powered by Jive Software

Where to find IP address of user logged-out 6 hours ago?

Hey, hi, all,

Our organization is tracking a stolen MacBookPro here in Portland, Oregon, and we see that the thief logged-in & logged-out 5 or 6 hours ago from the general user conenctions status page but it does not show the IP address. The police are asking for hard evidence. Is the IP of that log-in session inside of a table inside of mySQL that I can query it out of there somwhere. I need it & need it fast to have any hope of tacking this thing.

Thanks so very much for all tips.

In the meantime, we check the email server & firewall logs for more info’, but those have not yielded yet.

Thanks.

Openfire’s warning log sometimes shows IPs, but only when some errors occur with them. I dont think IPs are stored somewhere in the database.

Thanks for that. I continue to look. There simply MUST be a place where a client’s IP is stored, there must be. I know it shows it when a client is actually connected, but we need it from the last location they were connected from. I saw this:

http://blogs.reucon.com/srt/2007/07/14/user_status_plugin_for_openfire.html

… but dont know too much about it.

I think this would be helpful. I wonder if others think so.

Thanks.

What it shows on the Sessions page can be just stored in the memory, but not ever written into database. User status plugin is saving IPs into database (as it is written in the description, though i’ve never tested that), but you should have it already installed before that person logged in.Now it’s too late for that.