Hi,
I need to check to see if a list of users (150+) have logged in recently. The data comes in via syslog, and I've been able to extract the usernames from the syslog. I created a lookup file that contains just the usernames. How can I validate that these people have logged in? I can run a search that extracts the syslog messages, but how do I validate it against the lookup table? Or am I going about this all wrong?