SWATCH - what am I doing wrong?
- by Brian Dunbar
What I want/need/desire is to log when a user logs into my FTP server.
Problem: I can't make swatch work the way I should be able to.
This data is logged to a file - but of course these logs are not kept very long. I can't keep the logs around forever, but I can extract data from then, analyze it, store results elsewhere.
If there is a better way to do this than the following, I'm all ears.
Swatch version 3.2.3
Perl 5.12
FTP: VSFTP
OS (Test): OS X 10.6.8
OS (Production): Solaris
From man I see I can pass contents to a command .. so I should be able to echo those values to file, do a sed/cut/uniq thing on them for stats.
$ man swatch
(snip)
exec command
Execute command. The command may contain variables which
are substituted with fields from the matched line. A $N
will be replaced by the Nth field in
the line. A $0 or $* will be replaced by the entire line.
Swatch file .swatchrc
watchfor /OK LOGIN/
echo=red
pipe "echo "0: $0 1:$1 2:$2 3:$3 4:$4 5:$5" >> /Users/bdunbar/dev/ftplog/output.txt"
Launch with
$ swatch -c /Users/bdunbar/.swatchrc --script-dir /Users/bdunbar/dev/ftplog -t /Users/bdunbar/dev/ftplog/vsftpd.log &
Test
echo "Mon July 9 03:11:07 2012 [pid 14938] [aetech] OK LOGIN: Client "206.209.255.227"" >> vsftpd.log
Results - it's echoing to TTY. This is not needed or desired on the server, but it does tell me things are working.
ftplog
*** swatch version 3.2.3 (pid:25780) started at Mon Jul 9 15:23:33 CDT 2012
Mon July 9 03:11:07 2012 [pid 14938] [aetech] OK LOGIN: Client 206.209.255.227
Results - bad! I appear to not be sending the variables to text.
$ tail -f output.txt
0: /Users/bdunbar/dev/ftplog/.swatch_script.25780 1: 2: 3: 4: 5:
