Hi, The logins module was not terribly useful for me b/c I just ended up seeing the same set of logins over and over and over again b/c my users are those who do the same thing, commonly. It ended up just being noise in the log report and I couldn't sensibly parse it.
With that in mind I modified it to keep a sqlite db of all system logins. It uses this db to determine what is common login.
so if user skvidal logs in once at 2pm using ssh(pk) on the host login.mydomain.org. I should get a notice about it.
However, the next time they do the same thing, to the same place, at the same time of day(plus or minus a time_fuzz) amount using the same service don't add it to the report. Just skip it.
But if they login at 4pm, let me know that they logged in.
This helps me by just reporting the outliers the oddball logins. So if a user has never logged into host X before, I'll see that in the log report.
I checked it into git upstream: http://git.fedorahosted.org/git/?p=epylog.git;a=commitdiff;h=84101b41b0eb769...
let me know if it does or does not work for you.
the config file for the module is commented pretty well.
suggestions welcome. -sv