[Logwatch-Devel] vsftpd does not show "0 bytes" in its log

Georgi Georgiev chutz at gg3.net
Sat Sep 10 09:13:54 MST 2005


maillog: 10/09/2005-12:09:38(+0900): Георги Георгиев types
> I very often see entries like the following:
> 
> Sat Sep 10 06:48:09 2005 [pid 24765] [ftp] FAIL DOWNLOAD: Client "83.168.76.146", "/pub/linux/gentoo/distfiles/nmap-3.90.tar.bz2", 0.00Kbyte/sec
> 
> Point is, that with the "0 bytes" missing, this line is not handled by
> the current regexp in the vsftpd script. I had to apply the following,
> to get it work.

Curious how this came right on time (or maybe it's the first time I paid
attention to it, as it's the first time that I didn't have the numerous
FAIL DOWNLOADs in "unmatched entries") but today I got a 0-byte
*successful* download. Very curious, but this is the only unmatched
entry for last day's logs:

 **Unmatched Entries**
 Sat Sep 10 19:08:01 2005 [pid 3056] [ftp] OK DOWNLOAD: Client "82.232.172.167", "/pub/linux/gentoo/distfiles/foomatic-db-3.0-20050909.tar.gz", 0.00Kbyte/sec

I'm guessing that making the "bytes" field optional for all of
{OK,FAIL}{UP,DOWN}LOAD is a good idea. I'm attaching a patch.  I also
believe that the shorter "\d" is easier to read than "[0123456789]", but
you apply that at your leisure. I confirmed that the applied patch
works, by parsing two artificial lines through the patched script:

$ cat <<EOF | perl scripts/services/vsftpd
> Sat Sep 10 19:08:01 2005 [pid 3056] [user1] OK DOWNLOAD: Client "10.0.0.1", "file1", 0.00Kbyte/sec
> Sat Sep 10 19:08:01 2005 [pid 3056] [user2] OK DOWNLOAD: Client "10.0.0.2", "file2", 10240 bytes, 0.00Kbyte/sec
> 
Outgoing FTP Files:
   file1 -> 10.0.0.1 (User: user1)
   file2 -> 10.0.0.2 (User: user2)

TOTAL KB OUT: 10KB (0MB)

-- 
*)   Georgi Georgiev   *) BOFH Excuse #90: Budget cuts                 *)
(*    chutz at gg3.net    (*                                              (*
*)  +81(90)2877-8845   *)                                              *)
-------------- next part --------------
Index: scripts/services/vsftpd
===================================================================
RCS file: /var/cvs/logwatch/scripts/services/vsftpd,v
retrieving revision 1.8
diff -u -r1.8 vsftpd
--- scripts/services/vsftpd	13 Jul 2005 16:07:53 -0000	1.8
+++ scripts/services/vsftpd	10 Sep 2005 16:13:07 -0000
@@ -17,19 +17,19 @@
    } elsif ( ($PID,$User,$IP) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] FAIL LOGIN: Client \"(.*)\"$/ ) ) {
       $Temp = " (" . $IP . "): " . $User . " - ";
       $FailedLogins{$Temp}++;
-   } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] OK UPLOAD: Client \"(.*)\", \"(.*)\", ([0123456789]+) bytes/ ) ) {
+   } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] OK UPLOAD: Client \"(.*)\", \"(.*)\", (?:(\d+) bytes)?/ ) ) {
       $Temp = "   " . $FileName . " <- " . $IP . " (User: " . $User . ")\n";
       $TotalBytesIn+= $FileSize;
       push @UploadedFiles,$Temp;
-   } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] FAIL UPLOAD: Client \"(.*)\", \"(.*)\", ([0123456789]+) bytes/ ) ) {
+   } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] FAIL UPLOAD: Client \"(.*)\", \"(.*)\", (?:(\d+) bytes)?/ ) ) {
       $Temp = "   " . $FileName . " <- " . $IP . " (User: " . $User . ")\n";
       $TotalBytesIn+= $FileSize;
       push @FailedUploadedFiles,$Temp;
-   } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] OK DOWNLOAD: Client \"(.*)\", \"(.*)\", ([0123456789]+) bytes/ ) ) {
+   } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] OK DOWNLOAD: Client \"(.*)\", \"(.*)\", (?:(\d+) bytes)?/ ) ) {
       $Temp = "   " . $FileName . " -> " . $IP . " (User: " . $User . ")\n";
       $TotalBytesOut+= $FileSize;
       push @DownloadedFiles,$Temp;
-   } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] FAIL DOWNLOAD: Client \"(.*)\", \"(.*)\", ([0123456789]+) bytes/ ) ) {
+   } elsif ( ($PID,$User,$IP,$FileName,$FileSize) = ( $ThisLine =~ /\[(.*)\] \[(.*)\] FAIL DOWNLOAD: Client \"(.*)\", \"(.*)\", (?:(\d+) bytes)?/ ) ) {
       $Temp = "   " . $FileName . " -> " . $IP . " (User: " . $User . ")\n";
       $TotalBytesOut+= $FileSize;
       push @FailedDownloadedFiles,$Temp;


More information about the Logwatch-Devel mailing list