Last User update frequency?

duffcalifornia
Contributor

Hello all

For security purposes, we want to capture the last user logged into a certain machine. I installed the Last User EA into our JSS and it captures this info, but it doesn't seem to be instant, repetitive, or triggered by anything in particular.

Is this triggered by a simple check in? An inventory update? Is there any way to change how frequently it's run? Looking for guidance for my security team.

2 REPLIES 2

Look
Valued Contributor III

If it's an EA it only updates on Inventory Update.
Technically to keep it accurate you could have a login trigger policy to update inventory, but there are issues with doing this to frequently and you probably don't want to do this so often especially in a lab environment.
One thing you could do that should mitigate load would be a login policy that used the API to update a text based EA, then it would only be updating that one piece of information and it would be up to date as long as the JSS was visible at login time.

scott_borcherdt
New Contributor II

Create a policy to run sudo jamf log (or rather just 'jamf log' as it runs as root anyway) with a login trigger.

This will update the current username without doing a complete recon.