What I want/need/desire is to log when a user logs into my FTP server.

Problem: I can't make swatch work the way I should be able to.

This data is logged to a file - but of course these logs are not kept very long. I can't keep the logs around forever, but I can extract data from then, analyze it, store results elsewhere.

If there is a better way to do this than the following, I'm all ears.

Swatch version 3.2.3

Perl 5.12

FTP: VSFTP

OS (Test): OS X 10.6.8

OS (Production): Solaris

From man I see I can pass contents to a command .. so I should be able to echo those values to file, do a sed/cut/uniq thing on them for stats.

$ man swatch
(snip)
exec command
       Execute command. The command may contain variables which 
       are substituted with    fields from the matched line. A $N 
       will be replaced by the Nth field in
       the line. A $0 or $* will be replaced by the entire line.

Swatch file .swatchrc

watchfor /OK LOGIN/
 echo=red    
 pipe "echo "0: $0 1:$1 2:$2 3:$3 4:$4 5:$5" >> /Users/bdunbar/dev/ftplog/output.txt"

Launch with

$ swatch -c /Users/bdunbar/.swatchrc --script-dir /Users/bdunbar/dev/ftplog -t /Users/bdunbar/dev/ftplog/vsftpd.log &

Test

echo "Mon July  9 03:11:07 2012 [pid 14938] [aetech] OK LOGIN: Client "206.209.255.227"" >>  vsftpd.log

Results - it's echoing to TTY. This is not needed or desired on the server, but it does tell me things are working.

ftplog  
*** swatch version 3.2.3 (pid:25780) started at Mon Jul  9 15:23:33 CDT 2012

Mon July  9 03:11:07 2012 [pid 14938] [aetech] OK LOGIN: Client 206.209.255.227

Results - bad! I appear to not be sending the variables to text.

$ tail -f output.txt
0: /Users/bdunbar/dev/ftplog/.swatch_script.25780 1: 2: 3: 4: 5: