Getting Alerts when Problem Users Log In
Novell Cool Solutions: Tip
By Rob Yamry
Digg This -
Posted: 16 Mar 2005
Cool Solutions reader Rob Yamry sends us this tip on how to trigger an e-mail when a "problem user" logs in.
I wanted to get an email alert when a "problem" user logs in so I can watch the user with other monitoring utilities in real-time.
I found a simple command-line utility that sends e-mails. It's called sendemail.exe, and it's at http://caspian.dotconf.net/menu/Software/SendEmail/. I downloaded the version for Windows and placed the .exe file into SYS:\Public on one of my servers.
Because I wanted to know information about the user (Username, workstation name, login date and time, IP address and MAC address), I had to define some variables. I set those in the login script (shown below).
To call the program to send the e-mail, you can set it up in a ZENworks application or put it in the login script. To help keep the login scripts global, I created a group named GRP-ESEND and added the users to this group that would trigger e-mail alerts. I then created a batch script in SYS:\PUBLIC named esend.bat (shown below) to construct the command to send the email. Then in the login script I added an IF .. THEN statement to call the batch script if the user is a member of the GRP-ESEND group, as shown below.
Now, when the problem user logs in, you get an e-mail!
1. Setting Variables in the Login Script
regread "HKLM,System\CurrentControlSet\Control\ComputerName\Computername,ComputerName" set WORKSTN="%99" set User="%CN" set Date="%MONTH/%DAY/%YEAR" set Time="%HOURS:%MINUTE:%SECOND %AM_PM" set NET="%NETWORK" set PHYS_STATION="%PHYSICAL_STATION"
2. Creating the esend.bat Script to Send the E-mail
SENDEMAIL.EXE -f <MAILFROM> -t <MAILTO> -u ALERT! %USER% has logged in! -m User %USER% has logged into workstation %WORKSTN% on %DATE% at %TIME% with an IP address of %NET% (in hex) and a MAC address of %PHYS_STATION%. -s <MailServerIP>
Note: You need to customize the following information in the script:
- Replace <MAILFROM> with an address so it will show who it was from (e.g., LoginAlert@yourDomain.com).
- Replace <MAILTO> with the e-mail address of who you want to send the alert to (e.g., me@yourDomain.com).
- Replace <MailServerIP> with the IP address of your mail server that this program will relay from.
3. Calling the esend.bat Script from the Login Script
IF MEMBER OF ".GRP-ESEND.OU=CONTAINER.O=ORG" THEN BEGIN MAP ROOT INS S1:=SERVER\SYS:\PUBLIC #ESEND.BAT MAP DEL S1:=SERVER\SYS:\PUBLIC END
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com