Solved

ftp login email alert in linux

Posted on 2010-11-16
39
755 Views
Last Modified: 2013-11-29
Dear Experts:

I have been asked from the managment to setup a RHEL5 server in such a way if the real users of the server login from the internet through the ftp service an automatic email alert should be sent,  for this i have installed , snort , swatch, barnyard these are working fine but i do not know how and where to setup the "automatic email alert for the ftp logins". I am looking for an automatic email alert only for the successfull ftp logins, reason is we have around 25 real users who access our server through the ftp service.   As a admin i can check manually the log files by tail -f - /var/log/vsftpd.log and find the details but the managment requires automatic EMAIL alert please hlep me in setting up this

Thanks
0
Comment
Question by:D_wathi
  • 20
  • 18
39 Comments
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
for once you can use logtool with retail.

Install the two programs and read the documentation here:
http://xjack.org/logtool/logtool.txt

You can do a lot of things, but what you want is basically:
* Configure logtool to filter the messages from vsftpd.log to get the successfull ftp logins.
* Combine it with retail in a cronjob to run every minute
* Send the eventually generated output via email

Samples of this are in the link provided above.

The retail command is like a tail, it tails text-files, but it has a memory, so if you run it again on the same file, it knows where it left of before and just delivers the new information.

With this you should be able to get near realtime information on the ftp logins!

best
Ray
0
 

Author Comment

by:D_wathi
Comment Utility
Sir, thank you very much , you have mentioned two programs i downloaded compiled and installed logtool-1.2.8, and i think the other program you refer is retail , please let me know where to i get this for download, thanks in adavnce.
0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
it's here:

http://xjack.org/retail/


best
Ray
0
 

Author Comment

by:D_wathi
Comment Utility
Sir, thanks you very much , Iam extremely sorry to ask this as i have time limitation to setup this can you please help me how to do the following
Configure logtool to filter the messages from vsftpd.log to get the successfull ftp logins.
* Combine it with retail in a cronjob to run every minute
* Send the eventually generated output via email

0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
Well, it's rather easy:

create a file which defines the log-pattern to match, like:
/usr/local/etc/logtail-ftpsuccess.inc

You have to put a regular expression in the above file which will match a successfull login in the vsftpd log, if you do not know how to do that post the vsftpd log with examples of sucessfull and not successfull logins and I can create it for you.


then create a bash script e.g. in /usr/local/sbin with the name logtool-ftpsuccess.sh

chmod the script to:
chmod a+x /usr/local/sbin/logtool-ftpsuccess.sh

and put this in:

#!/bin/bash

# mail a report to x@x.com
retail /var/log/vsftpd.log | logtool -o ascii -i /usr/local/etc/logtool-ftpsuccess.inc > /tmp/mail.msg

if [ -s /tmp/mail.msg ] ; then
  cat /tmp/mail.msg | mail -s "Successfull FTP Login" Your@mail.address
fi

Open in new window


then add this report to the crontab of root like:
crontab -e

and add:
* * * * * /usr/local/sbin/logtool-ftpsuccess.sh


This is out of my head, but it should work, if you get spammed with mails just edit again the crontab file with crontab -e and put a # in from of the line to deactivate it so we can debug it.

the if with -s checks if the file has a size of 0, it could be that the if there is no output that it has a size of 1, if this is the case, we have to change the if a bit, but I guess it will work.
0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
Add after the line #/bin/bash in the logtool-ftpsuccess.sh script:

rm /tmp/mail.msg

so it get's deleted before dumping new data into it.

best
0
 

Author Comment

by:D_wathi
Comment Utility
Sir , thank you very much , in the log /var/log/vsftpd.log i do not see the reg expression entires like success or failure only the user names  are getting generated , attached /var/log/vsftpd.log for your reference please help me in this , please help
vsftpdlog.txt
0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
I am not very familiar with redhat, what other files do you have in /var/log? On my debian system for example I get all security related (e.g. logins, login attempts, etc.) in a file called /var/log/auth.

0
 

Author Comment

by:D_wathi
Comment Utility
Sir attached the log of /var/log/messages which has an entries of vsftpd logins, request you to please extract the regular expression from this file and request you to give the /usr/local/etc/logtail-ftpsuccess.inc
Thank you very very much.

vsftpdlog.txt
0
 
LVL 3

Expert Comment

by:paulwquinn
Comment Utility
As an alternative, see:

http://linuxhostingsupport.net/blog/script-to-email-successful-ftp-logins

The script may need some minor customizations (it currently references Pure-ftpd).

