Date: Wed, 12 Mar 2003 09:04:05 -0800 From: Nathan Kinkade <nkinkade@dsl-only.net> To: Chris P <freebsd@rawfire.torche.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ftp logging question Message-ID: <20030312170405.GC398@sub21-156.member.dsl-only.net> In-Reply-To: <Pine.BSF.4.44.0303120151150.64416-100000@rawfire.torche.com> References: <Pine.BSF.4.44.0303120151150.64416-100000@rawfire.torche.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--NU0Ex4SbNnrxsi6C Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 12, 2003 at 01:55:35AM -0800, Chris P wrote: >=20 > Anyone know how ftp's get logged? I do a last -10 and see a user did a 2 > hour ftp, yet he has no files in his home. So I am curious what he > downloaded/uploaded. Uploading is easy to poke around and look as his > access is limited as to where he can write to. Downloading on the other > hand is an open book. He's a trusted user, but if others poke around w/ > accounts, I'd like to be able to check what they are downloading. Oh, and > nothing shows up in his home dir loggin (.history) I think .history only > shows things when they are actually logged in via telnet/ssh. >=20 > I've poked around /var/logs, and didnt see any ftp logging. Maybe its an > option I missed? Maybe nothing is being logged? Dunno.. a little education > would be appreciated! Thanks! >=20 > C. However you are launching the ftpd, make sure that you start it with the -l or -ll (those are 'ell's) options to add logging. See ftpd(8) manpage for more details. Maybe you are starting ftpd from inetd? If so, make the appropriate line /etc/inetd.conf like: ftp stream tcp nowait root /usr/libexec/ftpd ftpd -ll Then you will need to edit your /etc/syslog.conf file so syslog catches the messages from the ftpd. You can add the following to syslog.conf: ftp.* /var/log/ftpd.log or optionally: !ftpd *.* /var/log/ppp.log Make sure that the log file you specify exists and has appropriate write permissions. Also make sure to restart syslogd with: `killall -HUP syslogd` Incidentally, all of this info is readily available in the ftpd manpage. Next time you should try a more thorough scan of man pages first. :) Nathan --=20 GPG Public Key ID: 0x4250A04C gpg --keyserver pgp.mit.edu --recv-keys 4250A04C http://63.105.21.156/gpg_nkinkade_4250A04C.asc --NU0Ex4SbNnrxsi6C Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+b2iFWZYS9EJQoEwRAgw0AKC/XgxTugk+9g73Q1DE8OkvwUXT7QCghokk ecQBoZxMpXDaZJ5Bltpr64g= =Uh/w -----END PGP SIGNATURE----- --NU0Ex4SbNnrxsi6C-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030312170405.GC398>