Logo  

Home - Old Man Programmer

Displaying projects/sac/CHANGES

Version 1.9
  - Added Makefile option to use Called-Station-Id as hostname in radius
    processing.
  - Fixed per user octet/packet accounting when -s or -e is used.
  - Fixed segmentation fault in radius processing due to month array not being
    properly exported to gronk.c.
  - Added crude support for BSD operating systems.
  - Split sac.c into two c files (sac.c/gronk.c) and three header files
    (sac.h/utmp.h/proto.h). Some internal code cleanup.
  - Fixed problem with packet accounting and per user reporting.
  - Added --cutoff H[:M[:S]] and --discard H[:M[:S]] that will discard
    and/or cutoff time accounted if a session exceeds the amount of time
    specified.
  - Added --libc5 (-5) and --glibc (-6) options to specify libc5/glibc utmp
    sizes when attempting to read one when compiled for the other. (not yet
    implemented)

Version 1.8
  - Made sac recognize that shutdowns with a line of ~~ are indeed shutdowns.
  - Fixed bug w/ reguard to daylight savings time in Brazil, where they
    skip over midnight entirely during the time change.
  - Added --longdate option to print dates in long form.
  - Added -I hours[:min[:sec]] option to ignore specific amount of time
    before starting accounting (per person (-p) accounting only).
  - Added --seconds option to display time in seconds.
  - Properly handles null usernames in radius detail logs (reported as the
    username "UNKNOWN").
  - Added simple fixtmp program to fixers directory.
  - Define in the Makefile USE_FRAMED_IP_ADDR to 1 and sac will use the
    Framed-IP-Address as the users hostname instead of NAS-IP-Address if
    present (otherwise use NAS-IP-Address).
  - Added support for min/max (-m) usage with per user (-p) accounting.
  - If the --verbose option is given, sac will print out various error
    messages if it encounters something amiss while processing the wtmp
    file.  Such as an alert and approximate time stamp if it encounters a
    zapped (zeroed out) wtmp entry.  These often indicate a hacker hiding
    their tracks.  Logouts w/o logins also may be suspicious, but sac does
    not as yet report such occurances.
  - Added -U option to report simultaneous usage on tty lines. Useful for
    determining how often (-a) and when (-h) you reach peak modem usage.
    (Not quite sure this option is 100%.  Some seconds seem to be lost or
    gained when compaired to the output of the -t option).
  - removed punctuation (,.) from output.
  - -l option now honors -s & -e options.
  - Fixed login reporting under tty accounting (-at) when -s or -e used.
  - Added some support for Solaris machines (*ick*).
  - Discovered min/max problem when processing more than one log.
  - Updated fixtime slightly to work better.
  - Added writetmp program.
  - Updated INSTALL and README files.
  - Fixed small error in -l logging where login listing could be attributed
    to wrong day (if login wrapped at midnight) and could be cut out with the
    -s option.
  - Added -P option to perform IP accounting with radius detail logs that
    log the octets and packet usage for each login. (Known to work with
    Ascend terminal servers).
  - Internal changes to support more accounting features than wtmp provides,
    such as those provided in radius logs. Optimized some function value
    passing (switched to pointer passing instead of stack).

Version 1.7
  - Fixed error in rawtmp where it could get stuck in an infinite loop.
  - Changed formatting of -p option to nicely format up to 16 character
    usernames (for glibc) > 16 character usernames will still screw up
    formatting.
  - Fixed error in do_reboot() where usr was not being moved forward to
    avoid problems with the clipping logic, which caused segmentation faults
    on glibc machines.
  - Excluded users (via -x) will not be accounted for even if listed by the
    -u command.
  - Added support for reading lists of users, excluded users, ttys and host
    names from files if the file name is preceded with a '@' sign.
    (i.e. sac -apm @/path/to/userlist)
  - Add support for wildcards with the -R option to select multiple
    portmasters more easily. (i.e. sac -apm -R "*")
  - Stops processing logs and reports what it has when it hits major time
    corruption --  to avoid endlessly processing corrupted logs.
  - Added fixterm.c courtesy of Thomas Roessler.
  - Moved fixterm.c and fixtime.c into fixers subdir with their own Makefile.
  - Added -a option (show contents of ut_addr field) to rawtmp.

Version 1.6
  - Added support for NAS-* type records in radius logs.
  - Fixed "-s <todays date>".  Sac thought the start date was > than the end
    date and exited without reporting.
  - Added HTML/CGI interface example to scripts directory.
  - Fixed problem with "-" (read from stdin) for filename to -w option (sac
    thought it was a new option).
  - Added experimental fast seek option (-S). uses binary search of wtmp to
    position for reading just before start of date given with -s option.
    Fast seeking will ignore any data before the start location it finds
    so accounting may not be accurate.  If it fails for any reason it will
    attempt to rewind input and start from the beginning just like normal.
  - Strips off leading ! on usernames in radius logs.
  - Strips off @hostname in radius logs
  - Added -D option to use @hostname (from user@host) in hostname field of
    radius logs instead of the portmasters hostname.
  - Added time format options --hms (hours:minutes:seconds) --hm
    (hours:minutes) --hours (hours only) and --round (round to nearest
    hour (--hours) or minute (--hm)).
  - Added -i option to support tacacs accounting which puts accounting info
    for multiple term servers in one log.
  - Fixed radius processing where last radius record would be lost due to
    end of file detection.
  - Added missing start detection to radius code.  If at the beginning of a
    detail file, there are stop records with no start records, sac simulates
    the start records so all accounting information is used.  Also detects
    and ignores extraneous stop records in the detail log.
  - Support for more radius detail file formats added.
  - Added -l option, which lists each login during the total time period,
    day, user or tty, depending on which report was asked for.
  - Included experimental "fixtime" program to remove netdate time warps by
    resyncing the time stamps on wtmp records.
  - Modified to support glibc 2.0.

