HI All,
there is a way/query to know user last lo...
# fleeti
Ibra
08/18/2022, 12:57 PMHI All,
there is a way/query to know user last logon/logout?
in a few words I want to run a query through the gui, where I see the last time the pc was online and the last time the pc went offline to track pc on and off times
j
Jason
08/18/2022, 1:50 PMThere is the
lastuptimei
Ibra
08/18/2022, 1:53 PMthanks @Jason i have found the uptime table but i can't find last table
g
Guillaume
08/18/2022, 2:00 PMAre we talking about Windows specifically?
i
Ibra
08/18/2022, 2:00 PMyes
g
Guillaume
08/18/2022, 2:01 PMIf so you could use the event log table with eventIDs 6005, 6006, 6013. 6005 = event log starts (boot), 6006 = event log stops (shutdown), 6013 is regular logging of uptime
i
Ibra
08/18/2022, 2:05 PMokay, I point out that I turned on a pc a little while ago, as last fetched it shows 2 minutes ago, however as uptine it still detects 2 days ago and not the last on 2 minutes ago, is this normal?
Ibra
08/18/2022, 2:09 PM@Guillaume I'm doing the queries on the db where fleet is installed and not on osquery installed on the endpoints, but I can't find the tables you mentioned
j
Jason
08/18/2022, 2:09 PMAh. That's not quite how it all works
g
Guillaume
08/18/2022, 2:11 PMyou are not querying through the Fleet interface?
Guillaume
08/18/2022, 2:11 PMthe Fleet DB contains some information about hosts, which is updated roughly hourly when hosts are online
i
Ibra
08/18/2022, 2:11 PMno through mysql query on fleet db
g
Guillaume
08/18/2022, 2:12 PMok so the hosts page contains “last restarted” - that should get updated within an hour or so, or you can click refresh on the host page
4 Views