HPE Community
Operating System - HP-UX
1756214 Members
2603 Online
108843 Solutions
New Discussion юеВ

Re: FTP logging file is /var/adm/syslog/ftp.log

 
SOLVED
Go to solution
Delecole
Frequent Advisor

тАО10-02-2006 01:31 AM

тАО10-02-2006 01:31 AM

Re: FTP logging file is /var/adm/syslog/ftp.log

thanks Ivan.

I've made the changed according to your advise, but still the FTP messages are sent to the syslog.log file ...
Not sure I have to restart syslog-ng some way ?

----------

options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};

source s_sys { pipe("/dev/log" pad_size(2048)); unix-dgram("/dev/log.un"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/adm/syslog/syslog.log"); };
destination d_mail { file("/var/adm/syslog/mail.log"); };
destination d_mlrt { usertty("root"); };
destination d_mlal { usertty("*"); };
destination ftpd { file("/var/adm/syslog/ftp.log"); };

destination tnm { udp("127.0.0.1" port(32145)); };

filter f_filter1 { facility(mail) and level(debug); };
filter f_filter3 { level(alert); };
filter f_filter4 { level(emerg); };
filter f_ftpd { facility(local5); };

log { source(s_sys); filter(f_filter1); destination(d_mail); };

log { source(s_sys); destination(d_mesg); };

log { source(s_sys); filter(f_filter3); destination(d_cons);
destination(d_mlrt); };
log { source(s_sys); filter(f_filter4); destination(d_mlal); };

log { source(s_sys); destination(tnm); };

log { source(src); filter(f_ftpd); destination(ftpd); };
0 Kudos
Reply
Ivan Krastev
Honored Contributor

тАО10-02-2006 01:40 AM

тАО10-02-2006 01:40 AM

Re: FTP logging file is /var/adm/syslog/ftp.log

Of course after do changes in syslog-ng.conf - reload service.

ivan
Reply
Delecole
Frequent Advisor

тАО10-02-2006 01:44 AM

тАО10-02-2006 01:44 AM

Re: FTP logging file is /var/adm/syslog/ftp.log

thanks for confirming this - and sorry for the stupid question, but do you know how to restart this "service" ?

Many Thanks !!
0 Kudos
Reply
Ivan Krastev
Honored Contributor

тАО10-02-2006 01:48 AM

тАО10-02-2006 01:48 AM

Re: FTP logging file is /var/adm/syslog/ftp.log

Hi again,

/sbin/init.d/syslog-ng stop
/sbin/init.d/syslog-ng start



0 Kudos
Reply
Delecole
Frequent Advisor

тАО10-02-2006 02:06 AM

тАО10-02-2006 02:06 AM

Re: FTP logging file is /var/adm/syslog/ftp.log

the syslog-ng files you specified are not on my system.

so I did the following, but it returned an error concerning the "src" :

root_nfm036# pwd
/sbin/init.d
root_nfm036# ./syslogng stop
root_nfm036# ./syslogng start
Changing permissions on special file /dev/log
unresolved reference: src
Error initializing configuration, exiting.
EXIT CODE: 1

?

0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО10-02-2006 08:44 AM

тАО10-02-2006 08:44 AM

Re: FTP logging file is /var/adm/syslog/ftp.log

Sorry to take so long to get back to you. syslog-ng does not exist on your system. It is freeware and not supplied on standard HP-UX. Someone (with root login) has removed your /etc/syslog.conf file as it is standard with all versions of HP-UX. To restore the standard file, do this:

cp /usr/newconfig/etc/syslog.conf /etc/syslog.conf

Then edit that file and make these two changes:

Insert the line:
local5.info /var/adm/syslog/ftp.log

and change the line with syslog.log on it to read:

*.info;mail.none;local5.none /var/adm/syslog/syslog.log

Note: The separation between the facility.level entry and the full pathname must be a TAB, not spaces.

Once the /etc/syslog.conf has been edited, tell syslogd to reread the config file:

kill -HUP $(cat /etc/syslog.pid)

Verify that syslog reqad the file with:

tail /var/adm/syslog/syslog.log

You'll see the syslogd restart message. Now try your ftp commands.


Bill Hassell, sysadmin
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО10-02-2006 08:51 AM

тАО10-02-2006 08:51 AM

Re: FTP logging file is /var/adm/syslog/ftp.log

Oops, I misread the author of the syslog-ng information. Someone has indeed loaded syslog-ng on your system. That changes everything and explains why syslog.conf is gone. You'll have to read the syslog-ng documentation to get all this to work.


Bill Hassell, sysadmin
0 Kudos
Reply
Ivan Krastev
Honored Contributor

тАО10-02-2006 09:48 AM

тАО10-02-2006 09:48 AM

Solution

Re: FTP logging file is /var/adm/syslog/ftp.log

Here's example :

#new log file
destination ftpd { file("/var/adm/syslog/ftp.log"); };

#filter1
filter f_ftpd { facility(local5); };

#filter2
filter f_ftpd { program("ftpd"); };

#log
log { source(s_sys); filter(f_ftpd); destination(ftpd); };


You can use filter1 or filter2. After changing config file reload syslog-ng service.

regards,
ivan
Reply
Delecole
Frequent Advisor

тАО10-02-2006 07:18 PM

тАО10-02-2006 07:18 PM

Re: FTP logging file is /var/adm/syslog/ftp.log

Bill,
Many thanks for the clarification ... I installed HP-UX myself (11.i), and I'm sure nobody touched the syslog.conf (I have the exact same syslog-ng file on all my machines in my lab.)

Ivan,
You got a 10 points ;-)
I have added the following lines, and restarted the daemon without error this time.

destination ftpd { file("/var/adm/syslog/ftp.log"); };
---
filter f_ftpd { facility(local5); };
filter f_ftpd { program("ftpd"); };
---
log { source(s_sys); filter(f_ftpd); destination(ftpd); };


I have now 2 questions to close the thread :
- I see the event coming in the ftp/log, but they are still duplicated in the syslog.log - Why is it so, and may I just send the events to ftp.log ?
- What Am I exactly doing with the estination, filter and log ??
I do not really understand the lines I've added.

Many Thanks !
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.