Script to email successful Ftp logins

Shell Script to email Successful Ftp Logins.

This Shell script will search the server logs on daily basis and will email you the successful Ftp Logins of the day. The ftp logs are saved in the /var/log/messages file as by default there is no separate log file for Ftp in Linux.

Create a file /home/script/ftplogins.sh and paste the below code:

#!/bin/bash

#Retrieve the current date

CUR_DATE=`date +”%b %e”`

#Create a temporary file to store the logs
touch /tmp/out.txt

echo “List Follows” > /tmp/out.txt

#Search the successful attempts and save in the temporary file

/bin/grep “$CUR_DATE” /var/log/messages | grep pure-ftpd | grep logged >> /tmp/out.txt

#Email the contents of the file to your email address
/bin/mail -s “Successful Ftp Login Attempts on ‘$CUR_DATE'” youremail@yourdomain.com < /tmp/out.txt

Save the file. You now have to schedule a cron to execute the file once in a day to search logs. Edit the cron file

crontab -e

and add the following cron job

59 23 * * * /bin/sh /home/script/ftplogins.sh

Note:

1) This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.

2) If you copy/paste the script as it is in shell, the single and double quotes may change to dots (.) so make sure you correct them before executing the script.

This entry was posted on Tuesday, December 1st, 2009 and is filed under Scripts. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

19 Responses to “Script to email successful Ftp logins”

  1. imitrex
    December 1st, 2009 at 4:20 pm

    +100

  2. Even Success
    January 11th, 2010 at 11:33 am

    Simple, but it work. Thanks.

  3. Nilesh
    April 30th, 2010 at 2:44 am

    i did all the required things but i didn’t get below

    Note: This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.

    where to edit the search string a bit according to your Ftp server ?

  4. admin
    April 30th, 2010 at 4:48 am

    If you have Pure-ftpd on your server, the script will work fine. The “Note” is just to mention that if the ftp server is different than Pure-ftpd, the search string will vary accordingly…

    I will write down the search strings for different Ftp servers i.e. proftp, vsftp etc and place the script here.

  5. Ed
    May 23rd, 2010 at 11:33 am

    Are you seeing any blank messages being sent with only the “List Follows” output in latest cPanel builds. This is on CentOS 5.5.

    Thanks

  6. admin
    May 23rd, 2010 at 9:32 pm

    Hi Ed,

    CentOS 5.5 should not affect the way the script works. If you are receiving blank messages you may still be using the old script which had that problem. I have modified the script a bit with respect to “date” a week ago which should work well. BTW, are you using Pure-Ftp as your Ftp server?

  7. Ed
    May 24th, 2010 at 10:29 am

    Pure-ftpd.

    Using the new version. Still suspect CentoOS 5.5 and cPanel as the logging picked up by Logwatch has changed also since the update.

    Thank you.

  8. Ed
    May 24th, 2010 at 6:22 pm

    Seems like the problem is here:

    https://bugzilla.redhat.com/show_bug.cgi?id=583621

  9. Ed
    May 24th, 2010 at 11:12 pm

    One other thing that would be helpful would be to exclude the localhost logins from the email results.

    Thanks

  10. admin
    May 26th, 2010 at 10:45 am

    Hi Ed,

    I have sent you an email asking for some details. Please check it.

    And yes, if you could forward a sample log of what you mean by ‘localhost’ login, I will edit the script accordingly.

  11. admin
    May 27th, 2010 at 8:15 am

    Hi Ed,

    Thanks for the email. Here is the text you need to add in the Search line to exclude localhost Ftp logins:

    sed ‘/127\.0\.0\.1/d’

    The Search line will now look like the following:

    /bin/grep “$CUR_DATE” /var/log/messages | grep pure-ftpd | grep logged | sed ‘/127\.0\.0\.1/d’ >> /tmp/out.txt

    Hope this helps.

  12. Ed
    May 27th, 2010 at 10:38 am

    The sed directive does indeed work to filter out the localhost logins.

    Thank you.

  13. indar
    November 17th, 2010 at 11:32 am

    Iam very happy that i got this script but in my case iam having rhel5 and vsftp can you please provide the search string for the vsftp.

    Thank you very much
    indar

  14. admin
    November 17th, 2010 at 11:53 am

    Hello Indar,

    Could you paste OR email me a few lines of your VSFTP logs i.e. the logs when a user logs in successfully and even if the user fails to login? I will update the script and will email you. Ofcourse, I will update here in the comments as well for others to see 🙂

  15. indar
    November 17th, 2010 at 3:04 pm

    Thank you very much for the reply

    As the log entries are logged only to /var/log/messages, few of them i have filtered and with the LOGIN OK: the same has been emailed to you for your reference.

  16. indar
    November 17th, 2010 at 3:10 pm

    Sorry the /var/log/messages are filtered with the regular expression of \”OK LOGIN:\” by mistake in the previous post had entered as LOGIN OK:

  17. admin
    November 18th, 2010 at 8:24 am

    No problems. Will check them out and will provide you an update.

  18. admin
    November 18th, 2010 at 9:07 am

    Hello Indar,

    Just replace the “bin/grep” line in the script with the following and you should be good to go

    /bin/grep “$CUR_DATE” /var/log/messages | grep vsftpd | grep “OK LOGIN” | sed ‘/127\.0\.0\.1/d’ >> /tmp/out.txt

    if you need a customize output, let me know and I will give a try.

Trackbacks

  1. LinuxHostingSupport.net » Blog Archive » Script to email … Scripts Rss