Operations SysOps already keeps track of SSO Hub usage including total number of logins and unique user logins monthly as an Ops metric to track. Ops has this information from Sept 2015 until Sept 2017 except for two months where the SSO hub admin did not have the logrotate service installed to save log files (Nov 15) which has been fixed and a syslog failure problem (May 2016).
It would be great to automate this which should not take much time. Here is the information Ops has currently
Month Total-Logins Unique-User-Logins
Sep-15 9879 806
Oct-15 12000 902
Nov-15 0 0
Dec-15 9655 736
Jan-16 10461 859
Feb-16 14534 1025
Mar-16 15261 1136
Apr-16 15254 1011
May-16 0 0
Jun-16 5270 605
Jul-16 9372 764
Aug-16 9758 868
Sep-16 9714 936
Oct-16 12242 1082
Nov-16 12223 1001
Dec-16 7835 798
Jan-17 5890 625
Feb-17 7612 721
Mar-17 9092 756
Apr-17 8117 745
May-17 7440 688
Jun-17 7662 635
Jul-17 7246 599
Aug-17 5807 554
Sep-17 6267 669
Ops staff go in and manually collect this (Actually, I am the one who collects this). Here is the script used for Sept which was run after Oct 1st
echo -n "Sep-2017"; last -f /var/log/wtmp-20170901 | grep Sep > /tmp/last-201709; last -f /var/log/wtmp-20171001 | grep -v Oct >> /tmp/last-201709; echo -n " "; echo -n `cat /tmp/last-201709 | cut -c 1-8,43-50,67-71 | wc -l`; echo -n " "; cat /tmp/last-201709 | cut -c 1-8,43-50,67-71 | cut -c 1-8 | sort -u | wc -l
Because of the way the wtmp files are created for Sept data you have to look in the wtmp-20171001 and the wtmp-20170901 file to get all the Sept data. See the first few lines of the output of last -f (file) to see what I am talking about.
I don't know the difference between items "Number of logins to the SSO Hub during this period" and "Maximum number of simultaneous SSO Hub sessions during this period (to understand load)". The wtmp information is recorded for each SSH session so logins and sso login sessions are the same thing I think. The last item to find out who is going to SPs from the SSO hub would be some type of wrapper as you mentioned. That could be interesting and is not collected currently. I would not do that with linux process accounting because that method does not capture arguments. You could do it by turning on the NERSC command logging and parse the logs for that as another alternative. As far as I know Linux process accounting only logs the unix "basename" (that is a unix command) of the command in process accounting logs unless that changed in Linux 7 or 7.4.
Feel free to ask me any questions about this.
Victor,
Thanks for the script and the info. Are you analyzing the wtmp files off-line? If so, I would appreciate info on that. Also, it looks like auditd could be used to capture all invocations to gsissh along with the arguments.
venkat