diff --git a/script.py b/script.py
index 1a64edc..23233f5 100644
--- a/script.py
+++ b/script.py
@@ -74,20 +74,19 @@ list_package_upgrade = subprocess.run(["grep","-E", dpkg_date + '.*upgrade|upgra
 list_package_remove = subprocess.run(["grep","-E", dpkg_date + '.*remove|remove.*' + dpkg_date, "/var/log/dpkg.log"], capture_output=True).stdout.decode('UTF-8').splitlines()
 
 print("start running the service commands, this sometimes takes longer");
-logins_today_log = subprocess.run(["sudo", "journalctl","_COMM=systemd-logind", "-g", "New session" ] + get_journalctl_on(), check=True, capture_output=True)
+
 
 # journalctl --utc
+
+journal_today = run_command(["sudo", "journalctl","_COMM=useradd", "_COMM=usermod", "_COMM=userdel","_COMM=groupremove", "_COMM=groupadd","-r"] + get_journalctl_on()).splitlines()
+
 # TODO this is not working with the time ago. name should be grepped from user_created_today
 last_user_added = subprocess.run(["sudo", "journalctl","_COMM=useradd","-r","-n", "1" , "--output-fields=MESSAGE"], capture_output=True)
 last_user_added_name = run_command(['grep', '-Po', "(?<=name)\W*\K[^ ]*"], based=last_user_added.stdout)
 users_created_today = run_command(["sudo", "journalctl","_COMM=useradd","-r"] + get_journalctl_on()).splitlines()
 
 
-# TODO: merge into one command and then grep the various _COMM\s, wrap in a function
-groupadd_today_log = subprocess.run(["sudo", "journalctl","_COMM=groupadd","-r"] + get_journalctl_on(), check=True, capture_output=True)
-groupremove_today_log = subprocess.run(["sudo", "journalctl","_COMM=groupremove","-r"] + get_journalctl_on(), check=True, capture_output=True)
-usermod_today_log = subprocess.run(["sudo", "journalctl","_COMM=usermod","-r"] + get_journalctl_on(), check=True, capture_output=True)
-userdel_today_log = subprocess.run(["sudo", "journalctl","_COMM=userdel","-r"] + get_journalctl_on(), check=True, capture_output=True)
+journal_today = subprocess.run(["sudo", "journalctl","_COMM=systemd-logind","_COMM=useradd", "_COMM=usermod", "_COMM=userdel","_COMM=groupremove", "_COMM=groupadd","-r"] + get_journalctl_on(), check=True, capture_output=True)
 
 kitchen_services = run_command(["sudo", "journalctl", "-u", "kitchen-stove.service", "-u", "kitchen-bin.service", "-u", "kitchen-fridge.service", "-r", "-n"] + get_journalctl_on()).splitlines()
 
@@ -115,6 +114,16 @@ output = template.render(
     list_active_services = run_command(["sudo", "service", "--status-all"]).splitlines() if not time_ago_arg else False,
     debian_version = run_command(["cat", "/etc/debian_version"]) if not time_ago_arg else False,
     hostname = run_command(["hostname","-i"]) if not time_ago_arg else False,
+    
+    
+    groups_created = run_command(['grep', '-v','groupadd'], based=journal_today.stdout).splitlines(),
+    groups_removed = run_command(['grep', '-v','groupremove'], based=journal_today.stdout).splitlines(),
+    users_created_today = run_command(['grep', '-v','useradd'], based=journal_today.stdout).splitlines(),
+    user_modified = run_command(['grep', '-v','usermod'], based=journal_today.stdout).splitlines(),
+    user_deleted = run_command(['grep', '-v','userdel'], based=journal_today.stdout).splitlines(),
+    logins_today = run_command(['grep', '-v','New session'], based=journal_today.stdout).splitlines(),
+    
+    
     logins_today = run_command(['grep', '-v', "Boot"], based=logins_today_log.stdout).splitlines(),
     groups_created = run_command(['grep', '-v', "Boot"], based=groupadd_today_log.stdout).splitlines(),
     groups_removed = run_command(['grep', '-v', "Boot"], based=groupremove_today_log.stdout).splitlines(),