Just cron it up to check as frequently as you like. See the associated comments for how to eliminate localhost logins, if necessary.
0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
Ok, just put:

OK LOGIN:

in the file:
/usr/local/etc/logtail-ftpsuccess.inc


and you should be fine!

best
0
 

Author Comment

by:D_wathi
Comment Utility
Sir , thanks for the great support. also the provided link http://linuxhostingsupport.net/blog/script-to-email-successful-ftp-logins , is for the pure-ftpd can you please help me for the vsftpd.

Thank you

0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
well, you should have everything going with the help I gave you, is something not working?
0
 

Author Comment

by:D_wathi
Comment Utility
Sir will check it tomorrow as i have reached home will update tomorrow for sure will trouble is anything goes wrong. Thank you very much for the great support.
0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
no problem, you should be fine, if not, I'm here tomorrow too.

best
0
 

Author Comment

by:D_wathi
Comment Utility
Sir , i took ssh and did as per your instructions , iam getting the alert mail iam really very much happy to see the email alert but the only problem is iam getting continous mail of ftp logins and all their transactions from past several days , it will be really great if i can get an alert on the real time login that is the moment anybody logins the alert mail should be generated, as the log files are huge hence attaced the part of the content of the first email request you to please check this and help such that only login succes is captured on real time and alert is sent.

Thank you


alert-mail-1.txt
0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
on the first run this is expacted, the retail command should start in the second run from the last parsed position, so you will have all logins within the last minute, if the cronjob will run every minute.

what worries me is the filtered text, can you please post the output of:

cat /var/log/vsftpd.log | logtool -o ascii -i /usr/local/etc/logtool-ftpsuccess.inc

best


0
 

Author Comment

by:D_wathi
Comment Utility
Sir , i had forgotten to add following after the #/bin/bash
rm /tmp/mail.msg

now added like rm -rf  /tmp/mail.msg

please let me know is it beause of this the continous email


0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
It could be, but be so kind and paste the output of this command so I can be sure that the filter is working:

cat /var/log/vsftpd.log | logtool -o ascii -i /usr/local/etc/logtool-ftpsuccess.inc

0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:D_wathi
Comment Utility
Sir, as required by you executed the command
cat /var/log/vsftpd.log | logtool -o ascii -i /usr/local/etc/logtool-ftpsuccess.inc > logrpt.txt
and attached the logrpt.txt for your reference, please help


logrpt.txt
0
 

Author Comment

by:D_wathi
Comment Utility
Sir ,sorry i did a mistake should have used /var/log/messages not the /var/log/vsftpd.log will for a while and get back
0
 

Author Comment

by:D_wathi
Comment Utility
Sir , now iam getting the email log alert in the different format attached for your reference , please check and help me
varlogmessages.txt
0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
hang on, I am testing it now, something is fishy
0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
ok, I tested it on my system with the data from the file you pasted on comment id: 34155049 (the vfstpd.log). and it works fine.

can you show me your content of:
cat /usr/local/etc/logtool-ftpsuccess.inc

--- this is what I have on my test system:

what's in my incl file (which should be the your /usr/local/etc/logtool-ftpsuccess.inc):
ray@dev-01:~$ cat incl
OK LOGIN

