Novell Home

Getting Alerts when Problem Users Log In

Novell Cool Solutions: Tip
By Rob Yamry

Digg This - Slashdot This

Posted: 16 Mar 2005
 

Cool Solutions reader Rob Yamry sends us this tip on how to trigger an e-mail when a "problem user" logs in.

Problem

I wanted to get an email alert when a "problem" user logs in so I can watch the user with other monitoring utilities in real-time.

Solution

I found a simple command-line utility that sends e-mails. It's called sendemail.exe, and it's at http://caspian.dotconf.net/menu/Software/SendEmail/. I downloaded the version for Windows and placed the .exe file into SYS:\Public on one of my servers.

Because I wanted to know information about the user (Username, workstation name, login date and time, IP address and MAC address), I had to define some variables. I set those in the login script (shown below).

To call the program to send the e-mail, you can set it up in a ZENworks application or put it in the login script. To help keep the login scripts global, I created a group named GRP-ESEND and added the users to this group that would trigger e-mail alerts. I then created a batch script in SYS:\PUBLIC named esend.bat (shown below) to construct the command to send the email. Then in the login script I added an IF .. THEN statement to call the batch script if the user is a member of the GRP-ESEND group, as shown below.

Now, when the problem user logs in, you get an e-mail!

Examples

1. Setting Variables in the Login Script

regread "HKLM,System\CurrentControlSet\Control\ComputerName\Computername,ComputerName"
set WORKSTN="%99"
set User="%CN"
set Date="%MONTH/%DAY/%YEAR" 
set Time="%HOURS:%MINUTE:%SECOND %AM_PM"
set NET="%NETWORK"
set PHYS_STATION="%PHYSICAL_STATION"

2. Creating the esend.bat Script to Send the E-mail

SENDEMAIL.EXE -f <MAILFROM> -t <MAILTO> -u ALERT! %USER% has logged in! -m User %USER% has logged into workstation %WORKSTN% on %DATE% at %TIME% with an IP address of %NET% (in hex) and a MAC address of %PHYS_STATION%. -s <MailServerIP>

Note: You need to customize the following information in the script:

  • Replace <MAILFROM> with an address so it will show who it was from (e.g., LoginAlert@yourDomain.com).
  • Replace <MAILTO> with the e-mail address of who you want to send the alert to (e.g., me@yourDomain.com).
  • Replace <MailServerIP> with the IP address of your mail server that this program will relay from.

3. Calling the esend.bat Script from the Login Script

IF MEMBER OF ".GRP-ESEND.OU=CONTAINER.O=ORG" THEN BEGIN
 MAP ROOT INS S1:=SERVER\SYS:\PUBLIC
 #ESEND.BAT
 MAP DEL S1:=SERVER\SYS:\PUBLIC
END


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell