Shell Script to email Successful Ftp Logins.
This Shell script will search the server logs on daily basis and will email you the successful Ftp Logins of the day. The ftp logs are saved in the /var/log/messages file as by default there is no separate log file for Ftp in Linux.
Create a file /home/script/ftplogins.sh and paste the below code:
#!/bin/bash
#Retrieve the current date
CUR_DATE=`date +”%b %e”`
#Create a temporary file to store the logs
touch /tmp/out.txtecho “List Follows” > /tmp/out.txt
#Search the successful attempts and save in the temporary file
/bin/grep “$CUR_DATE” /var/log/messages | grep pure-ftpd | grep logged >> /tmp/out.txt
#Email the contents of the file to your email address
/bin/mail -s “Successful Ftp Login Attempts on ‘$CUR_DATE’” youremail@yourdomain.com < /tmp/out.txt
Save the file. You now have to schedule a cron to execute the file once in a day to search logs. Edit the cron file
crontab -e
and add the following cron job
59 23 * * * /bin/sh /home/script/ftplogins.sh
Note:
1) This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.
2) If you copy/paste the script as it is in shell, the single and double quotes may change to dots (.) so make sure you correct them before executing the script.
Tags: ftp login attempts script, how to check ftp logged in users in linux?, how to check successful Ftp logins?, linux server and ftp logs, log file for pureftp server, logs of successful ftp logged in users, Script to email successful Ftp logins, script to track successful ftp logged in users, where are pure-ftpd logs saved?
December 1st, 2009 at 10:41 am
[...] post: LinuxHostingSupport.net » Blog Archive » Script to email … By admin | category: search script | tags: are-saved, daily-basis, ftp-logs, [...]
December 1st, 2009 at 4:20 pm
+100
January 11th, 2010 at 11:33 am
Simple, but it work. Thanks.
April 30th, 2010 at 2:44 am
i did all the required things but i didn’t get below
Note: This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.
where to edit the search string a bit according to your Ftp server ?
April 30th, 2010 at 4:48 am
If you have Pure-ftpd on your server, the script will work fine. The “Note” is just to mention that if the ftp server is different than Pure-ftpd, the search string will vary accordingly…
I will write down the search strings for different Ftp servers i.e. proftp, vsftp etc and place the script here.
May 23rd, 2010 at 11:33 am
Are you seeing any blank messages being sent with only the “List Follows” output in latest cPanel builds. This is on CentOS 5.5.
Thanks
May 23rd, 2010 at 9:32 pm
Hi Ed,
CentOS 5.5 should not affect the way the script works. If you are receiving blank messages you may still be using the old script which had that problem. I have modified the script a bit with respect to “date” a week ago which should work well. BTW, are you using Pure-Ftp as your Ftp server?
May 24th, 2010 at 10:29 am
Pure-ftpd.
Using the new version. Still suspect CentoOS 5.5 and cPanel as the logging picked up by Logwatch has changed also since the update.
Thank you.
May 24th, 2010 at 6:22 pm
Seems like the problem is here:
https://bugzilla.redhat.com/show_bug.cgi?id=583621
May 24th, 2010 at 11:12 pm
One other thing that would be helpful would be to exclude the localhost logins from the email results.
Thanks
May 26th, 2010 at 10:45 am
Hi Ed,
I have sent you an email asking for some details. Please check it.
And yes, if you could forward a sample log of what you mean by ‘localhost’ login, I will edit the script accordingly.
May 27th, 2010 at 8:15 am
Hi Ed,
Thanks for the email. Here is the text you need to add in the Search line to exclude localhost Ftp logins:
sed ‘/127\.0\.0\.1/d’
The Search line will now look like the following:
/bin/grep “$CUR_DATE” /var/log/messages | grep pure-ftpd | grep logged | sed ‘/127\.0\.0\.1/d’ >> /tmp/out.txt
Hope this helps.
May 27th, 2010 at 10:38 am
The sed directive does indeed work to filter out the localhost logins.
Thank you.