Filtering Debian SFTP logs with single digit date
I recently ran into a problem when Filtering Debian SFTP logs with single digit date . The issue is that when the date is 2 digits like Apr 10 then my script would work fine, however when its less than 10 then it would not be able to grep properly because the format of the date was incorrect form the logs. From here I have 2 options, either change the formatting of the logging that could have an adverse affect on other monitoring components OR to just change the method used when grepping for yesterdays date. I chose the latter since it won’t affect anything else other than my script.
Originally I was trying to filter like this.
# echo "$(date -d "yesterday" '+%b %d')"
Apr 01
But you can see that the date comes back as 2 digits, but the log file at /var/log/auth.log is configured by default to only use a single digit.
The workaround took a while to find, but is a simple modification. Looking at the sample below will show that the output is now correct and can be used within my scripts to filter for yesterday.
# echo "$(date -d "yesterday" '+%b %Oe')"
Apr 1
The script I wrote requir
es a text file listed below that contains the body of the email and sends the log file as an attachment for easier viewing.
/Reports/Daily/sftp/body.txt
The final script ends up looking like this:
#!/bin/bash
#######################################################################################################
# Script: /Scripts/DailySFTP_Logs.sh
# Author: 1337Admin.org
# Created: 4-1-2019
# Version History:1
# Modified By:
# Modified last: 4-1-2019
# Description: Sends an email with sftp logs
# Usage: Run via CRON
# Frequency: Every day at X:00AM
# prerequisites: None
# Nested Scripts (P)arent or (C)hild + sequential script number (e.g. P1 or C2)
# Script: P1
# Parent Script: N/A
#######################################################################################################
# Creates log file of just sftp traffic
cat /var/log/auth.log.1 | grep sftp | uniq | grep "$(date -d "yesterday" "+%b %d")" > /Reports/Daily/sftp/sftp-log.txt
cat /var/log/auth.log | grep sftp | uniq | grep "$(date -d "yesterday" "+%b %d")" >> /Reports/Daily/sftp/sftp-log.txt
cat /var/log/auth.log.1 | grep sftp | uniq | grep "$(date -d "yesterday" "+%b %Oe")" >> /Reports/Daily/sftp/sftp-log.txt
cat /var/log/auth.log | grep sftp | uniq | grep "$(date -d "yesterday" "+%b %Oe")" >> /Reports/Daily/sftp/sftp-log.txt
# Emails the log file as an attachment
s-nail -r "Sender Name <Sender@domain.com>" -s "Email Subject SFTP logs $(date +"%m/%d/%Y %r")" -S smtp="domain.com:587" -S smtp-use-starttls -S smtp-auth=login -S smtp-auth-user="Sender@domain.com" -S smtp-auth-password='PasswordHere' -S ssl-verify=ignore -S nss-config-dir="/etc/pki/nssdb/" -a /Reports/Daily/sftp/sftp-log.txt "recipient1@Domain.com" "recipient2@Domain.com" < /Reports/Daily/sftp/body.txt
Then just edit as needed for the sender and recipient(s), and server information and schedule via cron.