Quick 'n dirty way to monitor your FTP server access:
$ cat <<'EOF' > /root/pure-ftpd-monitor.sh
#!/bin/bash
to='user@domain.com'
log='/var/log/messages'
here=$(hostname)
tail -f $log | while read -r line
do
# sample log - "May 16 13:01:52 box pure-ftpd: (?@300.124.39.218) [INFO] jimmy is now logged in"
match=$(echo $line | grep 'is now logged in' | grep -v '127.0.0.1')
if [ "$match" != "" ]
then
Date=$(echo $line | awk '{print $1" "$2" "$3}')
IP=$(echo $line | awk '{print $6}')
User=$(echo $line | awk '{print $8}')
echo "$Date - $IP / $User" | mail -s "$here - FTP Login" $to
fi
done
EOF
$ chmod +x pure-ftpd-monitor.sh
$ echo '/root/pure-ftpd-monitor.sh' >> /etc/rc.local
$ /root/pure-ftpd-monitor.sh &