HPE Community
Operating System - HP-UX
1826169 Members
2839 Online
109691 Solutions
New Discussion

inetdand ftpd logs pollute my syslog

 
marc seguin
Regular Advisor

‎10-15-2002 02:55 AM

‎10-15-2002 02:55 AM

inetdand ftpd logs pollute my syslog

Hello,

I have ftp connections every five minutes on a server and 2 messages are added in syslog.log every time :
Oct 15 12:23:45 hawking telnetd[7136]: getpid : peer died: Error 0
Oct 15 12:23:45 hawking ftpd[7137]: connection from admin2 at Tue Oct 15 12:23:45 2002

How can I redirect to another file these messages which pollute my syslog.log, in order to keep interesting messages ?

Thanks
0 Kudos
Reply
8 REPLIES 8
Stefan Farrelly
Honored Contributor

‎10-15-2002 03:09 AM

‎10-15-2002 03:09 AM

Re: inetdand ftpd logs pollute my syslog


You can stop the ftp messages going to syslog one of 2 ways;

1. Remove the -L option form /etc/inetd.conf on the ftpd line.
2. In /etc/syslog.conf change;
*.info;mail.none /var/adm/syslog/syslog.log
To
*.info;mail.none;ftpd.none /var/adm/syslog/syslog.log

Then restart syslog.

But I dont think you can redirect ftp log messages to somewhere else apart from syslog. According to the manpage for ftpd they can only be logged to syslog and ive tried modifying the /etc/syslog.conf file to redirect ftp messages to a different log but it doesnt work - fptd must be writing direct to syslog.log itself (not via syslog daemon) so youre out of luck on redirecting im afraid.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎10-15-2002 03:30 AM

‎10-15-2002 03:30 AM

Re: inetdand ftpd logs pollute my syslog

Hi

This entry:-

Oct 15 12:23:45 hawking telnetd[7136]: getpid : peer died: Error 0

is not from an ftp but from a telnet connection being dropped as oposed to closed.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎10-15-2002 03:51 AM

‎10-15-2002 03:51 AM

Re: inetdand ftpd logs pollute my syslog

Soorty I have reread your question.

As has been said a redirect is not possible but !!!

Cron a job to do :-

cat /var/adm/syslog/syslog.log | grep ftpd > /var/adm/syslog/sys_ftp.log
cat /avar/adm/syslog/syslog.log | grep -v ftpd > /var/adm/syslog/syslog.clean
cp /var/adm/syslog/syslog.log /var/adm/syslog.bak
mv /var/adm/syslog/syslog.clean /var/adm/syslog/syslog.log

Or you could keep this as a script and run it as and when.


HTH
Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎10-15-2002 03:51 AM

‎10-15-2002 03:51 AM

Re: inetdand ftpd logs pollute my syslog

With out the Typos


Sorry I have reread your question.

As has been said a redirect is not possible but !!!

Cron a job to do :-

cat /var/adm/syslog/syslog.log | grep ftpd > /var/adm/syslog/sys_ftp.log

cat /var/adm/syslog/syslog.log | grep -v ftpd > /var/adm/syslog/syslog.clean
cp /var/adm/syslog/syslog.log /var/adm/syslog.bak

mv /var/adm/syslog/syslog.clean /var/adm/syslog/syslog.log

Or you could keep this as a script and run it as and when.


HTH
Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎10-15-2002 04:38 AM

‎10-15-2002 04:38 AM

Re: inetdand ftpd logs pollute my syslog

Marc

Also see:-


http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x4765c1c4ceddd61190050090279cd0f9,00.html

And pay attention to Darrell's post.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
marc seguin
Regular Advisor

‎10-15-2002 05:19 AM

‎10-15-2002 05:19 AM

Re: inetdand ftpd logs pollute my syslog

Yes, it looks as is not possible.

The entry ftpd.* is not accepted in syslog.conf (I checked it with syslogd -d)

ftp logs are logs among all daemon logs.
And it's a "All or nothing" choice !

So I just wrote a script to clean logs when needed :

if [[ -n "$1" && -r "$1" ]]; then
SYSLOG=$1
else
SYSLOG=/var/adm/syslog/syslog.log
fi

cat $SYSLOG | grep -v -e "hawking telnetd\[[0-9]*\]: getpid : peer died: Error 0$" -e "hawking ftpd\[[0-9]*\]: connection from admin2 at"

Thanks for your help understanding the syslog.conf file.
0 Kudos
Reply
Jordan Bean
Honored Contributor

‎10-15-2002 08:59 AM

‎10-15-2002 08:59 AM

Re: inetdand ftpd logs pollute my syslog


ftpd logs to LOCAL5. Redirect that to another file.

inetd logs to DAEMON. I'm not sure to where telnetd sends its logs.

0 Kudos
Reply
marc seguin
Regular Advisor

‎10-16-2002 01:45 AM

‎10-16-2002 01:45 AM

Re: inetdand ftpd logs pollute my syslog

local5 redirection doesn't include ftpd messages on my system (HP-UX 10.20).
Perhaps it is valid for HP-UX 11...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.