HPE Community
Operating System - HP-UX
1833514 Members
3359 Online
110061 Solutions
New Discussion

Re: FTP activity

 
SOLVED
Go to solution
Nobody's Hero
Valued Contributor

‎06-03-2003 05:59 AM

‎06-03-2003 05:59 AM

FTP activity

I want to track all FTP activity on one of my Nclass systems running 11.0. I don't want to use an auditing tool like IDS or anything. I just want to see who is ftp'ing in and out. Is there a file other than syslog to get some info on this?

10x
RPM
UNIX IS GOOD
0 Kudos
Reply
6 REPLIES 6
Michael Steele_2
Honored Contributor

‎06-03-2003 06:04 AM

‎06-03-2003 06:04 AM

Re: FTP activity

Toggle off with inetd -l and review syslog.log
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Mark Greene_1
Honored Contributor

‎06-03-2003 06:04 AM

‎06-03-2003 06:04 AM

Re: FTP activity

Add the -l option to the ftpd line in the /etc/inetd.conf file. This will log ftp connections in the syslog. See the man page for ftpd for more detail.

You can add a daemon line to the syslog.conf file to seperate daemon generated messages from the syslog to a seperate file, but I don't think you can segragate the ftp messages.

HTH
mark
the future will be a lot like now, only later
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎06-03-2003 06:05 AM

‎06-03-2003 06:05 AM

Re: FTP activity

You're in luck because on 11.0 and higher if you check the ftpd daemon.
# man ftpd
.. you should see there is an additional option "-l" , apart from the usual "-v" option. What you can do is include these 2 options in you /etc/inetd.conf file for ftpd service and re-read inetd.conf and you should be getting a more detail ftp logging in syslog.log.
0 Kudos
Reply
Massimo Bianchi
Honored Contributor

‎06-03-2003 06:05 AM

‎06-03-2003 06:05 AM

Re: FTP activity

Isn't syslog enough ?

You can turn tracing on in the /etc/inet.conf at the ftp line. With loggiin enabled, you see: who is in, what is getting, what is deleting and so on...

See man ftpd for details


Otherwise tools like IDS can be used, or you can create an ad hoc account and monitor each connection.


HTH,
Massimo


0 Kudos
Reply
S.K. Chan
Honored Contributor

‎06-03-2003 06:08 AM

‎06-03-2003 06:08 AM

Re: FTP activity

My apology .. it seems 10.20 has the "-v" option too. So just include "-l" and "-v" the in ftpd line.
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎06-03-2003 06:14 AM

‎06-03-2003 06:14 AM

Solution

Re: FTP activity

If you use the ftpaccess file (man ftpaccess) you can include command and file transfer logging, in addition to login and logout of ftp users.

File transfers are logged in /var/adm/syslog/xferlog; the remaining records are logged through syslog (with the tag ftpd).
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.