HPE Community
Operating System - HP-UX
1825775 Members
1974 Online
109687 Solutions
New Discussion

Better ftp logging

 
SOLVED
Go to solution
Anil
Advisor

‎01-07-2008 01:21 AM

‎01-07-2008 01:21 AM

Better ftp logging

Wishing all Happy New Year.

How do we configure ftp to log source IP details for the failed attempts. Need to log the source IP details for every successful/failed login in syslog. Currently inetd.conf is having "ftpd -l" and is logging source IP details for successful ftp attempts, but not for failed attempts.

Jan 6 18:00:01 venus ftpd[10264]: User test: Login incorrect
Jan 6 18:00:01 venus ftpd[10264]: FTP session closed


Please help.

Thanks in advance,
Anil
0 Kudos
3 REPLIES 3
Steven E. Protter
Exalted Contributor

‎01-07-2008 01:47 AM

‎01-07-2008 01:47 AM

Solution

Re: Better ftp logging

Shalom Anil,

HP-UX uses by default ws-ftpd, which has only very basic logging.

If you have run inetd -l then your logging is as good as its going to get.

proftpd is an alternative to ws-ftpd, which is available in the Internet Express depot from http://software.hp.com

There are better logging options with that product.

However the question may be asked, why use ftp at all? Openssh(Secure Shell) is a much more secure product with data stream and authentication being encrypted.

There are plenty of logging options in sshd_config which may meet your needs.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
VK2COT
Honored Contributor

‎01-07-2008 02:03 AM

‎01-07-2008 02:03 AM

Re: Better ftp logging

Hello Anil,

Thanks for the nice wishes to all users of the Forum.

You did not specify which version of
HP-UX you run, but I will make a guess :)

a) If you want to stay with the default
version of ftpd (that comes with HP-UX),
simply add xferlog logging (flags "-i" and
"-o") to ftpd in /etc/inetd.conf.

In the following example, the
/etc/inetd.conf entry logs both incoming
and outgoing FTP file transfers:

ftp stream tcp nowait root /usr/lbin/ftpd
ftpd -a -l -d -i -o

In addition, as a good practice, make sure
to enable logging for inetd too. Because
ftpd runs through inetd, simply add
logging flag to inetd ("-l").

b) A much better alternative would be
to migrate to more powerful, configurable,
and faster FTP daemon like
ProFTPD (or VsFTP).

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Anil
Advisor

‎01-08-2008 03:28 AM

‎01-08-2008 03:28 AM

Re: Better ftp logging

I have enabled the inetd logging and is working. Thanks all for the help

-Anil
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.