Twitter Facebook LinkedIn

Monitor your FTP logins

by on Sep.22, 2010, under Technology

This article describes how to configure an easy way to monitor the logins to your ReadyNAS FTP server. Credits to Jesper for pointing me in all the right directions – thank you! Before we get started: if you haven’t already, download PuTTY.exe from the Internet.

The first step is to create a job on the server that executes once every 15 minutes. This is done by creating a file called /etc/cron.d/backup-ftplog with the content:

0,15,30,45 * * * * root /usr/local/script/ &>/dev/null

Double click PuTTY.exe and enter the internal IP number of the NAS (for instance Log on as root with the same password as admin (netgear1 is default, but you should really change that).

Type cd /etc/cron.d and press enter
Type vi backup-ftplog and press enter
Type (or copy) 0,15,30,45 * * * * root /usr/local/script/ &>/dev/null
(you may want to try hitting the Insert key)
Press ESC and type :wq to write the content to backup-ftplog and quit vi

Next step is to create a new copy of the FTP log under the /tmp folder that is available for some tampering. Create the file /usr/local/script/ (and make it executable) with the following code:

cp /var/log/proftpd.log /tmp/proftpd.log
chmod 644 /tmp/proftpd.log

Still in PuTTY:

Type mkdir /usr/local/script and press enter
Type cd /usr/local/script and press enter
Type vi and press enter
Type #!/bin/bash on the first row (you may want to press the Insert key)
Type cp /var/log/proftpd.log /tmp/proftpd.log on the second row
Type chmod 644 /tmp/proftpd.log on the third row
Press ESC and type :wq to write the content to and quit vi
Type chmod 0755 /usr/local/script/ and press enter

Last, create a php-file (call it for instance ftplog.php) and place it on the Apache server. The file should contain the following code:

  define("LOGON_PATTERN", "/^(.*) nasnetworkname.*USER (.*):.*$/");
  $file = fopen("/tmp/proftpd.log", "r");
  echo "<h3>Recent logons</h3>";
  echo "<ul>";
  $previousDateString = "";
  $previousUSername = "";
  $logonCounter = 0;
  while (!feof($file)) {
    $line = fgets($file);
    if (preg_match(LOGON_PATTERN, $line, $groups)) {
      $dateString = $groups[1];
      $username  = $groups[2];
      if (!isEmpty($previousUsername) && !isEqual($previousUsername,$username)) {
        printLine($previousDateString, $previousUsername, $logonCounter);
        $logonCounter = 0;
      } else {
      $previousDateString = $dateString;
      $previousUsername = $username;
  printLine($previousDateString, $previousUsername, $logonCounter);
  echo "</ul>";
  function isEqual($string1, $string2) {
    return strcmp($string1, $string2) == 0;
  function isEmpty($string) {
    return strcmp($string, "") == 0;
  function printLine($previousDateString, $previousUsername, $logonCounter) {
    echo "<li>";
    echo $previousDateString;
    echo " - ";
    echo $previousUsername;
    echo "(";
    echo $logonCounter + 1;
    echo ")";
    echo "</li>";

Change LOGON_PATTERN to reflect the network name of your ReadyNAS. For security measures you may want to make the ftplog.php inaccessible to external users or name/place it differently (less obvious).

Waiver. Accessing the device via SSH requires the add-on Enable Root SSH Access, which will void or greatly impair the warranty and/or support conditions of the device. The text in this summary has been prepared with uttermost care but is, despite of this, strictly a guide to be used in conjunction with normal and cautious computer practice, including the safe operation of electric equipment. I cannot accept liability for your actions. Work smart! Work safely!


Looking for something?

Google is your friend. All smart people use Google. Use the form below to search the site:

Custom Search

Visit my friends!

A few highly recommended friends...