From owner-freebsd-questions@FreeBSD.ORG Sun Aug 24 22:19:36 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2509106564A for ; Sun, 24 Aug 2008 22:19:36 +0000 (UTC) (envelope-from LConrad@Go2France.com) Received: from mgw1.MEIway.com (mgw1.meiway.com [81.255.84.75]) by mx1.freebsd.org (Postfix) with ESMTP id 8A2378FC19 for ; Sun, 24 Aug 2008 22:19:36 +0000 (UTC) (envelope-from LConrad@Go2France.com) Received: from VirusGate.MEIway.com (virusgate.meiway.com [81.255.84.76]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id DC26F471C65; Mon, 25 Aug 2008 00:19:38 +0200 (CEST) Received: from localhost (localhost.MEIWay.com [127.0.0.1]) by VirusGate.MEIway.com (Postfix) with SMTP id 8AE6F3869A6; Mon, 25 Aug 2008 00:19:39 +0200 (CEST) (envelope-from LConrad@Go2France.com) X-AV-Checked: Mon Aug 25 00:19:39 2008 virusgate.meiway.com Received: from mail.Go2France.com (ms1.meiway.com [81.255.84.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id 57C0A38691D; Mon, 25 Aug 2008 00:19:39 +0200 (CEST) (envelope-from LConrad@Go2France.com) Received: from TX2.Go2France.com [66.90.247.9] by mail.Go2France.com with ESMTP (SMTPD32-7.07) id AC997A5A00E0; Mon, 25 Aug 2008 00:11:37 +0200 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sun, 24 Aug 2008 17:18:55 -0500 To: freebsd-questions@freebsd.org From: Len Conrad In-Reply-To: <20080824234412.c4356260.freebsd@edvax.de> References: <200808242325843.SM01744@TX2.Go2France.com> <20080824234412.c4356260.freebsd@edvax.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <200808250011937.SM01744@TX2.Go2France.com> Subject: Re: ftpd and sshd logging of domain names X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2008 22:19:36 -0000 >At least for ftpd I think there is a solution: > >1. Edit /etc/inetd.conf > > ftp stream tcp nowait root /usr/libexec/ftpd > ftpd -ll > ftp stream tcp6 nowait root /usr/libexec/ftpd > ftpd -ll with -ll, ftpd still logs failures as auth.log as Aug 24 17:05:30 mx1 ftpd[1625]: FTP LOGIN FAILED FROM domain.tld, user > The flags -ll enable extended logging. > >2. Edit /etc/syslog.conf: > > !ftpd > *.* /var/log/ftpd.log > >3. Create the log file > > # touch /var/log/ftpd.log same in ftpd.log >The IPs are being logged in the log file. they are not logged. > I'm sure SSH >allows something similar. If I remember correctly, this >has recently been discussed at this list, maybe the archive >brings up some helping informations for you. thanks, I'll look. like everybody else, we are getting hammered by brute force attacks. thanks Len