Help

Last User update frequency?

duffcalifornia
Contributor

Posted on ‎10-25-2017 02:36 PM

Hello all

For security purposes, we want to capture the last user logged into a certain machine. I installed the Last User EA into our JSS and it captures this info, but it doesn't seem to be instant, repetitive, or triggered by anything in particular.

Is this triggered by a simple check in? An inventory update? Is there any way to change how frequently it's run? Looking for guidance for my security team.

0 Kudos
Reply
2 REPLIES 2

Look
Valued Contributor III

Posted on ‎10-25-2017 05:06 PM

If it's an EA it only updates on Inventory Update.
Technically to keep it accurate you could have a login trigger policy to update inventory, but there are issues with doing this to frequently and you probably don't want to do this so often especially in a lab environment.
One thing you could do that should mitigate load would be a login policy that used the API to update a text based EA, then it would only be updating that one piece of information and it would be up to date as long as the JSS was visible at login time.

0 Kudos
Reply

scott_borcherdt
New Contributor II

Posted on ‎10-25-2017 05:54 PM

Create a policy to run sudo jamf log (or rather just 'jamf log' as it runs as root anyway) with a login trigger.

This will update the current username without doing a complete recon.

0 Kudos
Reply