HPE Community
Operating System - HP-UX
1752794 Members
6859 Online
108789 Solutions
New Discussion юеВ

Re: ftpd messages in syslog.log

 
SOLVED
Go to solution
BOB BARBA
Contributor

тАО06-11-2002 07:56 AM

тАО06-11-2002 07:56 AM

ftpd messages in syslog.log

We were getting many messages written to out syslog.log file related to ftp. I modified inetd.conf to remove the '-l' option:
i.e.
ftp stream tcp nowait root /usr/lbin/ftpd ftpd

The system was rebooted so presumably the modified inetd.conf file was used. However unwanted messages are still being written to syslog.log:

e.g.
Jun 11 09:21:18 crm ftpd[5583]: tagfax of 192.9.210.150 [192.9.210.150] deleted
/var/spool/lp/request/faxinv/cA4753crm
Jun 11 09:21:18 crm ftpd[5583]: tagfax of 192.9.210.150 [192.9.210.150] deleted
/var/spool/lp/request/faxinv/cA4756crm

There are so many of these generated during the day that it is difficult to spot any errors which may be written to the syslog.log file. Do you have any idea why removing the '-l' option did not stop messages? Do you have any idea how I can resolve this problem?

Many thanks in advance ........ Bob
0 Kudos
Reply
9 REPLIES 9
harry d brown jr
Honored Contributor

тАО06-11-2002 08:01 AM

тАО06-11-2002 08:01 AM

Re: ftpd messages in syslog.log

Bob,

What version of HPux are you running?

What does "ps -ef | grep ftp" return?


live free or die
harry
Live Free or Die
0 Kudos
Reply
harry d brown jr
Honored Contributor

тАО06-11-2002 08:05 AM

тАО06-11-2002 08:05 AM

Re: ftpd messages in syslog.log

Those entries are from "tagfax", not ftp.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Shahul
Esteemed Contributor

тАО06-11-2002 08:08 AM

тАО06-11-2002 08:08 AM

Re: ftpd messages in syslog.log

Hi

Once again please cross check that U have removed -l for the same ftpd which U are using. The please check up any other switches like -v or -L is there or not? Please remove -v and -L, if there...


Best of luck
Shahul
0 Kudos
Reply
harry d brown jr
Honored Contributor

тАО06-11-2002 08:11 AM

тАО06-11-2002 08:11 AM

Re: ftpd messages in syslog.log

Bob,

Sorry about the tagfax comment, I missed the "ftpd" part of the syslog lines.

live free or die
harry
Live Free or Die
0 Kudos
Reply
BOB BARBA
Contributor

тАО06-11-2002 11:59 PM

тАО06-11-2002 11:59 PM

Re: ftpd messages in syslog.log

Harry

Thanks for taking a look at this issue.

Results of ps -ef as requested:

crm-root: ps -ef|grep ftp
root 12489 12442 1 09:02:53 pts/tf 0:00 grep ftp
root 10744 1001 0 08:53:48 ? 0:00 ftpd: 192.9.200.229: appprod: ID
LE
crm-root:

The system is an N4000 running on HP-UX 11.0.

Hope this helps.

Regards ........... Bob
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

тАО06-12-2002 12:08 AM

тАО06-12-2002 12:08 AM

Solution

Re: ftpd messages in syslog.log

Bob

I have also a very busy syslog and need to looka t it without certain info.

So:-


cat /var/adm/syslog/syslog.log | grep -v ftpd


I have a small syslog menu that allows me to select what I whish to extract in my viewing.

I prefer to log as much as possilble to syslog as it it such a good historical tool.


HTH

Paula
If you can spell SysAdmin then you is one - anon
Reply
John Dvorchak
Honored Contributor

тАО06-12-2002 06:18 AM

тАО06-12-2002 06:18 AM

Re: ftpd messages in syslog.log

I would feel uncomfortable not logging any ftp session. I like Paula's idea and that is exactly what I do except in fewer keystrokes:

>grep ftp /var/adm/syslog/syslog.log

If you shut off all logging you will never know who deleted what file, or moved a named file into place etc.
If it has wheels or a skirt, you can't afford it.
Reply
DeAnna Clemans
New Member

тАО06-13-2002 07:14 AM

тАО06-13-2002 07:14 AM

Re: ftpd messages in syslog.log

Bob,

The trick is modifying /etc/syslog.conf. The daemon logging name for HP's FTP is "local5", so a line like the following will work for you:

local5.info;mail.none /var/adm/syslog/ftpd.log

Note that in /etc/syslog.conf, spaces are prohibited. Use tabs as whitespace. After modifying /etc/syslog.conf, stop and restart syslog (/sbin/init.d/syslog stop; /sbin/init.d/syslog start).

You'll want to write something to handle archiving and purging this file. This way, all of your FTP logs go to the FTP log file and the "regular" syslog stuff is left alone. Of course, you will have to put the "-l" option back in /etc/inetd.conf and issue "inetd -c" to reread the config file.

Hope this gets you where you want to be...

Gus
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО06-13-2002 07:18 AM

тАО06-13-2002 07:18 AM

Re: ftpd messages in syslog.log

Hi Bob,

Hmmm...this may be a simple question, but have you bounced the inetd process yet?

/usr/sbin/inetd -c

Any changes won't take affect until you do.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.