- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: getting ftp error in syslog
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2012 05:45 PM
тАО12-27-2012 05:45 PM
getting ftp error in syslog
Hi Team.
I am getting the below ftp error in syslog for a user gtrftp. User gtrftp is doing ftp with in the server
Dec 28 00:01:30 ******* ftpd[1741]: USER gtrftp
Dec 28 00:01:30 ******* ftpd[1741]: PASS password
Dec 28 00:01:30 ******* ftpd[1741]: FTP LOGIN FROM ******.**.com [10.146.136.110], gtrftp
Dec 28 00:01:30 ******* ftpd[1739]: PWD
Dec 28 00:01:30 ******* ftpd[1739]: CWD /usr
Dec 28 00:01:30 ******* ftpd[1739]: CWD tmp
Dec 28 00:01:30 ******* ftpd[1739]: PASV
Dec 28 00:01:30 ******* ftpd[1739]: QUIT
Dec 28 00:01:30 ******* ftpd[1739]: FTP session closed
But for other users i am getting the below logs in the syslog . Here the user oradtg is ftp from another server
Dec 27 23:41:33 ******* ftpd[13597]: USER oradtg
Dec 27 23:41:33 ******* ftpd[13597]: PASS password
Dec 27 23:41:33 ******* ftpd[13597]: FTP LOGIN FROM ******.**.com [199.52.48.163], oradtg
Dec 27 23:41:34 ******* ftpd[13597]: CWD /archive/gtr/F3PR/arch
Dec 27 23:41:34 *******ftpd[13597]: PORT
Dec 27 23:41:34 ******* ftpd[13597]: NLST *stby
Dec 27 23:42:03 ******* ftpd[12429]: FTP session closed
Could you please tell me what is happening when we are using the account gtrftp
Regards
- Tags:
- ftp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2012 08:38 PM
тАО12-27-2012 08:38 PM
Re: getting ftp error in syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2012 08:46 PM
тАО12-27-2012 08:46 PM
Re: getting ftp error in syslog
Hi Steven,
Thanks for the reply.
The problem which i am facing is below
We have one people soft applciation running in the server. There is one function in that applciation which will copy a file from /usr/tmp to another directory of the same server, As per the update from the developers team this file transfer is hapenning using ftp using the account gtrftp . Hence i checked the syslog and got the above logs.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2012 09:29 PM
тАО12-27-2012 09:29 PM
Re: getting ftp error in syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-28-2012 12:00 AM
тАО12-28-2012 12:00 AM
Re: getting ftp error in syslog
I think I've seen a pattern like this before...
In the case of the gtrftp user, the PASV command is preparation for a data transfer of some sort (either to transfer a file, or to transfer a directory listing). PASV means the client is requesting the server to be the "passive" endpoint of a data transfer connection, i.e. the server will respond to the PASV command with an IP address and a dynamically-allocated port number the client should use to establish a second connection for the actual data transfer.
Apparently something goes wrong with the establishment of the data transfer connection (e.g. a firewall rejects the second connection, or a NAT device does not properly convert the PASV response to match the NATted address, so the FTP client will end up connecting to the wrong IP/port). As a result, the non-interactive FTP client just aborts the FTP connection completely.
(The FTP client is obviously scripted/non-interactive: according to the log timestamps, the gtrftp user issued all the commands within a single second.)
To understand what is happening, you'll need to know what happened at the client end after it received the PASV response. The client probably detected some error condition at that point - what was it exactly?
The PORT command used by the oradtg user is another way to prepare a FTP data transfer connection. With the PORT command, the client is requesting the server to be the "active" endpoint of the data transfer connection. In this case, the server opens a connection to the IP+port specified by the client, which is a reversal of the normal roles for most protocols.
(A method called FXP exists, where a single FTP client can command two FTP servers to exchange files with each other directly, without routing the data through the client at all. In this case, the client will establish a FTP login to each server, send a PASV command to one server and forward the IP+port response to the other server using the PORT command. This method can be abused, so some modern FTP servers will not allow it by default.)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-29-2012 12:56 PM
тАО12-29-2012 12:56 PM
Re: getting ftp error in syslog
PASSIVE mode is virtually mandatory these days due to firewalls and NAT for servers behind firewalls. I always recommend PASSIVE as the *first* command after a login.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-29-2012 01:54 PM
тАО12-29-2012 01:54 PM