#!/bin/bash # Path to the log file LOG_FILE="/var/log/proftpd/proftpd.log" # Declare an associative array to store user login info (PID -> User) declare -A user_sessions # List of specific users to monitor MONITORED_USERS=("node23" "node99") # Action to be performed when the session is closed perform_action() { local user="$1" case "$user" in "node23") inbox="/home/ubuntu/fido/filebox/micronet_z618n400n23p1/in" ;; "node99") inbox="/home/ubuntu/fido/filebox/micronet_z618n400n99/in" ;; esac [ ! -z "$(ls "${inbox}")" ] && mv -n ${inbox}/*.* /home/ubuntu/fido/inbound && /home/ubuntu/fido/mailin.sh } # Function to check if a user is in the monitored list is_monitored_user() { local user="$1" for monitored_user in "${MONITORED_USERS[@]}"; do if [[ "$user" == "$monitored_user" ]]; then return 0 # User is in the list fi done return 1 # User is not in the list } # Monitor the log file tail -F "$LOG_FILE" | while read -r line; do # Check for successful login lines (USER : Login successful) if [[ "$line" =~ USER\ ([a-zA-Z0-9]+):\ Login\ successful\. ]]; then user="${BASH_REMATCH[1]}" # Extract the username # Extract PID from the first set of square brackets [] pid=$(echo "$line" | awk -F'[][]' '{print $2}') # Only monitor specific users if is_monitored_user "$user"; then # Store the user and PID in the associative array user_sessions["$pid"]="$user" fi fi # Check for FTP session closed (FTP session closed with PID in the first set of []) if [[ "$line" =~ \[([0-9]+)\].*FTP\ session\ closed\. ]]; then pid="${BASH_REMATCH[1]}" # Extract the process ID (PID) # Check if this PID exists in the user_sessions array if [[ -n "${user_sessions[$pid]}" ]]; then user="${user_sessions[$pid]}" # Only perform action for monitored users if is_monitored_user "$user"; then perform_action "$user" # Perform action for the associated user fi unset user_sessions["$pid"] # Remove the entry after the action fi fi done