Forum Discussion
Check active admin user sessions
Hello,
so far I've been unable to find a way to see the active sessions in the webgui. The "w" command on shell only shows connections through cli (ssh) and not connections through the gui.
I've tried the tmsh command "show sys connection", and filtering the self address used to access the webgui, but it gives no output.
Surely there must be an easy way to do it, would some good guy be able to shed some light on this?
Thanks in advance, and best regards,
Pablo
Irre_Levant I believe the only option here is to correlate the data from multiple sources rather than one command that provides everything. The following should allow you to pull the audit logs but I don't believe a command exists to look at the output of netstat.
- R_Eastman_13667Historic F5 Account
try tail -f /var/log/audit
- PabloSalvadorM_Altostratus
Thanks, indeed it works as I can see who logged in and when he did it. But still I can't see which users have an active session, I'd be looking for some sort of "w" but for the httpd, don't even know if such thing even exists.
BR,
Pablo
- What_Lies_Bene1Cirrostratus
Interesting question. No easy answer from what I can see. This will help you find out what IPs are connected to the GUI;
netstat -tanpee | grep "\:443" | grep -v 127
but beyond that there is no obvious way to gather the related Apache usernames used other than by checking and correlating information found in the various log files.
- Gonzalex_330537Cirrostratus
Hi Pablo.
You could use netstat -na | grep 192.168.0.11 | grep ESTABLISHED
This will show you the active sessions regardless of the user currently logged in. You could also get more info from the /var/log/audit logs. Below is an example of what you would tipically see when a user logs in:
AUDIT - user admin - RAW: httpd(mod_auth_pam): user=admin(admin) partition=[All] level=Administrator tty=/sbin/nologin host=192.168.0.11 attempts=1 start="Mon Oct 30 14:22:13 2017" end="Mon Oct 30 14:47:58 2017"
Having these two pieces, you could cross match the IP address.
Hope this helps.
- Irre_LevantAltocumulus
I am also looking for an API call to list all current logged in gui admins
Irre_Levant I believe the only option here is to correlate the data from multiple sources rather than one command that provides everything. The following should allow you to pull the audit logs but I don't believe a command exists to look at the output of netstat.
Irre_Levant - I'm going to tag Paulius's reply as the solution, even though it's rather a work-around? But it still seems to address the core of the issue (as far as it can go). If you disagree - let me know. Most of the rest of the members on this thread are no longer active on the community.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com