads: 6
Joined: Jul 2015
Reputation:
117
Hi,
Only thing you can do is compare created time stamp with os.time(), i also wouldn't use io.writefile in these kind of scripts as a lot of writing to SD card is not adviced....
BR,
Erwin
Posts: 411
Threads: 103
Joined: Oct 2016
Reputation:
9
(02.11.2017, 19:20)Erwin van der Zwart Wrote: Hi,
Only thing you can do is compare created time stamp with os.time(), i also wouldn't use io.writefile in these kind of scripts as a lot of writing to SD card is not adviced....
BR,
Erwin
Only thing you can do is compare created time stamp with os.time()
Unfortunately I can't. Created looks like the time of the first contact. Not the latest request taken from the client. In my network I've computers logged on with active session for months.
i also wouldn't use io.writefile in these kind of scripts as a lot of writing to SD card is not adviced....
Thsi script runs only once as a part of the init script. It just creates sessions.lp file.
LM5Lp, firmware: 2018.08.22 and 2021.12.15, FlashSYS v2, ARMv7 Processor rev 5 (v7l), kernel 4.4.151 and 4.4.259
Posts: 7764
Threads: 42
Joined: Jun 2015
Reputation:
447
Active connections are not stored anywhere. It's possible to get a list of IPs that are currently connected to the system from the OS but then you won't have login names.
Posts: 411
Threads: 103
Joined: Oct 2016
Reputation:
9
List of IPs would be enoughfor me if there's no a better solution. How can I obtain it?
LM5Lp, firmware: 2018.08.22 and 2021.12.15, FlashSYS v2, ARMv7 Processor rev 5 (v7l), kernel 4.4.151 and 4.4.259
Posts: 7764
Threads: 42
Joined: Jun 2015
Reputation:
447
You can filter the result by local port (80 or 443) and also by TCP state. TCP_ESTABLISHED should be enough since visualization uses web sockets where connection is always open during an active session.
Code: states = {
'TCP_ESTABLISHED',
'TCP_SYN_SENT',
'TCP_SYN_RECV',
'TCP_FIN_WAIT1',
'TCP_FIN_WAIT2',
'TCP_TIME_WAIT',
'TCP_CLOSE',
'TCP_CLOSE_WAIT',
'TCP_LAST_ACK',
'TCP_LISTEN',
'TCP_CLOSING',
};
-- convert hex to readable IP
function toip(hex)
local res = {}
for i = 4, 1, -1 do
local j = (i - 1) * 2 + 1
local ch = hex:sub(j, j + 1)
res[ #res + 1 ] = tonumber(ch, 16)
end
return table.concat(res, '.')
end
for line in io.lines('/proc/net/tcp') do
local_ip, local_port, remote_ip, remote_port, state =
line:match('(%x+):(%x+)%s+(%x+):(%x+)%s+(%x+)')
-- valid line
if local_ip and local_port and remote_ip and remote_port and state then
local_ip = toip(local_ip)
local_port = tonumber(local_port, 16)
remote_ip = toip(remote_ip)
remote_port = tonumber(remote_port, 16)
state = states[ tonumber(state, 16) ]
log(local_ip, local_port, remote_ip, remote_port, state)
end
end
Posts: 411
Threads: 103
Joined: Oct 2016
Reputation:
9
Thank you
LM5Lp, firmware: 2018.08.22 and 2021.12.15, FlashSYS v2, ARMv7 Processor rev 5 (v7l), kernel 4.4.151 and 4.4.259
|