Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: awado
awado Author
User level: Level 2
220 points

Send an alert when Server Admin Tool has logged in?

Is there a way to determine if someone remotely logged in via "Server Admin.app"? The application has no own log file.

I've managed to setup a launchd task that sends an email whenever someone establishes a vpn connection by watching the pppd log file. Can this also be done for that servermgrd process?

Mac Pro + MacBook as 10.6 client, MacMini as 10.5 server, Mac OS X (10.6.5)

Posted on Nov 18, 2010 1:59 PM

Reply
3 replies
User profile for user: awado
awado Author
User level: Level 2
220 points

Nov 19, 2010 2:21 PM in response to Johnny.Danger

The basic idea was to watch the log file of the vpnd daemon and fire a shell script that sends a mail to me, if the most recent line of the log file contains the word "progress". (That word is a unique indicator for a successful connection. Otherwise you will get mails for each status change, too.)

To watch a file change i used Lingon: I logged in via Remote Desktop, launched "Lingon" (freeware - http://sourceforge.net/projects/lingon/) and created a user daemon named "com.myserver.vpnd_watch". Then i've chosen my shell script as the application to be called. In my case it was "/usr/sbin/vpnd_watch.sh". And finally i set the only option "Run it if this file is modified:" as "/var/log/ppp/vpnd.log".

The shell script is quiet simple. To prevent multiple alerts for the same event, it reads a file that contains the date & time of the last login/alert, reads out the date & time of the most recent log file entry containing the word "progress" and compares both. In case of being different, it sends a mail with the log file entries of the last three connections via email and creates a new date file.



#!/bin/bash

*date_old=$(cat /Users/myaccount/watch_date.txt)*
*date_new=$(cat /var/log/ppp/vpnd.log | grep progress | tail -n1 | grep -o -E "[a-zA-Z]{3} [0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}")*

*if [ "$date_old" != "$date_new" ]; then*
*cat /var/log/ppp/vpnd.log | grep progress | tail -n3 | mail -s "VPN Connection" mail@myserver.com*
*echo $date_new > /Users/myaccount/watch_date.txt*
fi

*exit 0*



(You might have to set permissions accordingly.) The log file entry which matters is something like:

Fri Nov 19 22:23:43 2010 : L2TP incoming call in progress from 'xxx.xxx.xx.xx'...

This is also the message text of the email, so you can see what the connecting client's IP address is. My mobile phone provider offers a mail to SMS service. So i get an SMS on my iPhone, too. Useful when i don't have an internet connection or no time to check mails.

Binding all administrative traffic to that vpn connection (ssh, ARD and Server Admin Tools) makes sure that you're always informed if some tries to take control and by the IP address if it's your client.
Reply

Send an alert when Server Admin Tool has logged in?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up