I have two hosts: HOST1, HOST2. A user can log in by ssh to the HOST2 only from the HOST1.
I need to search logins to the HOST2, if user did not previously log in to HOST1.

Sample logs
Apr 21 19:02:30 HOST1 sshd[7710]: pam_unix(sshd:session): session closed for user root
Apr 21 19:01:46 HOST2 sshd[9897]: pam_unix(sshd:session): session closed for user root
Apr 21 19:01:46 HOST2 sshd[9897]: Received disconnect from 192.168.0.43: 11: disconnected by user
Apr 21 18:20:01 HOST2 sshd[9897]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 21 18:20:00 HOST2 sshd[9897]: Accepted password for root from 192.168.0.43 port 35017 ssh2
Apr 21 18:19:35 HOST1 sshd[7710]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 21 18:19:35 HOST1 sshd[7710]: Accepted password for root from 192.168.0.72 port 49680 ssh2

tried the transaction command, but didn't catch how to make a proper request.

anybody did the same?