logging ftp downloads.

Craig White plug-discuss@lists.PLUG.phoenix.az.us
Sun, 12 Aug 2001 07:35:48 -0700 

> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of John
> (EBo) David
> Sent: Saturday, August 11, 2001 10:54 PM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: logging ftp downloads.
>
> > Both installed? try rpm -qa|grep ftp to see what you've got installed
>
> yegads and little fishes.  probably more than I'll ever need/use.  That
> is one disadvantage of SuSE.  It is typically top heavy.  so I guess
> that is a possible vote for slackware (which I've heard is light
> weight)...
>
>   gftp-2.0.7b-37
>   kberoftp-1.0.0pre2-267
>   ftpd-0.3.2-18
>   lukemftp-1.5-5
>   ftpdir-2001.1.15-0
>   ncftp-3.0.2-5
>   proftpd-1.2.0rc2-44
>   tftp-0.14-19
>   iglooftp-0.6.1-179
>   xftp-2.1.0-170
>   xmftp-1.0.4-283
---
most of these are clients - gotta love SUSE if you have a large hard drive
;-)

well, it appears that what you are using is the ftpd-0.3.2-18 which is not
something that I am familiar with but apparently proftpd is installed, you
could possibly stop the ftpd and start the proftpd if you wanted.
---
> > Redhat logs all transfers - /var/log/xferlog
>
> that is what I would expect, but there is not transfer logging info.
> That is what I am trying to turn on.
---
this is typical of wu-ftpd but that is not what you've got installed
---
>
> thanks,  and I did read the ftpd man pages.  ftpd supposidly will log
> transfers to /var/log/ftpd if you give ftpd the "-S" switch on startup.
> The problem is that I'm not sure where on the SuSE side to set the ftpd
> command line swithces...
>
> Ok... color me more befuddled...  First I was looking for
> /var/log/xferlog, then rereading the ftpd man pages I find that it is in
> /var/log/ftpd (if I am reading correctly).  There are so many different
> log file that are specific to each ftp daemon that I've lost track...
> but ohwell I got it to basically work.
>
-------
I would expect that you can add the switches to inetd.conf or you can stop
the service and launch it from the command line with any switches that you
want and lastly, if you have the command line figured out - you can add it
to the bottom of your rc.local file.
-------
> I do have a further question though.  In the ftpd man page I find:
>
>      -l      Each successful and failed ftp(1) session is logged using
> syslog
>              with a facility of LOG_FTP.  If this option is specified
> twice,
>              the retrieve (get), store (put), append, delete, make
> directory,
>              remove directory and rename operations and their filename
> argu­
>              ments are also logged.
>
> I've search all over and cannot figure out if LOG_FTP is supposed to be
> an environmental variable, or what and I have been unable to turn on
> logging for all users (like xferlog), or do you intrepret this to be
> only anonymous users?  Or is it possible that I should use wu-ftp or
> proftp instead?
>
-----
probably should try to use proftpd since it's already installed and I do see
a fair amount of users recommending it. I am wondering if the ftpd that you
have installed is actually the anonymous ftpd. Are there /bin, /etc, /lib
subdirectories in the ftp tree (they would indicate anonymous ftp since an
anonymous ftp user should be chrooted at the ftp directory, have 111 access
to these three local subdirectories and 644 or 655 access in the /pub
directory.

I know with wu-ftpd, you can log just xfers or all commands and I have to
believe proftpd can do much the same.

Craig