The last command only retrieves the login times. I'm interested in the times that the screen was unlocked. Any indirect means of getting this are also welcome.
Asked
Active
Viewed 2,640 times
3
BuckFilledPlatypus
- 167
- 1
- 7
-
What do you want this for? – vonbrand Mar 07 '14 at 17:59
-
@vonbrand it is useful to know the time we spend on a computer every day, I found this question because of this. – baptx Jun 30 '22 at 21:49
1 Answers
3
Did you check the system logs? You should see an authentication message in /var/log/secure when someone attempts to unlock the screen.
For instance, when using KDE and someone types in the wrong password:
Mar 7 14:19:05 saurok kcheckpass[16479]: pam_sss(kscreensaver:auth): authentication failure; logname=username uid=248800001 euid=248800001 tty=:0 ruser= rhost= user=username
And a successful unlock:
Mar 7 14:19:09 saurok kcheckpass[16483]: pam_sss(kscreensaver:auth): authentication success; logname=username uid=248800001 euid=248800001 tty=:0 ruser= rhost= user=username
Yours will vary slightly (this machine is on a domain) but it should be present.
Michael Hampton
- 244,070
- 43
- 506
- 972
-
While I didn't find a kcheckpass log entry, I did grep through and find a log entry in /var/log/gdm/0.log and in /var/log/Xorg.0.log with the first entry of the day being a 'client connected from local host'. That seems to be an indication of my first login of the day, however it's not a solid "authenticated" exactly. – BuckFilledPlatypus Mar 07 '14 at 20:43
-
-
Correct. It appears `/var/log/secure` doesn't have any entries for known screen unlock times. May not be an equivalent to kcheckpass on gnome. – BuckFilledPlatypus Mar 07 '14 at 21:01
-
How strange. If your system is using PAM for authentication, then you should be getting log entries regardless of what's being used. – Michael Hampton Mar 07 '14 at 21:13