logging proftpd question
Presently all my proftpd logging goes to /var/log/messages but it is clogging that file because I have an ftp login every couple of minutes. I want to redirect proftpd logging. I tried putting proftpd:* /var/log/proftpd.log in my /etc/syslog.conf but syslogd complains; syslogd: unknown facility name "proftpd" looking at the man page for proftpd is says; Each successful and failed ftp(1) session is logged using syslog with a facility of LOG_FTP. Note: LOG_FTP messages are not displayed by sys- logd(8) by default, and may have to be enabled in syslogd(8)'s configu- ration file. So I tried; LOG_FTP:* /var/log/proftpd.log still no go. I am unfamiliar with logging. Can someone help me along here? -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: logging proftpd question
On Tue, Feb 22, 2005 at 01:35:25AM -0500, David Banning wrote: > Presently all my proftpd logging goes to /var/log/messages but > it is clogging that file because I have an ftp login every couple of > minutes. I want to redirect proftpd logging. I tried putting > > proftpd:* /var/log/proftpd.log > > in my /etc/syslog.conf > > but syslogd complains; > syslogd: unknown facility name "proftpd" > > looking at the man page for proftpd is says; > > Each successful and failed ftp(1) session is logged using syslog with a > facility of LOG_FTP. Note: LOG_FTP messages are not displayed by sys- > logd(8) by default, and may have to be enabled in syslogd(8)'s configu- > ration file. > > > So I tried; > > LOG_FTP:* /var/log/proftpd.log > > still no go. > > I am unfamiliar with logging. Can someone help me along here? > > -- $ man syslog.conf The facility describes the part of the system generating the message, and is one of the following keywords: auth, authpriv, console, cron, daemon, ftp, kern, lpr, mail, mark, news, ntp, security, syslog, user, uucp and local0 through local7. These keywords (with the exception of mark) cor- respond to similar ``LOG_'' values specified to the openlog(3) and syslog(3) library routines. I believe the syntax you want is ftp.* /var/log/proftpd.log Make sure the logfile exists (and is writable), otherwise I think syslog will complain. - James Cook [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: logging proftpd question
> I believe the syntax you want is > > ftp.* /var/log/proftpd.log > > Make sure the logfile exists (and is writable), > otherwise I think syslog will complain. Thanks, fellow Torontonian, for your reply. I tried your suggestion previous to my posting, with no result. Now, could something in the; I tried your suggestion previous to my posting, with no result. I also did a "touch /var/log/proftpd.log" and "chmod 600 /var/log/proftpd.log" The line; *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages is what is grabbing the messages I want to redirect. (I beleive *.notice) I just wonder if the line I just mention takes the log entry, if another can still take it. Can a log entry only be logged once? Or can you have it go to multiply files? (via multiple syslog.conf entries) It sure would be easier if in the log entry it said "ftp.notice" or some such thing so you -know- how it is being directed. I have tried running syslog with -d and -vv and there seems to be no indication what the facility name that is used. -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: logging proftpd question
On Tue, Feb 22, 2005 at 02:31:03PM -0500, David Banning wrote: > > I believe the syntax you want is > > > > ftp.* /var/log/proftpd.log > > > > Make sure the logfile exists (and is writable), > > otherwise I think syslog will complain. > > Thanks, fellow Torontonian, for your reply. > > I tried your suggestion previous to my posting, with no result. > > Now, could something in the; > > > I tried your suggestion previous to my posting, with no result. I > also did a "touch /var/log/proftpd.log" and "chmod 600 > /var/log/proftpd.log" > > The line; > > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > > is what is grabbing the messages I want to redirect. (I beleive *.notice) > > I just wonder if the line I just mention takes the log entry, if another > can still take it. Can a log entry only be logged once? Or can you have > it go to multiply files? (via multiple syslog.conf entries) I'm pretty sure a log entry can go to as many files as you want. For example, my syslog.conf file currently has *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info/var/log/lpd-errs ftp.info/var/log/xferlog cron.* /var/log/cron *.=debug/var/log/debug.log *.emerg * *.* /var/log/all.log !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log All of my log messages end up in /var/log/all.log, even though they're also put in /var/log/messages. The only thing I can think of is that you might have a program or hostname specification that's messing things up (any line starting with !, #!, + or +!). Anything following such a line will only apply to certain things; for example, the only things that end up in /var/log/ppp.log in my configuration are ppp-related messages (even though the ppp.log line starts with *.*). That's all I can think of, anyway. I never touched my syslog.conf file before a few days ago, so I'm hardly an authority. > > It sure would be easier if in the log entry it said "ftp.notice" or > some such thing so you -know- how it is being directed. > > I have tried running syslog with -d and -vv and there seems to be no > indication what the facility name that is used. > - James Cook [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
