Beacon to fire events at login of users as registered in the wtmp file
New in version 2015.5.0.
# Fire events on all logins
beacons:
wtmp: []
# Matching on user name, using a default time range
beacons:
wtmp:
- users:
gareth:
- defaults:
time_range:
start: '8am'
end: '4pm'
# Matching on user name, overriding the default time range
beacons:
wtmp:
- users:
gareth:
time_range:
start: '7am'
end: '3pm'
- defaults:
time_range:
start: '8am'
end: '4pm'
# Matching on group name, overriding the default time range
beacons:
wtmp:
- groups:
users:
time_range:
start: '7am'
end: '3pm'
- defaults:
time_range:
start: '8am'
end: '4pm'
In the events that this beacon fires, a type of 7
denotes a login, while a
type of 8
denotes a logout. These values correspond to the ut_type
value from a wtmp/utmp event (see the wtmp
manpage for more information).
In the extremely unlikely case that your platform uses different values, they
can be overridden using a ut_type
key in the beacon configuration:
beacons:
wtmp:
- ut_type:
login: 9
logout: 10
This beacon's events include an action
key which will be either login
or logout
depending on the event type.
Changed in version 2019.2.0: action
key added to beacon event, and ut_type
config parameter
added.
This can be done using the following reactor SLS:
report-wtmp:
runner.salt.cmd:
- args:
- fun: slack.post_message
- channel: mychannel # Slack channel
- from_name: someuser # Slack user
- message: "{{ data.get('action', 'Unknown event') | capitalize }} from `{{ data.get('user', '') or 'unknown user' }}` on `{{ data['id'] }}`"
Match the event like so in the master config file:
reactor:
- 'salt/beacon/*/wtmp/':
- salt://reactor/wtmp.sls
Note
This approach uses the slack execution module
directly on the master, and therefore requires
that the master has a slack API key in its configuration:
slack:
api_key: xoxb-XXXXXXXXXXXX-XXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXXXX
See the slack execution module
documentation for more information. While you can use an individual user's
API key to post to Slack, a bot user is likely better suited for this. The
slack engine
documentation has information
on how to set up a bot user.
salt.beacons.wtmp.
beacon
(config)¶Read the last wtmp file and return information on the logins
salt.beacons.wtmp.
validate
(config)¶Validate the beacon configuration
Docs for previous releases are available on readthedocs.org.
Latest Salt release: 2019.2.1