- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: FTP Audit Trail
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2008 11:43 AM
01-11-2008 11:43 AM
			
				
					
						
							FTP Audit Trail
						
					
					
				
			
		
	
			
	
	
	
	
	
For security reasons, I'd like to be able to create a report containing:
username
date/time
filename
get or put
TIA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2008 12:11 PM
01-11-2008 12:11 PM
			
				
					
						
							Re: FTP Audit Trail
						
					
					
				
			
		
	
			
	
	
	
	
	
The logical TCPIP$FTPD_LOG_CLIENT_ACTIVITY activates logging of session-specific information, requests, and responses. The log file created is SYS$LOGIN:TCPIP$FTP_
SERVER.LOG. I don't remember exactly when it was introduced, post UCX->TCPIP Services name change I think.
Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2008 12:28 PM
01-11-2008 12:28 PM
			
				
					
						
							Re: FTP Audit Trail
						
					
					
				
			
		
	
			
	
	
	
	
	
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1153242
You can also conceivably enable security auditing using ACLs specifically for network activity. Try tossing a security ACL at the volume level, triggering an audit for any network activity, and toss an ACL onto the ftp client image to capture outbound activity. (There may well be a way to capture out-bound ftp, but IIRC you can pretty much run your own ftp client locally if you have netmbx.)
Various folks looking to track this sort of activity can tend to choose to enable auditing at a network perimeter, such as at a firewall.
And if you're interested in security, why are you using ftp and not sftp? (This asked not to be flippant, either.) ftp has more than its share of problems, and performance limits. The ftp protocol can inherently cause issues with firewall security, too.
Stephen Hoffman
HoffmanLabs LLC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2008 01:07 AM
01-14-2008 01:07 AM
			
				
					
						
							Re: FTP Audit Trail
						
					
					
				
			
		
	
			
	
	
	
	
	
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2008 10:14 AM
01-25-2008 10:14 AM
			
				
					
						
							Re: FTP Audit Trail
						
					
					
				
			
		
	
			
	
	
	
	
	
TCPIP$FTP_EXTLOG "1"
The people who log in via external FTP activate FTP server task, which builds its own log files in the user directory. With that flag set to 1, you get extended logging of messages to include GET or PUT and the name supplied with the command. (Get is shown as RETR, you need to look at the RFC for FTP in order to see all the commands listed.)
Once per day I run a job that looks for all such log files (TCPIP$FTP_SERVER.LOG) with a creation date older than "0600 this morning." I copy those files to a working area tagged by the name of the user directory from which each came. Then I have a little script to parse out the stuff I wanted to see, which resembles what you wanted, plus whether it worked or not. It is not that difficult because first I don't care about all of the possible commands that are exchanged and second, there aren't that many to look for anyway.
Please note that if your users ran FTP interactively from their OpenVMS session (in other words, VMS was the CLIENT, not the server), you cannot capture that information easily or perhaps you cannot see it at all. But for FTP_SERVER, there is at least a chance.
