Examining FTP logs in messages files

Posted on by Admin

Watch live logs:
tail -f /var/log/messages|grep USERNAME
tail -f /var/log/messages|grep IP_ADDRESS

Find recent logs from a user:
tail -10000 /var/log/messages|grep USERNAME

Find all logs from a user:
grep uploaded /var/log/messages|grep USERNAME
grep uploaded /var/log/messages.*|grep USERNAME

Find recent logs from a user, which has uploaded:
tail -10000 /var/log/messages|grep USERNAME|grep uploaded

Find all logs from a user, which has uploaded:
grep USERNAME /var/log/messages|grep uploaded
grep USERNAME /var/log/messages.*|grep uploaded

Find connecting IP addresses for a user:
grep USERNAME /var/log/messages.*|awk {‘ print $6’}|cut -d@ -f2|cut -d\) -f1|sort -n|uniq

Find all connecting IP addresses:
grep LOGIN /var/log/messages*|awk {‘ print $6 ‘}|cut -d\@ -f2|cut -d\) -f1|sort -n|uniq

Find all connecting IP addresses, then find hostnames:
for i in $(grep LOGIN /var/log/messages*|awk {‘ print $6 ‘}|cut -d\@ -f2|cut -d\) -f1|sort -n|uniq);do echo -n $i’: ‘;host $i;done

Find all connecting IP addresses, which have uploaded:
grep uploaded /var/log/messages*|awk {‘ print $6 ‘}|cut -d\@ -f2|cut -d\) -f1|sort -n|uniq

Find all connecting IP addresses, which have uploaded, then find hostnames:
for i in $(grep uploaded /var/log/messages*|awk {‘ print $6 ‘}|cut -d\@ -f2|cut -d\) -f1|sort -n|uniq);do echo -n $i’: ‘;host $i;done

Find all users which have uploaded:
grep -e IP -e uploaded /var/log/messages*|awk {‘ print $8 ‘}|grep USERNAME|sort|uniq

Find all connecting IP addresses which have uploaded, then find hostnames:
for i in $(grep -e IP -e uploaded /var/log/messages*|awk {‘ print $8 ‘}|grep USERNAME|sort|uniq);do echo -n $i’: ‘;host $i;done

Find all uploads from a user, which has uploaded, then list the files:
grep -e IP -e uploaded /var/log/messages*|awk {‘ print $8 ‘}|grep USERNAME|sort|uniq|xargs ls -la

Find logs, while excluding IP addresses:
grep USERNAME /var/log/messages|grep -v -e 127.0.0.1 -e 10.0.0.1