vsftpd的纪录档

已经有开启vsftpd的log功能

但是尝试几次之后发现到只有纪录上传跟下载

想请问有没有什么方式可以得知除了上传或下载以外的纪录？

另外纪录格式如下：
Thu Dec 16 16:34:24 2010 1 ::ffff:192.168.40.1 0 /home/456/2
a _ o r kev1 ftp 0 * c

想请问说有没有哪里可以看到格式的说明？

还想请问是否有办法可以让vsftpd发现有使用者突然大量上传下载档案就可以立即通报系统管理员的方法?

vsftpd.conf

xferlog_enable=YES
log_ftp_protocol=YES
xferlog_file=/var/log/vsftpd.log


Sun Dec 18 05:57:52 2010 [pid 3056] [bx2aa] FTP command: Client "192.168.2.100", "PORT 192,168,2,100,19,137"
Sun Dec 18 05:57:52 2010 [pid 3056] [bx2aa] FTP response: Client "192.168.2.100", "200 PORT command successful. Consider using PASV."
Sun Dec 18 05:57:52 2010 [pid 3056] [bx2aa] FTP command: Client "192.168.2.100", "STOR test2.txt"
Sun Dec 18 05:57:52 2010 [pid 3056] [bx2aa] FTP response: Client "192.168.2.100", "150 Ok to send data."
Sun Dec 18 05:57:52 2010 [pid 3056] [bx2aa] OK UPLOAD: Client "192.168.2.100", "/test/test2.txt", 14 bytes, 3.75Kbyte/sec
Sun Dec 18 05:57:52 2010 [pid 3056] [bx2aa] FTP response: Client "192.168.2.100", "226 Transfer complete."

cat /var/log/vsftpd.log | grep "Kbyte"
Sun Dec 19 05:53:35 2010 [pid 3056] [bx2aa] OK UPLOAD: Client "192.168.2.100", "/test/test2.txt", 14 bytes, 2.54Kbyte/sec
Sun Dec 19 05:57:52 2010 [pid 3056] [bx2aa] OK UPLOAD: Client "192.168.2.100", "/test/test2.txt", 14 bytes, 3.75Kbyte/sec
Sun Dec 19 06:27:06 2010 [pid 3310] [bx2aa] OK UPLOAD: Client "192.168.2.100", "/test3.txt", 633 bytes, 70.33Kbyte/sec

用 cat 有资料, 用 tail -f 不知为何不行所以目前我没方法监控大量传输的问题!

[root@localhost ~]# cat /var/log/vsftpd.log | grep "Kbyte" | sed -e "s/.*, \(.*\)Kbyte\/sec/\1/"
2.54
3.75
70.33

[root@localhost ~]# tail -f /var/log/vsftpd.log | grep "Kbyte" | sed -e "s/.*, \(.*\)Kbyte\/sec/\1/"
没有任何讯息, 目前是用 RHEL 6 测试的.

tail 没办法用改用 crontab 每分钟执行, 或是五分钟随便!

takespeed.sh
cat /var/log/vsftpd.log | grep "Kbyte" | sed -e "s/.*, \(.*\)\.[0123456789][0123456789]Kbyte\/sec/\1/"

check.sh
for i in $(`takespeed.sh`); do if [ $i -gt 100 ]; then echo \>100Kbyte

查阅大於 100Kbyte 速度的 vsftpd.log
cat /var/log/vsftpd.log | grep "[0123456789][0123456789][0123456789]\.[0123456789][0123456789]Kbyte"

将 echo ..... 改寄 mail 请用 google 搜寻 BASH 自动寄信

[bx2aa@localhost]#check.sh
>100Kbyte

大量上传下载档案...
我一直想问问...
何谓"大量上传下载档案"??

请问是问 kevin7326 还是问我?

问我的话我是随便定义的, 例如针对帐号出现次数计算或上传下载档案数量计算, 针对档案的大小计算或是我上面的是针对占用频宽来算.

呃...主要是问kevin7326吧?

顺便问问,vsftpd没有像proftpd一样,Log也可以往SQL丢的功能吗??
网路上大概Google了一下,只看到建立在SQL里的虚拟帐号...

把 vsftpd.log 丢到 syslog.
vsftpd.conf
syslog_enable=YES
然后用 rsyslog-mysql.
看看可不可以!

[root@localhost ~]# tail /var/log/messages
Dec 19 23:25:22 localhost vsftpd[2575]: [bx2aa] FTP response: Client "192.168.2.100", "550 Failed to open file."
Dec 19 23:25:22 localhost vsftpd[2575]: [bx2aa] FAIL DOWNLOAD: Client "192.168.2.100", "/test2.txt", 0.00Kbyte/sec
Dec 19 23:25:35 localhost vsftpd[2575]: [bx2aa] FTP command: Client "192.168.2.100", "PORT 192,168,2,100,19,138"
Dec 19 23:25:35 localhost vsftpd[2575]: [bx2aa] FTP response: Client "192.168.2.100", "200 PORT command successful. Consider using PASV."
Dec 19 23:25:35 localhost vsftpd[2575]: [bx2aa] FTP command: Client "192.168.2.100", "STOR mail7.exe"
Dec 19 23:25:35 localhost vsftpd[2575]: [bx2aa] FTP response: Client "192.168.2.100", "150 Ok to send data."
Dec 19 23:25:35 localhost vsftpd[2575]: [bx2aa] OK UPLOAD: Client "192.168.2.100", "/mail7.exe", 4608 bytes, 47.27Kbyte/sec
Dec 19 23:25:35 localhost vsftpd[2575]: [bx2aa] FTP response: Client "192.168.2.100", "226 Transfer complete."
Dec 19 23:25:38 localhost vsftpd[2575]: [bx2aa] FTP command: Client "192.168.2.100", "QUIT"
Dec 19 23:25:38 localhost vsftpd[2575]: [bx2aa] FTP response: Client "192.168.2.100", "221 Goodbye."