Monitoring Proftpd

My major problem with proftpd is the real time monitoring of log analysis.

I will try to describe on this post the current solution I have build on my proftpd server.


  • Proftpd + mysql
  • Perl + Perl-MIME-Lite + Perl-MailsTools + Perl-DBI and Perl-DBD-mysql

ProFTPD + MySQL Authentication + E-Mail Monitor

First step is to sending an alert by email when a user update or connect to the ftp
This howto become from this great tutorial:
ProFTPD + MySQL Authentication + E-Mail Monitor Howto

The idea is to make a crontab script which check every X minutes that the field « modified » or « accessed » has been updated.

Logon to MySQL and issue the following command:


CREATE TABLE ftpusermonitor (
  id int(10) unsigned NOT NULL,
  userid varchar(32) NOT NULL default '',
  accessed datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  PRIMARY KEY  (id),
  UNIQUE KEY userid (userid)

You need to add this row to the ftpusermonitor table whenever you add a new ftp user :


INSERT INTO ftpusermonitor (id, userid) SELECT id, userid FROM ftpuser WHERE userid='myuser';

Now just copy this script on you ftp server:


#! /usr/bin/perl

# Monitor updates to FTP directories
# Author: Stefano Radice <>

use strict;
use DBI;
use MIME::Lite;

my $server = 'localhost';
my $db = 'ftp';
my $dblogin = 'root';
my $dbpwd = 'password';
my $ftpalert = '';
#my $dbquery ="SELECT, a.userid, a.modified FROM ftpuser a INNER JOIN ftpusermonitor b ON = WHERE a.modified > b.modified";
my $dbquery ="SELECT, a.userid, a.accessed FROM ftpuser a INNER JOIN ftpusermonitor b ON = WHERE a.accessed > b.accessed";

my $dbh = DBI->connect("dbi:mysql:$db:$server", $dblogin, $dbpwd);
my $sth = $dbh->prepare($dbquery);

my @dbrow;

while(@dbrow=$sth->fetchrow_array()) {
    my $subject='FTP Update: ' . $dbrow[1];
    my $body=("The user -".$dbrow[1]. "- has acceded his FTP home.");
    my $dbupd="UPDATE ftpusermonitor SET accessed='". $dbrow[2] . "' WHERE id=" . $dbrow[0];
#       my $dbupd=
#          "UPDATE ftpusermonitor SET modified='". $dbrow[2] . "' WHERE id=" . $dbrow[0];

$sth->finish( );

sub send_mail {
    print "Evoie d'un email\n";
    my($to, $from, $subject, $body)=@_;

    my $msg = new MIME::Lite
        From    =>$from,
        To      =>$to,
        Subject =>$subject,
        Type    =>'TEXT',
        Data    =>$body;
    $msg -> send;


Make this script executable:


# chmod 700

and add this script in you crontab file:


# ftpmonitoring
*/5 * * * * /usr/sbin/

Logs Analysis

First step is webalizer installation:


[root@pussycat plugins]# yum install webalizer

now add in your /etc/proftpd.conf:
In the general config:


TransferLog none     # WARNING: TransferLog directive might need to be placed inside a virtual host context if you use them.

In the <Anonymous>:


  TransferLog                 /var/log/proftpd/xferlog.legacy

Now edit your /etc/webalizer.conf:


LogFile        /var/log/proftpd/xferlog.legacy
LogType	ftp
OutputDir      /var/www/html/admin/webalizer
HistoryName	/var/lib/webalizer/webalizer.hist
Incremental	yes
IncrementalName	/var/lib/webalizer/webalizer.current
HostName       pussycat
PageType	htm*
PageType	cgi
PageType        php
PageType        shtml
DNSCache	/var/lib/webalizer/dns_cache.db

DNSChildren	10
Quiet	   yes

FoldSeqErr	yes
HideURL		*.gif
HideURL		*.GIF
HideURL		*.jpg
HideURL		*.JPG
HideURL		*.png
HideURL		*.PNG
HideURL		*.ra

SearchEngine	p=
SearchEngine	q=
SearchEngine	q=
SearchEngine	q=
SearchEngine	query=
SearchEngine	MT=
SearchEngine		MT=
SearchEngine	qt=
SearchEngine	webcrawler	searchText=
SearchEngine	excite		search=
SearchEngine	search=
SearchEngine	query=
SearchEngine	query=
SearchEngine  qr=
# End of configuration file...  Have a nice day!

In your crontab file:


# webalizer for proftpd
10 3 * * * root /usr/bin/webalizer > /dev/null

Ce contenu a été publié dans Linux. Vous pouvez le mettre en favoris avec ce permalien.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *