- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Disable FTP Log (and anonymous log)
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2008 08:35 PM
тАО05-15-2008 08:35 PM
We have a lot of FTP communication going on in our system. It's only LAN no connection outside or internet, so security is not an issue.
How can I disable to FTP Log files? At the moment every connections generate an input in
SYS$SYSDEVICE:[TCPIP$FTP]TCPIP$FTP_RUN.LOG and
TCPIP$FTP_ANONYMOUS.LOG.
These files will get huge in a short time. I tried to set the logical anonymous logfile to NLA0: but this didn't help. So how can I disable ALL logfiles for the FTP connections?
Thanks.
Dario
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2008 08:55 PM
тАО05-15-2008 08:55 PM
Re: Disable FTP Log (and anonymous log)
You may set TCPIP$FTP_SERVER_LOG_CLIENT_BY_ADDRESS to false to prevent ftp logfiles in SYS$LOGIN to be created, at least.
regards Kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2008 09:14 PM
тАО05-15-2008 09:14 PM
Re: Disable FTP Log (and anonymous log)
gets a new version when you disable+enable
the FTP service, so if you do that
occasionally, and purge the things back some,
you should be able to keep the wasted disk
space within reasonable bounds.
> These files will get huge in a short time.
Really? My server gets some use (not very
much, I suppose), and my anonymous log looks
like this:
Directory SYS$SYSDEVICE:[TCPIP$FTP]
TCPIP$FTP_ANONYMOUS.LOG;2
4392 24-JAN-2003 16:08:37.93 (RE,RWE,,)
TCPIP$FTP_ANONYMOUS.LOG;1
637 1-JAN-2002 13:51:03.04 (RE,RWE,,)
I would not consider this to be getting "huge
in a short time." (I had planned to split it
annually, around 1-JAN, but it just doesn't
get big enough that it's bothered me in
recent years. Now, the _Web_ server log
_does_ benefit from periodic splits.)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2008 09:30 PM
тАО05-15-2008 09:30 PM
Re: Disable FTP Log (and anonymous log)
Directory SYS$SYSDEVICE:[TCPIP$FTP]
LOGIN.COM;1 1 11-MAR-2007 17:49:38.35
TCPIP$FTP_ANONYMOUS.LOG;1
6987944 14-FEB-2008 11:03:15.82
TCPIP$FTP_RUN.LOG;229
0 16-MAY-2008 11:20:09.48
TCPIP$FTP_RUN.LOG;228
225 16-MAY-2008 11:14:34.21
TCPIP$FTP_RUN.LOG;227
188 16-MAY-2008 11:04:51.52
TCPIP$FTP_RUN.LOG;226
2151 16-MAY-2008 08:46:22.69
TCPIP$FTP_RUN.LOG;225
24365 15-MAY-2008 07:30:40.47
TCPIP$FTP_RUN.LOG;224
9294 14-MAY-2008 21:58:50.98
TCPIP$FTP_RUN.LOG;223
7215 14-MAY-2008 14:31:04.62
TCPIP$FTP_RUN.LOG;222
38368 12-MAY-2008 22:06:45.66
TCPIP$FTP_RUN.LOG;221
19681 12-MAY-2008 01:36:20.53
as you can see, the anonymous log file is quite big. the problem we focus now is, when connecting with anonymous it takes a long time, because it has to open this huge file and make an entry.
I do not understand why there is also an entry on the ftp_run.log file every time.
I found in the documentation this logical:
TCPIP$FTPD_LOG_CLIENT_ACTIVITY. Does it maybe help when I generate this logical with value FALSE ???
Thanks four your support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2008 09:45 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2008 09:59 PM
тАО05-15-2008 09:59 PM
Re: Disable FTP Log (and anonymous log)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2008 10:06 PM
тАО05-15-2008 10:06 PM
Re: Disable FTP Log (and anonymous log)
ucx sh version
shows what ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2008 10:54 PM
тАО05-15-2008 10:54 PM
Re: Disable FTP Log (and anonymous log)
$ def/sys/exec TCPIP$FTP_ANONYMOUS_LOG NL:
followed by a stop and start of the ftp service, should work.
But my tests still show a new log file :-(
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2008 11:24 PM
тАО05-15-2008 11:24 PM
Re: Disable FTP Log (and anonymous log)
>If I have only one logfile, this will
>become bigger and bigger as well.
Setting the version of TCPIP$FTP_RUN.LOG to 32767, or setting the version limit to a small number will limit the amount of disk space consumed. The file isn't appended, so don't be concerned about it growing.
You can't prevent the system from trying to create a log file, but you can prevent it from succeeding. However, it's probably better to let the log files get written, but control them with a version limit of (say) 10. They can be useful to diagnose problems.
If Gerard's suggestion of:
$ def/sys/exec TCPIP$FTP_ANONYMOUS_LOG NL:
and restarting the service doesn't work, perhaps try setting the protection to no access by anyone?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-16-2008 06:44 AM
тАО05-16-2008 06:44 AM
Re: Disable FTP Log (and anonymous log)
But do use the command interface and logging control knobs where available, to disable logging or to write the log on the NLA0: device or such.
Sotto voce: so I shouldn't worry about all those infernal infested internal boxes that just keep hammering on my ftp and smtp servers? Those pesky portable ones that got infested elsewhere, and then visit my LAN just to spread the "fun"? Seriously: assuming that you are not hooked to the internet is risky when there's more than one person connecting boxes to the LAN; do you trust everybody that's connecting boxes, and all of what they connect?
I'd probably simply set up a log-management procedure here, akin to the daily management usually done for ACCOUNTNG.DAT and other core data files. Even outside the cases of active malware on the LAN, having a log file around for a couple of days when something goes wonky can be invaluable, and ftp has established its own local maximum of wonky-ness.