On Wed, Mar 12, 2003 at 01:55:35AM -0800, Chris P wrote:
> 
> Anyone know how ftp's get logged?  I do a last -10 and see a user did a 2
> hour ftp, yet he has no files in his home.  So I am curious what he
> downloaded/uploaded.  Uploading is easy to poke around and look as his
> access is limited as to where he can write to.  Downloading on the other
> hand is an open book.  He's a trusted user, but if others poke around w/
> accounts, I'd like to be able to check what they are downloading.  Oh, and
> nothing shows up in his home dir loggin (.history)  I think .history only
> shows things when they are actually logged in via telnet/ssh.
> 
> I've poked around /var/logs, and didnt see any ftp logging.  Maybe its an
> option I missed? Maybe nothing is being logged? Dunno.. a little education
> would be appreciated!  Thanks!
> 
> C.

However you are launching the ftpd, make sure that you start it with the
-l or -ll (those are 'ell's) options to add logging.  See ftpd(8)
manpage for more details.  Maybe you are starting ftpd from inetd?  If
so, make the appropriate line /etc/inetd.conf like:

ftp    stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -ll

Then you will need to edit your /etc/syslog.conf file so syslog catches
the messages from the ftpd.  You can add the following to syslog.conf:

ftp.*              /var/log/ftpd.log

or optionally:

!ftpd
*.*                /var/log/ppp.log

Make sure that the log file you specify exists and has appropriate write
permissions.  Also make sure to restart syslogd with:

`killall -HUP syslogd`

Incidentally, all of this info is readily available in the ftpd manpage.
Next time you should try a more thorough scan of man pages first. :)

Nathan

-- 
GPG Public Key ID: 0x4250A04C
gpg --keyserver pgp.mit.edu --recv-keys 4250A04C
http://63.105.21.156/gpg_nkinkade_4250A04C.asc

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to