Amal P Ramesh Asks:
SFTP user login details real-time filtering
I have enabled the SFTP login log into the default logfile
/var/log/syslog
and tried to filter the login time of each user and insert it into the database.
But the filtering is not worked as I expected.
Sample log file:
Code:
Jun 23 15:47:03 ip-172-16-0-62 systemd[24938]: Reached target Shutdown.
Jun 23 15:47:03 ip-172-16-0-62 systemd[24938]: Starting Exit the Session..c.
Jun 23 15:47:03 ip-172-16-0-62 systemd[24938]: Received SIGRTMIN+24 from PID 24980 (kill).
Jun 23 15:47:03 ip-172-16-0-62 systemd[1]: Stopped User Manager for UID 1051.
Jun 23 15:47:03 ip-172-16-0-62 systemd[1]: Removed slice User Slice of nidasu.
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Created slice User Slice of ftpuser1.
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Starting User Manager for UID 1069...
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Started Session 11907571 of user ftpuser1.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Listening on REST API socket for snapd user session agent.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Paths.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Timers.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Sockets.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Basic System.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Default.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Startup finished in 15ms.
Needs to filter user login messages, like:
Code:
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Started Session 11907571 of user ftpuser1.
I need to grep it out by matching the string "Started Session
11907571
of user
ftpuser1
"
The session number
11907571
is a random number and usernames also differ so grepping can ignore the numbers and usernames, only need to check the string like: **"Started Session *** of user ***"
And need to parse the line and
grep
the
date + time
, and username then insert it into the MySQL database.
If there is any option to create a daemon process to run and insert the details into DB, it will help me to do the task.
SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.