HPE Community
Operating System - HP-UX
1825759 Members
2169 Online
109687 Solutions
New Discussion

Re: logging ftp session information

 
Khashru
Valued Contributor

‎11-16-2006 09:58 AM

‎11-16-2006 09:58 AM

logging ftp session information

I want to enable details ftp login in my hpus 11i server. I need ip of the machine who is doing the ftp.
0 Kudos
Reply
10 REPLIES 10
Khashru
Valued Contributor

‎11-16-2006 10:16 AM

‎11-16-2006 10:16 AM

Re: logging ftp session information

I have added -lv in inetd.conf. but it is only giving me ip address when a ftp session is ok. I need to find out Ip address for unsuccessful login.
0 Kudos
Reply
rariasn
Honored Contributor

‎11-16-2006 10:23 PM

‎11-16-2006 10:23 PM

Re: logging ftp session information

Hi Khashru,

Modify /etc/inetd.conf file:

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l -i -o -u002

# inetd -c

# man ftpd

# more /var/adm/syslog/xferlog

rgs,

0 Kudos
Reply
rariasn
Honored Contributor

‎11-16-2006 10:34 PM

‎11-16-2006 10:34 PM

Re: logging ftp session information

Sorry,

and

# grep ftp /var/adm/syslog/syslog.log

rgs,
0 Kudos
Reply
Khashru
Valued Contributor

‎11-19-2006 09:11 AM

‎11-19-2006 09:11 AM

Re: logging ftp session information

That will give me information about successful login. I need Ip address if a login fails.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎11-19-2006 10:55 AM

‎11-19-2006 10:55 AM

Re: logging ftp session information

ftpd does not 'login' so there is no record of failed attempts to gain access. ftpd uses PAM to authenticate but there is no login process run.


Bill Hassell, sysadmin
0 Kudos
Reply
Khashru
Valued Contributor

‎11-19-2006 11:07 AM

‎11-19-2006 11:07 AM

Re: logging ftp session information

I am getting message in syslog that someone is using one user name to do a ftp and rejected. I need to find out from which machine it is happening.
0 Kudos
Reply
Vasu Viswanadha
Advisor

‎11-19-2006 06:31 PM

‎11-19-2006 06:31 PM

Re: logging ftp session information



Hi,

Normally FTP logs IP addresses on the syslog. Can you pls post the syslog o/p ?

They read some thing like this

[IP Addrss ] username .....




BR

Vasu
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎11-20-2006 01:15 AM

‎11-20-2006 01:15 AM

Re: logging ftp session information

I have ftp configured in /etc/inetd.conf with just the -a option and if a user fails to login correctly, the following message is recorded for each failed attempt:

...mycpu ftpd[18496]: REPEATED LOGIN FAILURES FROM some-domain-or-IP

Be sure that your /etc/ftp/ftpaccess file has configured logging:

loginfails 2
log commands real
log transfers anonymous,real inbound,outbound


Bill Hassell, sysadmin
0 Kudos
Reply
Alpha977
Valued Contributor

‎12-07-2006 04:37 AM

‎12-07-2006 04:37 AM

Re: logging ftp session information

Hello!

I usually use the packet sniffer (like ethereal) and follow the TCP stream of the ftp packets.
Is good for software debug.

regards
0 Kudos
Reply
wien lam
Advisor

‎12-28-2006 07:03 AM

‎12-28-2006 07:03 AM

Re: logging ftp session information

not sure about hpus, but on solaris10 my failed attempts show as

dmesg
Dec 28 20:47:13 host01 ftpd[8485]: [ID 265846 daemon.notice] repeated login failures from 172.20.1.2 [172.20.1.2]

or for that days logs
more /var/adm/messages
Dec 28 20:47:13 host01 ftpd[8485]: [ID 265846 daemon.notice] repeated login fail
ures from 172.20.1.2 [172.20.1.2]

you should be able to grep search them

Hope this answers your question, thanks
Wien lam
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.