Skip to content

Instantly share code, notes, and snippets.

@rushipkar90

rushipkar90/ftplogcheck.pl

Created September 25, 2015 16:36
Show Gist options
  • Save rushipkar90/3e86ea98d2347e6d2caf to your computer and use it in GitHub Desktop.
Save rushipkar90/3e86ea98d2347e6d2caf to your computer and use it in GitHub Desktop.
Download ZIP
ftplogcheck.pl
Raw
ftplogcheck.pl
#!/usr/bin/perl
use warnings;
use strict;
use Getopt::Long;
use Data::Dumper;
my $file = '';
my $csv = 0;
my $all = 0;
GetOptions(
'file=s' => \$file,
'csv' => \$csv,
'all' => \$all,
);
if (!$file) {
print "Usage: ftplogcheck.pl --file=/var/log/messages --csv --all\n";
exit 1;
}
my %info;
open my $f, '<', '/etc/ips';
my @ips = <$f>;
close($f);
open $f, '<', $file;
while (<$f>) {
chomp;
next unless $_ =~ /pure-ftpd/;
next unless $_ =~ /uploaded/;
$_ =~ s/[\(\)]//g;
my @parts = split(/\s+/);
my $upload = $parts[7];
my @loginparts = split('@', $parts[5]);
my $ip = pop(@loginparts);
my $login = join('@', @loginparts);
next if $ip eq '127.0.0.1';
next if grep /$ip:/, @ips;
next if $upload eq 'Deleted';
next if $upload eq 'Timeout';
next if $upload eq 'File';
next if $upload eq 'Logout.';
next if $upload eq "Can't";
my $home = (split('/', $upload))[2] ? (split('/', $upload))[2] : 0;
$info{$ip}{homes}{$home}{$upload}++;
$info{$ip}{files}{$login}++;
}
foreach my $ip (keys %info) {
if ($all || scalar(keys %{$info{$ip}{homes}}) > 1) {
if (!$csv) {
print "$ip\n";
print '=' x 80;
print "\n";
}
for my $home (keys %{$info{$ip}{homes}}) {
if (!$csv) {
print "$home\n";
print '-' x 80;
print "\n";
}
for my $file (keys %{$info{$ip}{homes}{$home}}) {
if (!$csv) {
print "$file\n";
} else {
print "$ip,$home,$file\n";
}
}
print "\n" if (!$csv);
}
print "\n" if (!$csv);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment