xferlog can be filtered then written into syslog with the utility 'logger'. Here's a script with check_log style. Column 8 and 15 is the ip / id pair:
xferlog=/var/log/proftpd/xferlog
if [ ! -f ${xferlog}.old ]; then
cp $xferlog ${xferlog}.old
fi
diff $xferlog ${xferlog}.old | grep "<" | awk '{print $8 " " $15}' | while read LINE
do
logger $LINE
done
rm -rf ${xferlog}.old
cp $xferlog ${xferlog}.old
沒有留言:
張貼留言