Now what the logtool displays for your log and my ./incl file:
ray@dev-01:~$ cat test | logtool -o ascii -i ./incl
Nov 17 19:39:31 authserver vsftpd: Wed Nov 17 14:09:31 2010 [pid 14931] [bt_outsrc] OK LOGIN: Client "117.199.5.172"
Nov 17 19:40:21 authserver vsftpd: Wed Nov 17 14:10:21 2010 [pid 15039] [bt_outsrc] OK LOGIN: Client "117.200.114.85"
Nov 17 19:40:28 authserver vsftpd: Wed Nov 17 14:10:28 2010 [pid 15058] [vanishreeht] OK LOGIN: Client "117.192.169.146"
Nov 17 19:41:06 authserver vsftpd: Wed Nov 17 14:11:06 2010 [pid 15129] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:06 authserver vsftpd: Wed Nov 17 14:11:06 2010 [pid 15131] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:06 authserver vsftpd: Wed Nov 17 14:11:06 2010 [pid 15135] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:06 authserver vsftpd: Wed Nov 17 14:11:06 2010 [pid 15133] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:06 authserver vsftpd: Wed Nov 17 14:11:06 2010 [pid 15138] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:07 authserver vsftpd: Wed Nov 17 14:11:07 2010 [pid 15145] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:07 authserver vsftpd: Wed Nov 17 14:11:07 2010 [pid 15147] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:07 authserver vsftpd: Wed Nov 17 14:11:07 2010 [pid 15150] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:07 authserver vsftpd: Wed Nov 17 14:11:07 2010 [pid 15153] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:07 authserver vsftpd: Wed Nov 17 14:11:07 2010 [pid 15156] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:09 authserver vsftpd: Wed Nov 17 14:11:09 2010 [pid 15160] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:09 authserver vsftpd: Wed Nov 17 14:11:09 2010 [pid 15162] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:09 authserver vsftpd: Wed Nov 17 14:11:09 2010 [pid 15165] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:09 authserver vsftpd: Wed Nov 17 14:11:09 2010 [pid 15168] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:09 authserver vsftpd: Wed Nov 17 14:11:09 2010 [pid 15171] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:10 authserver vsftpd: Wed Nov 17 14:11:10 2010 [pid 15182] [vanishreeht] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:10 authserver vsftpd: Wed Nov 17 14:11:10 2010 [pid 15184] [vanishreeht] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:10 authserver vsftpd: Wed Nov 17 14:11:10 2010 [pid 15187] [vanishreeht] OK LOGIN: Client "192.168.1.3"
Nov 17 19:41:27 authserver vsftpd: Wed Nov 17 14:11:27 2010 [pid 15206] [bt_outsrc] OK LOGIN: Client "117.193.161.70"
Nov 17 19:41:34 authserver vsftpd: Wed Nov 17 14:11:34 2010 [pid 15220] [vanishreeht] OK LOGIN: Client "117.192.169.146"



this seems to be exactly what you are after, so something has to be wrong in your files.

best
Ray
0
 

Author Comment

by:D_wathi
Comment Utility
Sir , as required posted below
 cat /usr/local/etc/logtail-ftpsuccess.inc
OK LOGIN:
0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
ok, eliminate the ":" from this file, but I do not think this is the problem, but eliminate it anyway.

then try again this command as root:
cat /var/log/vsftpd.log | logtool -o ascii -i /usr/local/etc/logtool-ftpsuccess.inc

what is the output?

If it is not working after eliminating the colon (":"), please paste:

cat -A /usr/local/etc/logtool-ftpsuccess.inc

and
ls -latrh /usr/local/etc/logtool-ftpsuccess.inc

best
0
 

Author Comment

by:D_wathi
Comment Utility
Sir, also
cat /usr/local/sbin/logtool-ftpsuccess.sh

#!/bin/bash
rm -rf /tmp/mail.msg

# mail a report to x@x.com
retail /var/log/messages | logtool -o ascii -i /usr/local/etc/logtool-ftpsuccess.inc > /tmp/mail.msg