Version 1.5
  - Changed the way sac handles -w so that it works similar to -R so you
    may specify multiple wtmp's (or radius detail files).  The type of wtmp
    file or radius file is determined by its position in the command line.
  - Added -r option to sac to output "raw" output.  Prints about everything
    sac knows about your wtmp.  Quite verbose.  Useful for a back-end to
    a graphics filter or accounting package.
  - Small fix to fix daylight savings time that broke for Brazil, possibly
    others.
  - Added --version option to sac.
  - Displays # of hours used for each hour in the hourly profile display.
  - Fixed -t option when used with -s and/or -e options.
  - Added some argument processing sanity checks.
  - Fixed hourly profile output I broke in 1.4.
  - Fixed -t option which would report incorrect times when using an old wtmp
    file.
  - Added support for tacacs 4.x utmp format with -X4 option.  3.4 - 3.5
    format is the default with -X3 or just -X.
  - Made output of -am report only # of logins that are applied to total
    time.
  - Added radius support with -R [portmaster-name [portmaster-name [...]]].
    The radius accounting directory is compile time definable in the
    Makefile.
  - Rawtmp: added -X[3|4] and --version options.

Version 1.4
  - Added wildcard support to -H and -T options, to make it easy to select
    many ttys or hostnames with wildcards. "*", "?", "[...]" and "[^...]" are
    supported.
  - Fixed xtacacs wtmp support, does anyone need this anymore?
  - Maybe, possibly, hopefully, finally fixed the damn daylight savings time
    problem!  ARRRGHH!!!  We no longer assume 24 hours in a day.
  - Added -d option to rawtmp to show time in a more human readable format,
    and made rawtmp read from stdin if "-" given as filename to -w option.
  - Made +0/-0 work with the -s and -e options.
  - Fixed "check" script to actually work properly with fractions.
  - Changed -t (read xtacacs format) to -X.  Also changed in rawtmp.
  - Report by tty line (-t option), nice for looking at the usage on your
    modems.
  - Added -M option to perform accounting for specific hours of a day instead
    of the entire day.

Version 1.3.1
  - Fixed problem with -s and -e options which would not function during
    daylight savings time (We don't have the cursed daylight savings time in
    Indiana, so it took a while before I realized there really was a
    problem).
  - Small insignificant code changes.

Version 1.3
  - Added -f option to perform ftp login accounting in addition to normal
    login accounting.
  - Added -F option to perform ftp login accounting only.
  - Added some example scripts.
  - Fixed speeling misteaks.
  - Fixed error where clipping could in certain cases incorrectly report the
    correct amount of clipped login time while the user was stilled logged in.
  - Added -m option to show minimum and maximum concurrent logins.
  - Made sac read from stdin if "-" given as filename to -w option.
  - Added -H host-list to perform accounting on logins from specific hosts.
  - Made sac utmp size independent, for huge utmp sizes. (256 bytes for a
    host-name?  That's gonna make wtmp HUGE! 6x as large as it is now! I
    already have a wtmp that grows 30MB in a month! Must be a Posix thing.)
  - _Finally_ made sac properly handle -s and -e options with per user
    accounting.  STOP BOTHERING ME ABOUT IT ALREADY! =)

Version 1.2
  - Added -o option to handle old or broken wtmp's not created by linux
    itself, such as those created by the tacacs terminal server.
  - Added -t option to handle some ancient format that tacacs apparently
    uses.
  - Added -b for producing a determination of how much login time has
    precisely been used over the last few hours.  Useful for determining
    if someone has been logged in say the last 4 hours: sac -bp 4 bubba
  - Added -c option to perform login clipping, thus only show how much login
    is really being used by counting multiple logins as only one login.
  - Handles xterms that work (sorta) by logging login and logout as a user
    process and dead process respectfully.
  - Added --help option to print a verbose usage listing.
  - Added -x user-list for excluding certain users from accounting.
  - Added -u user-list which is the default.
  - Added -T tty-list to perform accounting on only certain ttys.
  - Added --help, -s, -e, -b, and -t options to rawtmp.

Version 1.1
  - Added the -s and -e options for starting and ending dates.
  - Handles time changes that netdate logs in wtmp file (I think).
  - Fixed, err, made more robust, some possible divide by zero errors.
  - Throws out null wtmp entries (where do these come from?)
  - Corrected(?) argument parsing.
  - Added rawtmp command.

Version 1.0
  - The original, perfect as it was.