salt.beacons.wtmp
Beacon to fire events at login of users as registered in the wtmp file
New in version 2015.5.0.
Example Configuration
# Fire events on all logins beacons: wtmp: [] # Matching on user name, using a default time range beacons: wtmp: - users: gareth: - defaults: time_range: start: '8am' end: '4pm' # Matching on user name, overriding the default time range beacons: wtmp: - users: gareth: time_range: start: '7am' end: '3pm' - defaults: time_range: start: '8am' end: '4pm' # Matching on group name, overriding the default time range beacons: wtmp: - groups: users: time_range: start: '7am' end: '3pm' - defaults: time_range: start: '8am' end: '4pm'
How to Tell What An Event Means
In the events that this beacon fires, a type of 7
denotes a login, while a type of 8
denotes a logout. These values correspond to the ut_type
value from a wtmp/utmp event (see the wtmp
manpage for more information). In the extremely unlikely case that your platform uses different values, they can be overridden using a ut_type
key in the beacon configuration:
beacons: wtmp: - ut_type: login: 9 logout: 10
This beacon's events include an action
key which will be either login
or logout
depending on the event type.
Changed in version 2019.2.0: action
key added to beacon event, and ut_type
config parameter added.
Use Case: Posting Login/Logout Events to Slack
This can be done using the following reactor SLS:
report-wtmp: runner.salt.cmd: - args: - fun: slack.post_message - channel: mychannel # Slack channel - from_name: someuser # Slack user - message: "{{ data.get('action', 'Unknown event') | capitalize }} from `{{ data.get('user', '') or 'unknown user' }}` on `{{ data['id'] }}`"
Match the event like so in the master config file:
reactor: - 'salt/beacon/*/wtmp/': - salt://reactor/wtmp.sls
Note
This approach uses the slack execution module
directly on the master, and therefore requires that the master has a slack API key in its configuration:
slack: api_key: xoxb-XXXXXXXXXXXX-XXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXXXX
See the slack execution module
documentation for more information. While you can use an individual user's API key to post to Slack, a bot user is likely better suited for this. The slack engine
documentation has information on how to set up a bot user.
-
Read the last wtmp file and return information on the logins
salt.beacons.wtmp.beacon(config)
-
Validate the beacon configuration
salt.beacons.wtmp.validate(config)
© 2021 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltproject.io/en/latest/ref/beacons/all/salt.beacons.wtmp.html