if [ -s /tmp/mail.msg ] ; then
  cat /tmp/mail.msg | mail -s "Successfull FTP Login" indar@hotmail.com
fi
-----------------------------------
latest email alert is posted below for your reference:
Nov 17 22:40:01 authserver vsftpd: Wed Nov 17 17:10:01 2010 [pid 5943] [mellonbank] OK DOWNLOAD: Client "192.168.1.2", "/00033619_Caterpillar_20101117_1001353183_mail_4425.wav", 121405 bytes, 8025.97Kbyte/secNov 17 22:40:01 authserver vsftpd: Wed Nov 17 17:10:01 2010 [pid 5943] [mellonbank] OK DOWNLOAD: Client "192.168.1.2", "/00033620_Caterpillar_20101117_1001353186_mail_4425.wav", 180539 bytes, 10421.30Kbyte/secNov 17 22:40:03 authserver vsftpd: Wed Nov 17 17:10:03 2010 [pid 5943] [mellonbank] OK DOWNLOAD: Client "192.168.1.2", "/00033621_Caterpillar_20101117_1001353188_mail_4425.wav", 294116 bytes, 11014.83Kbyte/secNov 17 22:40:03 authserver vsftpd: Wed Nov 17 17:10:03 2010 [pid 16780] [bt_outsrc] OK DOWNLOAD: Client "192.168.1.15", "/Transcribed/November 2010/17/CBG/Dinil CBG 061 (50-100).doc", 25088 bytes, 7867.69Kbyte/secNov 17 22:40:04 authserver vsftpd: Wed Nov 17 17:10:04 2010 [pid 5943] [mellonbank] OK DOWNLOAD: Client "192.168.1.2", "/00033622_Hershey_20101117_1001353190_email_4425.wav", 209030 bytes, 10924.85Kbyte/secNov 17 22:40:05 authserver vsftpd: Wed Nov 17 17:10:05 2010 [pid 5943] [mellonbank] OK DOWNLOAD: Client "192.168.1.2", "/00033623_SouthernCompany_20101117_1001353177_mail_4425.wav", 26390 bytes, 8329.50Kbyte/secNov 17 22:40:07 authserver vsftpd: Wed Nov 17 17:10:07 2010 [pid 4597] [rupesh] OK DOWNLOAD: Client "115.242.70.213", "/Siddharth/November_2010/18/P1_C0264_U0008_D20101117100130_MPhone-20101117-100130.wav", 2233402 bytes, 12.02Kbyte/secNov 17 22:40:14 authserver vsftpd: Wed Nov 17 17:10:14 2010 [pid 5943] [mellonbank] OK DELETE: Client "192.168.1.2", "/00033623_SouthernCompany_20101117_1001353177_mail_4425.wav"Nov 17 22:40:14 authserver vsftpd: Wed Nov 17 17:10:14 2010 [pid 5943] [mellonbank] OK DELETE: Client "192.168.1.2", "/00033622_Hershey_20101117_1001353190_email_4425.wav"Nov 17 22:40:14 authserver vsftpd: Wed Nov 17 17:10:14 2010 [pid 5943] [mellonbank] OK DELETE: Client "192.168.1.2", "/00033621_Caterpillar_20101117_1001353188_mail_4425.wav"Nov 17 22:40:14 authserver vsftpd: Wed Nov 17 17:10:14 2010 [pid 5943] [mellonbank] OK DELETE: Client "192.168.1.2", "/00033620_Caterpillar_20101117_1001353186_mail_4425.wav"Nov 17 22:40:14 authserver vsftpd: Wed Nov 17 17:10:14 2010 [pid 5943] [mellonbank] OK DELETE: Client "192.168.1.2", "/00033619_Caterpillar_20101117_1001353183_mail_4425.wav"Nov 17 22:40:56 authserver smbd[26663]: [2010/11/17 22:40:56, 0] smbd/service.c:make_connection(1235) Nov 17 22:40:56 authserver smbd[26663]: computer54 (192.168.1.25) couldn't find service profiles Nov 17 22:40:56 authserver smbd[26663]: [2010/11/17 22:40:56, 0] smbd/service.c:make_connection(1235) Nov 17 22:40:56 authserver smbd[26663]: computer54 (192.168.1.25) couldn't find service profiles Nov 17 22:41:01 authserver vsftpd: Wed Nov 17 17:11:01 2010 [pid 6178] CONNECT: Client "69.20.57.27"



0
 

Author Comment

by:D_wathi
Comment Utility
Sir , similar log even after eliminating ":"  also as required posted below

cat -A /usr/local/etc/logtool-ftpsuccess.inc
cat: /usr/local/etc/logtool-ftpsuccess.inc: No such file or directory

i think we are looking for

cat -A /usr/local/etc/logtail-ftpsuccess.inc
OK LOGIN$
$
$

and

ls -latrh /usr/local/etc/logtool-ftpsuccess.inc
ls: /usr/local/etc/logtool-ftpsuccess.inc: No such file or directory
i think we are looking for
ls -latrh /usr/local/etc/logtail-ftpsuccess.inc
-rw-r--r-- 1 root root 11 Nov 17 22:50 /usr/local/etc/logtail-ftpsuccess.inc
0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
Ah, ok, than that seems to be the problem!

rename
/usr/local/etc/logtail-ftpsuccess.inc
to
/usr/local/etc/logtool-ftpsuccess.inc

(mv /usr/local/etc/logtail-ftpsuccess.inc /usr/local/etc/logtool-ftpsuccess.inc)


and try this again:
cat /var/log/vsftpd.log | logtool -o ascii -i /usr/local/etc/logtool-ftpsuccess.inc

