Operating System - OpenVMS
1748248 Members
3823 Online
108760 Solutions
New Discussion юеВ

Re: Disable FTP Log (and anonymous log)

 
SOLVED
Go to solution
Dario Karlen
Frequent Advisor

Disable FTP Log (and anonymous log)

Hi

We have a lot of FTP communication going on in our system. It's only LAN no connection outside or internet, so security is not an issue.
How can I disable to FTP Log files? At the moment every connections generate an input in
SYS$SYSDEVICE:[TCPIP$FTP]TCPIP$FTP_RUN.LOG and
TCPIP$FTP_ANONYMOUS.LOG.
These files will get huge in a short time. I tried to set the logical anonymous logfile to NLA0: but this didn't help. So how can I disable ALL logfiles for the FTP connections?
Thanks.
Dario
11 REPLIES 11
Karl Rohwedder
Honored Contributor

Re: Disable FTP Log (and anonymous log)

Even if the service FTP is set to /LOG=(file=NL:,noall), a logfile is created and sessison connect/disconnect messages are logged.
You may set TCPIP$FTP_SERVER_LOG_CLIENT_BY_ADDRESS to false to prevent ftp logfiles in SYS$LOGIN to be created, at least.

regards Kalle
Steven Schweda
Honored Contributor

Re: Disable FTP Log (and anonymous log)

SYS$SYSDEVICE:[TCPIP$FTP]TCPIP$FTP_RUN.LOG
gets a new version when you disable+enable
the FTP service, so if you do that
occasionally, and purge the things back some,
you should be able to keep the wasted disk
space within reasonable bounds.

> These files will get huge in a short time.

Really? My server gets some use (not very
much, I suppose), and my anonymous log looks
like this:

Directory SYS$SYSDEVICE:[TCPIP$FTP]

TCPIP$FTP_ANONYMOUS.LOG;2
4392 24-JAN-2003 16:08:37.93 (RE,RWE,,)
TCPIP$FTP_ANONYMOUS.LOG;1
637 1-JAN-2002 13:51:03.04 (RE,RWE,,)

I would not consider this to be getting "huge
in a short time." (I had planned to split it
annually, around 1-JAN, but it just doesn't
get big enough that it's bothered me in
recent years. Now, the _Web_ server log
_does_ benefit from periodic splits.)
Dario Karlen
Frequent Advisor

Re: Disable FTP Log (and anonymous log)

Thanks for the answers. Here is the directory of the FTP:
Directory SYS$SYSDEVICE:[TCPIP$FTP]

LOGIN.COM;1 1 11-MAR-2007 17:49:38.35
TCPIP$FTP_ANONYMOUS.LOG;1
6987944 14-FEB-2008 11:03:15.82
TCPIP$FTP_RUN.LOG;229
0 16-MAY-2008 11:20:09.48
TCPIP$FTP_RUN.LOG;228
225 16-MAY-2008 11:14:34.21
TCPIP$FTP_RUN.LOG;227
188 16-MAY-2008 11:04:51.52
TCPIP$FTP_RUN.LOG;226
2151 16-MAY-2008 08:46:22.69
TCPIP$FTP_RUN.LOG;225
24365 15-MAY-2008 07:30:40.47
TCPIP$FTP_RUN.LOG;224
9294 14-MAY-2008 21:58:50.98
TCPIP$FTP_RUN.LOG;223
7215 14-MAY-2008 14:31:04.62
TCPIP$FTP_RUN.LOG;222
38368 12-MAY-2008 22:06:45.66
TCPIP$FTP_RUN.LOG;221
19681 12-MAY-2008 01:36:20.53

as you can see, the anonymous log file is quite big. the problem we focus now is, when connecting with anonymous it takes a long time, because it has to open this huge file and make an entry.
I do not understand why there is also an entry on the ftp_run.log file every time.
I found in the documentation this logical:
TCPIP$FTPD_LOG_CLIENT_ACTIVITY. Does it maybe help when I generate this logical with value FALSE ???
Thanks four your support.
labadie_1
Honored Contributor
Solution

Re: Disable FTP Log (and anonymous log)

Not very clean, but if you rename
sys$sysdevice:tcpip$ftp_run.log;
to sys$sysdevice:tcpip$ftp_run.log;32767

you will have only one log file.

Ftp still works, I have checked.
Dario Karlen
Frequent Advisor

Re: Disable FTP Log (and anonymous log)

The problem is not the amout of log files, it's the filesize. If I have only one logfile, this will become bigger and bigger as well. I want to disable FTP logging completely (if it's possible). So far I have no other solution.
labadie_1
Honored Contributor

Re: Disable FTP Log (and anonymous log)

By the way,
ucx sh version
shows what ?
labadie_1
Honored Contributor

Re: Disable FTP Log (and anonymous log)

According to the doc, a
$ def/sys/exec TCPIP$FTP_ANONYMOUS_LOG NL:
followed by a stop and start of the ftp service, should work.

But my tests still show a new log file :-(
John Gillings
Honored Contributor

Re: Disable FTP Log (and anonymous log)

Dario,

>If I have only one logfile, this will
>become bigger and bigger as well.

Setting the version of TCPIP$FTP_RUN.LOG to 32767, or setting the version limit to a small number will limit the amount of disk space consumed. The file isn't appended, so don't be concerned about it growing.

You can't prevent the system from trying to create a log file, but you can prevent it from succeeding. However, it's probably better to let the log files get written, but control them with a version limit of (say) 10. They can be useful to diagnose problems.

If Gerard's suggestion of:

$ def/sys/exec TCPIP$FTP_ANONYMOUS_LOG NL:

and restarting the service doesn't work, perhaps try setting the protection to no access by anyone?
A crucible of informative mistakes
Hoff
Honored Contributor

Re: Disable FTP Log (and anonymous log)

A "sneaky trick" which works for most of these cases is to create a ;32767 version of the file you don't want any more. Most products don't manage that, and simply fail to create a new version.

But do use the command interface and logging control knobs where available, to disable logging or to write the log on the NLA0: device or such.

Sotto voce: so I shouldn't worry about all those infernal infested internal boxes that just keep hammering on my ftp and smtp servers? Those pesky portable ones that got infested elsewhere, and then visit my LAN just to spread the "fun"? Seriously: assuming that you are not hooked to the internet is risky when there's more than one person connecting boxes to the LAN; do you trust everybody that's connecting boxes, and all of what they connect?

I'd probably simply set up a log-management procedure here, akin to the daily management usually done for ACCOUNTNG.DAT and other core data files. Even outside the cases of active malware on the LAN, having a log file around for a couple of days when something goes wonky can be invaluable, and ftp has established its own local maximum of wonky-ness.