@mariosipad
I've finished my script, again with help from my mate, Garry.
Code:
#!/bin/bash
# email log entries of COPS users for previous 24 hours
DATE=$(date +%d-%b-%Y)
LOGFILE=/var/log/apache2/other_vhosts_access.log
cd ~/bin
# get logins 200 2183 are username/password logins
# 200 2328 are 'cached' connections
grep -e "200 2183" -e "200 2328" $LOGFILE > cops-log.txt
# Get fields from cops_log to show user logins.
LOGFILE=cops-log.txt
TMPFILE=tmp.$LOGFILE
rm -f $TMPFILE 2> /dev/null
cat $LOGFILE 2> /dev/null | while read LINE
do
IP=$(echo $LINE | cut -f2 -d' ')
USER=$(echo $LINE | cut -f4 -d' ')
DATETIME=$(echo $LINE | cut -f2 -d'[' | cut -f1 -d']')
DATE=$(echo $DATETIME | cut -f1 -d'+')
echo "$DATE $USER $IP" >> $TMPFILE
done
if [[ ! -s $TMPFILE ]]
then
echo "There is no data to report." >> $TMPFILE
fi
cat $TMPFILE | mail -s "Today's COPS users $DATE" me@myemail-addy
rm -f $TMPFILE 2> /dev/null
Once it's been running a while & I'm happy with it, I'll write temp files
out to /tmp
The grep command pulls entries with http status code 200 & return bytes
of either 2183 or 2328. I have no idea what these byte sizes are made up of, only as I've commented in the code.
Any questions...fire away.
Cheers,
TC