HPE Community
Operating System - HP-UX
1832202 Members
2701 Online
110039 Solutions
New Discussion

redirecting ftp to ftplog

 
SOLVED
Go to solution
Tony Leahy
Occasional Advisor

‎03-22-2005 11:28 PM

‎03-22-2005 11:28 PM

redirecting ftp to ftplog

Hi,
I have read a lot of the threads on this but
it is still not redirecting ftp to my specified file

Here is my /etc/syslog.conf ::>

mail.debug /var/adm/syslog/mail.log
*.info;mail.none,local5.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
*.debug /var/adm/syslog/debug.log
local5.info /var/adm/syslog/ftp.log

(everything is seperated by tabs)

I stopped and started the syslogd

... my syslog.log is still showing

Mar 23 12:23:52 (localhost) telnetd[15575]: allowed connection from dd1.ar.com
Mar 23 12:25:45 (localhost) ftpd[19839]: allowed connection from dd2.ar.com
Mar 23 12:27:55 (localhost) ftpd[21790]: allowed connection from dd3.ar.com

my inetd.conf has >>
ftp stream tcp nowait root /usr/lbin/tcpd /usr/lbin/ftpd ftpd -l

any ideas ?

Tony.

0 Kudos
Reply
8 REPLIES 8
harry d brown jr
Honored Contributor

‎03-23-2005 12:08 AM

‎03-23-2005 12:08 AM

Re: redirecting ftp to ftplog

read:
http://docs.hp.com/en/B2355-90685/ch02s05.html
http://docs.hp.com/en/B2355-90685/ch02s09.html

live free or die
harry d brown jr
Live Free or Die
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎03-23-2005 01:23 AM

‎03-23-2005 01:23 AM

Solution

Re: redirecting ftp to ftplog

Try it like this:


local5.info;mail.none /var/adm/syslog/ftpd.log
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
*.debug /var/adm/syslog/debug.log


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
RAC_1
Honored Contributor

‎03-23-2005 01:35 AM

‎03-23-2005 01:35 AM

Re: redirecting ftp to ftplog

Check man page of ftpd.

you need to add -o and -i options to ftpd in /etc/inetd.conf file.
There is no substitute to HARDWORK
0 Kudos
Reply
Tony Leahy
Occasional Advisor

‎03-23-2005 02:09 AM

‎03-23-2005 02:09 AM

Re: redirecting ftp to ftplog

Hi,
still no progress -- tried Geoff and RAC's ideas

maybe it's not picking up the new configurations ?

Tony.
0 Kudos
Reply
baiju_3
Esteemed Contributor

‎03-23-2005 05:13 AM

‎03-23-2005 05:13 AM

Re: redirecting ftp to ftplog


Hi Tony ,

try this entry in /etc/inetd.conf

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -P


Do onetd -c , after the modofication .It works for me.

Thanks,
BL.
Good things Just Got better (Plz,not stolen from advertisement -:) )
Reply
Ermin Borovac
Honored Contributor

‎03-23-2005 03:18 PM

‎03-23-2005 03:18 PM

Re: redirecting ftp to ftplog

Syslog messages 'allowed connection from' are not coming from telnetd or ftpd; they are coming from /usr/lbin/tcpd, which is TCP wrappers daemon. You seem to be using tcpd in inetd.conf.

ftp stream tcp nowait root /usr/lbin/tcpd /usr/lbin/ftpd ftpd -l

tcpd is logging messages with syslog facility 'daemon', thus your syslog.conf local5 configuration is ignored.
0 Kudos
Reply
David de Beer
Valued Contributor

‎03-23-2005 05:09 PM

‎03-23-2005 05:09 PM

Re: redirecting ftp to ftplog


Hello Tony.

We also use tcp wrappers in our environment, and here is how I got around the problem.

For some strange reason all the ftpd messages get logged to mail.info - so I did the following:


/etc/syslog.conf file:
mail.info /var/adm/syslog/ftpd.log
mail.debug /var/adm/syslog/mail.log
daemon.info;mail.none /var/adm/syslog/daemon.log
*.info;mail.none,daemon.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

/etc/inetd.conf file:
ftp stream tcp nowait root /usr/local/bin/tcpd /usr/lbin/ftpd -l -u 22
tftp dgram udp wait root /usr/local/bin/tcpd /usr/lbin/tftpd

I also wrote the following script (crontab) to mail me the ftpd errors related to gethostbyaddr:
#!/bin/ksh
cd /var/adm/syslog
NEWTIMESTAMP=`date "+%Y-%m-%d %H:%M"`
COMPLETELOGNAME=`date "+%Y%m%d"`
OLDTIMESTAMP=`cat /var/adm/syslog/ftpd.timestamp.old`
cat /var/adm/syslog/ftpd.log | grep -i ftpd | uuencode $COMPLETELOGNAME.doc| mailx -s "[FTPD log] $OLDTIMESTAMP -> $NEWTIMESTAMP" your@address.here
echo $NEWTIMESTAMP > /var/adm/syslog/ftpd.timestamp.old
cat /var/adm/syslog/ftpd.log | grep -i ftpd | grep -i gethostbyaddr | awk {' print $5 '} | cut -f2 -d"[" | cut -f1 -d"]" | sort -u | xargs -l | awk {' print " echo FTP errors for process ID " $1 " ; cat /var/adm/syslog/ftpd.log | grep -i " $1 '} | grep -i ftpd > /var/adm/syslog/sort.errors.sh
chmod 700 /var/adm/syslog/sort.errors.sh
/var/adm/syslog/sort.errors.sh > /var/adm/syslog/sort.errors.log
grep -i ftp /var/adm/syslog/sort.errors.log | uuencode $COMPLETELOGNAME.errorlog.doc | mailx -s "[FTPD error log] $OLDTIMESTAMP -> $NEWTIMESTAMP" your@address.here
cp /var/adm/syslog/ftpd.log /var/adm/syslog/ftpd.log.old
> /var/adm/syslog/ftpd.log

Hope this helps.
Regards,
David de Beer.
Reply
Johannes Kamentz_3
Occasional Advisor

‎03-23-2005 07:15 PM

‎03-23-2005 07:15 PM

Re: redirecting ftp to ftplog

Hey Tony,

I would stop syslogd and restart it in debugging mode (syslogd -d).

Open an ftp session to this server then. Maybe You will get some error messages helping You to troubleshoot.

Did You check for special characters in the syslog.conf file?

Johannes
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.