Our security team has setup a script on our Windows devices to track when a computer is logged in at the "console" level, and want to replicate this on the Mac side. They are interested in the following types of logins:
- Interactive (logon at keyboard and screen of system)
- CachedInteractive (logon with cached domain credentials such as when logging on to a laptop when away from the network)
They then take who the user is, the date/time and the result and pipe it to a CSV for data aggregation later. The basic output looks like (separated by "|"):
DOMA/ServiceAccount|3/28/2018 3:59:06 PM|Failure
DOMA/ServiceAccount|3/28/2018 3:58:42 PM|Failure
DOMA/ServiceAccount|3/28/2018 3:58:37 PM|Failure
DOMA/ServiceAccount|3/28/2018 3:46:46 PM|Failure
DOMA/ServiceAccount|3/28/2018 3:39:08 PM|Failure
DOMA/ServiceAccount|3/28/2018 3:32:58 PM|Failure
DOMA/ServiceAccount|3/28/2018 3:30:39 PM|Failure
DOMA/ServiceAccount|3/28/2018 3:28:53 PM|Failure
DOMB/User12345|3/28/2018 3:25:46 PM|Success
DOMB/User12345|3/28/2018 3:14:44 PM|Success
DOMB/User12345|3/28/2018 2:51:29 PM|Success
DOMB/User12345|3/28/2018 2:51:28 PM|Success
DOMB/User12345|3/28/2018 2:29:48 PM|Success
DOMB/User12345|3/28/2018 2:06:01 PM|Success
DOMB/User54321|3/28/2018 12:40:46 PM|Success
DOMB/User54321|3/28/2018 12:40:34 PM|Success
DOMB/User54321|3/28/2018 12:40:31 PM|Failure
"DOMA" and "DOMB" are domain "a" and domain "b" respectively.
Does anyone know of a way to script this to put in a LaunchAgent?
