Check active admin user sessions

try tail -f /var/log/audit

Thanks, indeed it works as I can see who logged in and when he did it. But still I can't see which users have an active session, I'd be looking for some sort of "w" but for the httpd, don't even know if such thing even exists.

BR,

Pablo

Interesting question. No easy answer from what I can see. This will help you find out what IPs are connected to the GUI;

netstat -tanpee | grep "\:443" | grep -v 127

but beyond that there is no obvious way to gather the related Apache usernames used other than by checking and correlating information found in the various log files.

Hi Pablo.

You could use netstat -na | grep 192.168.0.11 | grep ESTABLISHED

This will show you the active sessions regardless of the user currently logged in. You could also get more info from the /var/log/audit logs. Below is an example of what you would tipically see when a user logs in:

AUDIT - user admin - RAW: httpd(mod_auth_pam): user=admin(admin) partition=[All] level=Administrator tty=/sbin/nologin host=192.168.0.11 attempts=1 start="Mon Oct 30 14:22:13 2017" end="Mon Oct 30 14:47:58 2017"

Having these two pieces, you could cross match the IP address.

Hope this helps.

I am also looking for an API call to list all current logged in gui admins