HPE Community
Operating System - HP-UX
1829737 Members
2131 Online
109992 Solutions
New Discussion

Re: ftp logging per user

 
SOLVED
Go to solution
Atil Volkan Yildirim
Advisor

‎12-03-2002 06:54 AM

‎12-03-2002 06:54 AM

ftp logging per user

hi there,
I need to log all of the users ftp session activities in seperate files (i mean one log file for one session)...

any great ideas?

thx...
it's all a game
0 Kudos
Reply
8 REPLIES 8
Armin Feller
Honored Contributor

‎12-03-2002 06:57 AM

‎12-03-2002 06:57 AM

Re: ftp logging per user

Perhaps following links can help:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x977985079106d71190050090279cd0f9,00.html

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062909947

Regards,
Armin
0 Kudos
Reply
Atil Volkan Yildirim
Advisor

‎12-03-2002 07:06 AM

‎12-03-2002 07:06 AM

Re: ftp logging per user

hmm,
i have ftp debugging and logging enabled at the top level,
so i have a file with all the session activities are logged in...but what about to log in seperate files...
maybe we have to write a script that reads line by line the ftp log and then do some magic,
but is there an easier way?

thx...
it's all a game
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎12-03-2002 09:34 AM

‎12-03-2002 09:34 AM

Re: ftp logging per user

Hello,

Have you specified the -L option for ftpd in inetd.conf?

This won't put it int a special, by-user file, but at least all commands will be logged into syslog.log

Hope this helps

Chris
It wasn't me!!!!
0 Kudos
Reply
Atil Volkan Yildirim
Advisor

‎12-03-2002 11:09 PM

‎12-03-2002 11:09 PM

Re: ftp logging per user

yes my friends,
i have all the ftp activities logged in one file,
but i need to seperate it...
it's all a game
0 Kudos
Reply
kish_1
Valued Contributor

‎12-04-2002 01:17 AM

‎12-04-2002 01:17 AM

Re: ftp logging per user

I am not sure is possible to have seperate file, some expert can give good idea. Otherwise you can grab the syslog and grep to some other file through cronjob.
cat /var/adm/syslog/syslog.log | grep ftpd
share the power of the knowledge
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎12-04-2002 01:26 AM

‎12-04-2002 01:26 AM

Solution

Re: ftp logging per user

Hi,

tcpwrapper comes to mind.

Never tried it in this specific manner but nevertheless, you might want to give it a try.

Hope this helps. Regards.

Steven Sim Kok Leong
Reply
Rory R Hammond
Trusted Contributor

‎12-04-2002 11:33 AM

‎12-04-2002 11:33 AM

Re: ftp logging per user

I am always reluctant to pass along scripts, because everybody may laugh.

The following sample code will do what you want. and works One my ftp server.

Assumptions:
I am using HPUX 11.00
the ftpd is set to log into syslog.log.

#Make a directory to put files And cd there
# you should improve this logic to match your needs
DIR=/tmp/ftp$$
mkdir ${DIR}
cd ${DIR}
# grep ftpd related activity from syslog.
# sort the results so the pids are in order as opposed to timestamp
#Awk out and append users related stuff.
grep -e "ftpd\[" /var/adm/syslog/syslog.log |
sort +17 |
awk ' BEGIN {FS = ","; OFS = ",";}
{
if ( $0 ~ /FTP LOGIN FROM/) { USER=$2
gsub(/ /,"", USER)}
printf("%s\n ",$0) >>USER
} '



There are a 100 ways to do things and 97 of them are right
Reply
Atil Volkan Yildirim
Advisor

‎12-11-2002 02:49 AM

‎12-11-2002 02:49 AM

Re: ftp logging per user

ok experts,
here is what i did:
1) install&compile tcp-wrapper
2) edit inetd.conf:
/ftp/tcp_wrappers_7.6/tcpd /usr/sbin/ftpd [options]...
3) HUP it
4) edit hosts.allow :
# more hosts.allow
ftpd: ALL: (/home/volkan/ftplogger %p) &

5) and here's is the prototype of the code:
me=$$
ftp_proc=$1
tail -1f /var/adm/syslog/syslog.log | while read line;do
echo $line | grep -q $ftp_proc
if [ $? -eq 0 ]
then

echo $line | grep -q 'FTP LOGIN'
if [ $? -eq 0 ]
then
user_name=`echo $line | awk '{print $10}'`
fi

echo $line | grep -Eq 'lost connection|timed out|Goodbye.'
if [ $? -eq 0 ]
then
echo $line >> /home/volkan/tmp/${ftp_proc}.ftplog.tmp
mv /home/volkan/tmp/${ftp_proc}.ftplog.tmp /home/volkan/logs/${user_name:-"unknown"}.${ftp_proc}.ftplog.`date +"%Y-%m-%d"`
kill -9 `ps -ef | grep $me | grep -v grep | grep -v ftplogger | awk '{print $2}'`


exit
else
echo $line >> /home/volkan/tmp/${ftp_proc}.ftplog.tmp
fi
fi

done

6) by the way, this is not an hp-ux box, as i have no
UX test box :(, i need to see it in the production env..


thx all...
any easier ways are welcome...

regards...
it's all a game
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.