0
 

Author Comment

by:D_wathi
Comment Utility
Sir, thanks for the reply, was really missing you,

did rename like
# mv /usr/local/etc/logtail-ftpsuccess.inc /usr/local/etc/logtool-ftpsuccess.inc and then executed the below below command :
# cat /var/log/messages | logtool -o ascii -i /usr/local/etc/logtool-ftpsuccess.inc # in my case it is /var/log/messages hence iam considering the /var/log/message.

sir not the output looks has the exact filter , posted below for your reference:
Nov 18 13:29:08 authserver vsftpd: Thu Nov 18 07:59:08 2010 [pid 23759] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 18 13:29:08 authserver vsftpd: Thu Nov 18 07:59:08 2010 [pid 23762] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 18 13:29:08 authserver vsftpd: Thu Nov 18 07:59:08 2010 [pid 23765] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 18 13:29:08 authserver vsftpd: Thu Nov 18 07:59:08 2010 [pid 23769] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 18 13:30:49 authserver vsftpd: Thu Nov 18 08:00:49 2010 [pid 24200] [sbs_mt] OK LOGIN: Client "218.248.84.84"
Nov 18 13:33:05 authserver vsftpd: Thu Nov 18 08:03:05 2010 [pid 24706] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:05 authserver vsftpd: Thu Nov 18 08:03:05 2010 [pid 24708] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:05 authserver vsftpd: Thu Nov 18 08:03:05 2010 [pid 24709] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:05 authserver vsftpd: Thu Nov 18 08:03:05 2010 [pid 24714] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:05 authserver vsftpd: Thu Nov 18 08:03:05 2010 [pid 24716] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:06 authserver vsftpd: Thu Nov 18 08:03:06 2010 [pid 24729] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:06 authserver vsftpd: Thu Nov 18 08:03:06 2010 [pid 24731] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:06 authserver vsftpd: Thu Nov 18 08:03:06 2010 [pid 24734] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:06 authserver vsftpd: Thu Nov 18 08:03:06 2010 [pid 24737] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:06 authserver vsftpd: Thu Nov 18 08:03:06 2010 [pid 24740] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:08 authserver vsftpd: Thu Nov 18 08:03:08 2010 [pid 24746] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:08 authserver vsftpd: Thu Nov 18 08:03:08 2010 [pid 24748] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:08 authserver vsftpd: Thu Nov 18 08:03:08 2010 [pid 24751] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:08 authserver vsftpd: Thu Nov 18 08:03:08 2010 [pid 24754] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:08 authserver vsftpd: Thu Nov 18 08:03:08 2010 [pid 24757] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 18 13:33:38 authserver vsftpd: Thu Nov 18 08:03:38 2010 [pid 24883] [opus2] OK LOGIN: Client "117.202.139.10"
Nov 18 13:33:53 authserver vsftpd: Thu Nov 18 08:03:53 2010 [pid 24932] [shubashree] OK LOGIN: Client "203.122.42.225"
Nov 18 13:35:06 authserver vsftpd: Thu Nov 18 08:05:06 2010 [pid 25231] [sbs_mt] OK LOGIN: Client "118.95.10.164"
Nov 18 13:36:05 authserver vsftpd: Thu Nov 18 08:06:05 2010 [pid 25436] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:05 authserver vsftpd: Thu Nov 18 08:06:05 2010 [pid 25438] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:05 authserver vsftpd: Thu Nov 18 08:06:05 2010 [pid 25442] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:05 authserver vsftpd: Thu Nov 18 08:06:05 2010 [pid 25441] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:06 authserver vsftpd: Thu Nov 18 08:06:06 2010 [pid 25452] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:06 authserver vsftpd: Thu Nov 18 08:06:06 2010 [pid 25454] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:06 authserver vsftpd: Thu Nov 18 08:06:06 2010 [pid 25457] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:06 authserver vsftpd: Thu Nov 18 08:06:06 2010 [pid 25461] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:08 authserver vsftpd: Thu Nov 18 08:06:08 2010 [pid 25480] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:08 authserver vsftpd: Thu Nov 18 08:06:08 2010 [pid 25483] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:08 authserver vsftpd: Thu Nov 18 08:06:08 2010 [pid 25485] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:08 authserver vsftpd: Thu Nov 18 08:06:08 2010 [pid 25491] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:08 authserver vsftpd: Thu Nov 18 08:06:08 2010 [pid 25494] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:08 authserver vsftpd: Thu Nov 18 08:06:08 2010 [pid 25500] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 18 13:36:09 authserver vsftpd: Thu Nov 18 08:06:09 2010 [pid 25507] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:05 authserver vsftpd: Thu Nov 18 08:09:05 2010 [pid 26122] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:05 authserver vsftpd: Thu Nov 18 08:09:05 2010 [pid 26124] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:05 authserver vsftpd: Thu Nov 18 08:09:05 2010 [pid 26128] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:05 authserver vsftpd: Thu Nov 18 08:09:05 2010 [pid 26126] [kalpanaa] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:05 authserver vsftpd: Thu Nov 18 08:09:05 2010 [pid 26131] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:06 authserver vsftpd: Thu Nov 18 08:09:06 2010 [pid 26140] [scriptacomahd] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:06 authserver vsftpd: Thu Nov 18 08:09:06 2010 [pid 26143] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:06 authserver vsftpd: Thu Nov 18 08:09:06 2010 [pid 26146] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:06 authserver vsftpd: Thu Nov 18 08:09:06 2010 [pid 26149] [scriptchennai] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:06 authserver vsftpd: Thu Nov 18 08:09:06 2010 [pid 26153] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:08 authserver vsftpd: Thu Nov 18 08:09:08 2010 [pid 26160] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:08 authserver vsftpd: Thu Nov 18 08:09:08 2010 [pid 26162] [shubashree] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:08 authserver vsftpd: Thu Nov 18 08:09:08 2010 [pid 26165] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:08 authserver vsftpd: Thu Nov 18 08:09:08 2010 [pid 26169] [sudha_s] OK LOGIN: Client "192.168.1.3"
Nov 18 13:39:08 authserver vsftpd: Thu Nov 18 08:09:08 2010 [pid 26171] [sudha_s] OK LOGIN: Client "192.168.1.3"







