On Wed, Mar 12, 2003 at 01:55:35AM -0800, Chris P wrote: > > Anyone know how ftp's get logged? I do a last -10 and see a user did a 2 > hour ftp, yet he has no files in his home. So I am curious what he > downloaded/uploaded. Uploading is easy to poke around and look as his > access is limited as to where he can write to. Downloading on the other > hand is an open book. He's a trusted user, but if others poke around w/ > accounts, I'd like to be able to check what they are downloading. Oh, and > nothing shows up in his home dir loggin (.history) I think .history only > shows things when they are actually logged in via telnet/ssh. > > I've poked around /var/logs, and didnt see any ftp logging. Maybe its an > option I missed? Maybe nothing is being logged? Dunno.. a little education > would be appreciated! Thanks! > > C.
However you are launching the ftpd, make sure that you start it with the -l or -ll (those are 'ell's) options to add logging. See ftpd(8) manpage for more details. Maybe you are starting ftpd from inetd? If so, make the appropriate line /etc/inetd.conf like: ftp stream tcp nowait root /usr/libexec/ftpd ftpd -ll Then you will need to edit your /etc/syslog.conf file so syslog catches the messages from the ftpd. You can add the following to syslog.conf: ftp.* /var/log/ftpd.log or optionally: !ftpd *.* /var/log/ppp.log Make sure that the log file you specify exists and has appropriate write permissions. Also make sure to restart syslogd with: `killall -HUP syslogd` Incidentally, all of this info is readily available in the ftpd manpage. Next time you should try a more thorough scan of man pages first. :) Nathan -- GPG Public Key ID: 0x4250A04C gpg --keyserver pgp.mit.edu --recv-keys 4250A04C http://63.105.21.156/gpg_nkinkade_4250A04C.asc
pgp00000.pgp
Description: PGP signature