Hi all,
I meant to follow up with this sooner; I found a hack'ish way (tested only
on RedHat) to display all of the USB hard drives inserted on a Linux system
over the past X days. you guys may have a look and think of a much better
way to do this, I only had a few hours to come up with something .. I
don't regularly code so feel free to comment.. Also, the issue is that some
drives do not list the LABEL ( I think FAT was one of them).
Steps
Search for sdb, sdc, etc. entries in messages* which contain the string
"logical blocks" :
less /var/log/messages* | grep "sd[b-e]" | grep "logical blocks" >
${RAWUSB}
Then, this is where it gets a little weird, go back through the list found
in RAWUSB, and for each line extract month/day/hour, and use that to
basically look for the nearby entries in messages* which have a drive
label. If no label just put label it "standard drive"
while read line; do
# -- Search for similar entry in log around the same time (find the
label)
MONTH="`echo ${line} | awk '{print $1}'`" ; # -- Jul
DAY="`echo ${line} | awk '{print $2" "}'`" # -- day_
HOUR="`echo ${line} | awk '{print $3}' | cut -d':' -f1`:" # -- hour:
LABEL=`grep "sd[b-e]" /var/log/messages* | grep -i "label" | grep
"${MONTH}" | grep "${DAY}" | grep "${HOUR}" | head -n 1 | sed -n -e
'/^[^(]*(\([^)]*\)).*/s//\1/p'`
PART=`echo ${line} | sed -n -e '/^[^(]*(\([^)]*\)).*/s//\1/p'` # --
Drive label (if avail) (i.e. "My Drive").
DATE="`echo ${line} | awk '{print $1}' | cut -d':' -f2` `echo
${line} | awk '{print $2" "$3}'`" # --Print date (i.e. Aug 28 11:34:24)
if ! [ -z "${LABEL}" ] ;then
echo "${DATE} : Device : ${PART} Label : [${LABEL}]" >>
${USBFOUND}
else
echo "${DATE} : Device : ${PART} Label : Standard Drive" >>
${USBFOUND}
fi
done < ${RAWUSB}
This is the output for ALL of the devices so we need to filter result for
CONST_MAXDAYS, I just used the date command because it seemed very reliable:
Something like this:
for (( i=0; i<=${CONST_MAXDAYS}; i++)) ;do
egrep $(date --date "now -${i} days" +%b) ${USBFOUND} | grep
$(date --date "now -${i} days" +%e) >> ${TEMPFILE}
done
sort -k1,1M -k2,2n ${TEMPFILE} | uniq >> ${LOGFILE}
(it may be 31 days but good enough)
Here's some sample output:
OUTPUT:
(the first part here comes from another search)
#
------------------------------------------------------------------------------------------------#
## USB Device Summary (may contain other external devices)
#
------------------------------------------------------------------------------------------------#
AirCard 320U
Android Phone
Firebird6Up9
FLASH DRIVE
FreeAgent GoFlex
MMC Storage
Passport 071A
Relay UFD
Slim TravelDrive
Storage Device
Technologies MSM
#
------------------------------------------------------------------------------------------------#
## USB Storage Devices (USB drives plugged into this system)
## The following shows USB storage insertions (drives plugged in) over the
past [ 30 days]
#
------------------------------------------------------------------------------------------------#
Aug 1 15:43:25 : Device : 7.95 GB/7.41 GiB Label : Standard Drive
Aug 2 14:54:31 : Device : 31.6 GB/29.4 GiB Label : [Read-Write, label
"WINPART", NTFS 3.1]
Aug 2 17:00:15 : Device : 16.2 GB/15.1 GiB Label : [Read-Write, label
"MIKEQUICK", NTFS 3.1]
Aug 3 17:13:44 : Device : 7.95 GB/7.41 GiB Label : Standard Drive
Aug 6 14:08:22 : Device : 31.6 GB/29.4 GiB Label : [Read-Write, label
"MIKEQUICK", NTFS 3.1]
Aug 9 19:36:12 : Device : 8.00 GB/7.45 GiB Label : [Read-Write, label
"MIKETEST", NTFS 3.1]
Aug 9 20:00:29 : Device : 7.95 GB/7.41 GiB Label : [Read-Write, label "HP
USB FD", NTFS 3.1]
Aug 14 12:50:29 : Device : 1.50 TB/1.36 TiB Label : [Read-Write, label
"FreeAgent GoFlex Drive", NTFS 3.1]
Aug 15 13:30:57 : Device : 8.00 GB/7.45 GiB Label : Standard Drive
Aug 17 20:18:10 : Device : 1.50 TB/1.36 TiB Label : [Read-Write, label
"FreeAgent GoFlex Drive", NTFS 3.1]
Aug 17 20:27:20 : Device : 1.50 TB/1.36 TiB Label : [Read-Write, label
"FreeAgent GoFlex Drive", NTFS 3.1]
Aug 23 22:53:19 : Device : 16.2 GB/15.1 GiB Label : [Read-Write, label
"MEDIA", NTFS 3.1]
Aug 25 21:18:16 : Device : 16.2 GB/15.1 GiB Label : [Read-Write, label
"HP USB FD", NTFS 3.1]
... ... ....
On Fri, Aug 10, 2012 at 8:46 AM, Chris Knadle <[email protected]>wrote:
> On Thursday, August 09, 2012 17:34:20, Michael Quick wrote:
> > Hi,
> > In a bash script I want to list all of the USB drives that have been
> > connected to my system. Anyone have a clue on the best way to do this ?
>
> It depends on what you're looking for.
>
> 'lsusb' can list USB devices, but that will only get you a device ID.
>
> If what you're looking for is a device you can *mount* then I suggest
> looking
> under /dev/disk/<subdirs> which is the area where udev. Within there are
> several subdirectories:
>
> /by-label/ -> you can mount devices by drive label
> /by-uuid/ -> you can mount by filesystem UUID
> /by-path/ -> you can mount device partitions by path
> /by-id/ -> you can mount filesystems by device ID
>
> -- Chris
>
> --
> Chris Knadle
> [email protected]
> _______________________________________________
> Mid-Hudson Valley Linux Users Group http://mhvlug.org
> http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug
>
> Upcoming Meetings (6pm - 8pm) Vassar College
> Sep 5 - OpenStack
> Oct 3 - Mobile Web Development
> Nov 7 - Typography: Physical Art to Digital Art
>
_______________________________________________
Mid-Hudson Valley Linux Users Group http://mhvlug.org
http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug
Upcoming Meetings (6pm - 8pm) Vassar College
Oct 3 - Mobile Web Development
Nov 7 - Typography: Physical Art to Digital Art
Dec 5 - Sysadmin Panel
