Hey Keith I'm afraid your language is just a bit ambiguous -- SFTP, as in FTP over SSH, or FTP, as in ProFTPd or Pure-FTPd? If it's the former, then /var/log/secure will be the right place, but it'll show up as sshd. Here's what a failed login looks like on my CentOS VPS: Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): check pass; user unknown Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= cpe-66-68-110-19.austin.res.rr.com If it's actual FTP, I believe that will be in /var/log/messages or something, depending on how it's configured. On Thu, Jan 19, 2012 at 12:29 PM, keith smith wrote: > > Hi, > > I've setup Iptables so only certain IP addresses can access our shell. It > works well for the handful of us that access the shell. > > We also run SFTP. So the IP for anyone needing FTP must be in the IP > tables as well. > > Today, I'm trying to configure someone remotely. I added their IP address > to the IPTables and helped them configure their FTP Client. They are not > able to connect. It is unclear to me if it is a client or server issue. > So I am looking at the logs. > > I'm running CentOS 5.6 and looking in /var/log/secure . I see no entry > for the failed access attempt. > > Is there another log I should be looking in? > > Thank you for your help! > > ------------------------ > Keith Smith > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >