000033182 - How to get the list of users who have not logged into RSA Authentication Manager 8.1 for a specific period of days

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000033182
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1
IssueCustomer has a requirement to generate a report from CLI for users who have not logged in for a specific period of days to RSA AM 8.1
TasksDownload and install an SSH Client for connecting remotely to RSA server for accessing the operating system.
To log on to the appliance operating system using Secure Shell (SSH), SSH must be enabled
Procedure
1.  In the Operations Console, click Administration > Operating System Access.
2.  In the SSH Settings section, select the checkbox for each NIC on which you want to enable SSH. If you have multiple NICs configured, you can enable SSH on more than one NIC.
3.  Click Save.
ResolutionSteps at the command line to generate a a report from CLI for users who have not logged in from a specific period of days to RSA AM 8.1
1.  Logon to the SecurID Appliance either with an SSH session or at the local console with the rsaadmin account
2.  Navigate to the /opt/rsa/am/utils folder as the rsaadmin user
3.  Retrieve the password for the rsa_dba user using the following command: 
/opt/rsa/am/utils/rsautil manage-secrets -a get com.rsa.db.dba.password -u <OC_Admin_Name> -p <OC_Admin_Password>

NOTE: the appropriate method would be to create a read-only user for database access. Remember to replace <OC_Admin_Name> and <OC_Admin_Password> with the appropriate Operations Console administrative account details.


4.  Create a text file in the /opt/rsa/am/utils folder with an appropriate name, for example; UserlastLogin.sql
5.  Copy the SQL statement below into the text file and save the change
Select LOGINUID,SERIAL_NUMBER,LAST_LOGIN_DATE from AM_TOKEN_OOB,AM_TOKEN, IMS_PRINCIPAL_DATA
where AM_TOKEN_OOB.AM_TOKEN_ID=AM_TOKEN.ID and
AM_TOKEN.PRINCIPAL_ID=IMS_PRINCIPAL_DATA.ID and
LAST_LOGIN_DATE>'2016-05-07';

6.  In the /opt/rsa/am/utils folder use the following command to generate a CSV output file using SQL script by name UserlastLogin.sql
/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba UserlastLogin.sql  -o UserlastLogin.csv

7.  When prompted enter the password obtained from step 3
8.  Review the file UserlastLogin.csv 
NotesContacting RSA Customer Support
TelephoneFor urgent issues use the telephone numbers listed here
EmailFor non-urgent issues email to support@rsa.com
Case
   Management		For Case Management use RSA Online
   (requires access to RSA SecurCare Online)

Attachments

    Outcomes