Script to email successful Ftp logins

Shell Script to email Successful Ftp Logins.

This Shell script will search the server logs on daily basis and will email you the successful Ftp Logins of the day. The ftp logs are saved in the /var/log/messages file as by default there is no separate log file for Ftp in Linux.

Create a file /home/script/ and paste the below code:


#Retrieve the current date

CUR_DATE=`date +”%b %e”`

#Create a temporary file to store the logs
touch /tmp/out.txt

echo “List Follows” > /tmp/out.txt

#Search the successful attempts and save in the temporary file

/bin/grep “$CUR_DATE” /var/log/messages | grep pure-ftpd | grep logged >> /tmp/out.txt

#Email the contents of the file to your email address
/bin/mail -s “Successful Ftp Login Attempts on ‘$CUR_DATE'” < /tmp/out.txt

Save the file. You now have to schedule a cron to execute the file once in a day to search logs. Edit the cron file

crontab -e

and add the following cron job

59 23 * * * /bin/sh /home/script/


1) This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.

2) If you copy/paste the script as it is in shell, the single and double quotes may change to dots (.) so make sure you correct them before executing the script.

This entry was posted on Tuesday, December 1st, 2009 and is filed under Scripts. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

19 Responses to “Script to email successful Ftp logins”

  1. imitrex


  2. Even Success

    Simple, but it work. Thanks.

  3. Nilesh

    i did all the required things but i didn’t get below

    Note: This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.

    where to edit the search string a bit according to your Ftp server ?

  4. admin

    If you have Pure-ftpd on your server, the script will work fine. The “Note” is just to mention that if the ftp server is different than Pure-ftpd, the search string will vary accordingly…

    I will write down the search strings for different Ftp servers i.e. proftp, vsftp etc and place the script here.

  5. Ed

    Are you seeing any blank messages being sent with only the “List Follows” output in latest cPanel builds. This is on CentOS 5.5.


  6. admin

    Hi Ed,

    CentOS 5.5 should not affect the way the script works. If you are receiving blank messages you may still be using the old script which had that problem. I have modified the script a bit with respect to “date” a week ago which should work well. BTW, are you using Pure-Ftp as your Ftp server?

  7. Ed


    Using the new version. Still suspect CentoOS 5.5 and cPanel as the logging picked up by Logwatch has changed also since the update.

    Thank you.

  8. Ed
  9. Ed

    One other thing that would be helpful would be to exclude the localhost logins from the email results.


  10. admin

    Hi Ed,

    I have sent you an email asking for some details. Please check it.

    And yes, if you could forward a sample log of what you mean by ‘localhost’ login, I will edit the script accordingly.

  11. admin

    Hi Ed,

    Thanks for the email. Here is the text you need to add in the Search line to exclude localhost Ftp logins:

    sed ‘/127\.0\.0\.1/d’

    The Search line will now look like the following:

    /bin/grep “$CUR_DATE” /var/log/messages | grep pure-ftpd | grep logged | sed ‘/127\.0\.0\.1/d’ >> /tmp/out.txt

    Hope this helps.

  12. Ed

    The sed directive does indeed work to filter out the localhost logins.

    Thank you.

  13. indar

    Iam very happy that i got this script but in my case iam having rhel5 and vsftp can you please provide the search string for the vsftp.

    Thank you very much

  14. admin

    Hello Indar,

    Could you paste OR email me a few lines of your VSFTP logs i.e. the logs when a user logs in successfully and even if the user fails to login? I will update the script and will email you. Ofcourse, I will update here in the comments as well for others to see 🙂

  15. indar

    Thank you very much for the reply

    As the log entries are logged only to /var/log/messages, few of them i have filtered and with the LOGIN OK: the same has been emailed to you for your reference.

  16. indar

    Sorry the /var/log/messages are filtered with the regular expression of \”OK LOGIN:\” by mistake in the previous post had entered as LOGIN OK:

  17. admin

    No problems. Will check them out and will provide you an update.

  18. admin

    Hello Indar,

    Just replace the “bin/grep” line in the script with the following and you should be good to go

    /bin/grep “$CUR_DATE” /var/log/messages | grep vsftpd | grep “OK LOGIN” | sed ‘/127\.0\.0\.1/d’ >> /tmp/out.txt

    if you need a customize output, let me know and I will give a try.


  1. » Blog Archive » Script to email … Scripts Rss