out put for your reference





0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
ok, so this looks fine, now try again with the cron job, and it should send you an email every minute if there are OK LOGIN in the logs.

the retail should take care to only read from where it left of last time!

best
Ray
0
 

Author Comment

by:D_wathi
Comment Utility
Yes sir , i have become you fan. iam really happy with the experts-exchange and special thanks for you , finally before closing how to setup the cron to send eamil alerts for every one hour i did like the below
@hourly /usr/local/sbin/logtool-ftpsuccess.sh

did not get any message for hourly. please do this one final help.




0
 

Author Comment

by:D_wathi
Comment Utility
Sir

for hourly email alert i have done the following please correct me if iam wrong:
cp logtool-ftpsuccess.sh /etc/cron.hourly/
0
 
LVL 7

Accepted Solution

by:
Hatrix76 earned 500 total points
Comment Utility
Yes, that should be sufficient.

to be sure these are really worked upon can you paste:

cat /etc/crontab

0
 

Author Comment

by:D_wathi
Comment Utility
Sir, the output of  #cat /etc/crontab :
cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

# this is for caching name server
*/10 * * * * root /usr/sbin/rndc dumpdb
# this is for sarg
01 00 * * * root /opt/safesquid/safesquid/scripts/sargscript.sh
# this is for webalizer
15 00 * * * root /usr/bin/webalizer
# this is for calamaris
#  this is not yet done
#30 00 * * * root /opt/safesquid/safesquid/scripts/calamaris.sh
0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
Yes, that will be fine, /etc/cron.hourly is executed every hour with run-parts, so it will pickup the script.

just make sure it has execute permissions (should have them because of the chmod a+x).

Just wait a few hours and if the mails come in OK you'l be fine, if you need more help, just ask,

best

Ray
0
 

Author Comment

by:D_wathi
Comment Utility
Sir, started getting mail hourly and also how i wanted in th same format , credit goes to none other than you, great support once again thank you very much. i would like to send a greeting and personal thanks if you do not mind can you please share your personal email account then one which you normally check on everday.

Thanks for expets exchange and thank you sir







0
 
LVL 7

Expert Comment

by:Hatrix76
Comment Utility
You are very welcome! Glad i could help, you can reach me at rs@noplace.to

All the best,
Ray
0
 

Author Closing Comment

by:D_wathi
Comment Utility
great support
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now