I need help. I have a ftp user which is used by other system to transfer file to my system.
But somehow my ftp user gets locked out due to invalid failed logins by some source system and causing lots of problems. Also i am aware that user password is not expiring rather it is getting locked due to number of failed login attempt by source system.
I am not able to find out the source system.
So is there any way how can I check which source IP/user is locking my ftp user every now and then.
What is the ftp server you are running and what is the operating system? One placet to check are the ftp server logs; however, this dpends on the ftp server. You may be able to do the following command to track ftp per user.... (this is on an aix system)
Your have posted two threads and i replied to the other one first!
First step is to turn on logging for your FTP server. Is it vsftp perhaps? I think you turn it on in /etc/vsftpd/vsftpd.conf with the xferlog_enable and xferlog_file values.
Also, you could look in the file referred to in /etc/rsyslog.conf for all the authpriv.* messages. Does this give you a clue?
If you still can't get it sorted, issue a new FTP user account to the server you trust to connect.
Many thanks for your prompt response.
I did check on my system as per your suggestion unfortunately could not find /etc/rsyslog.conf file anywhere.
Also could you please suggest how we can turn on xferlog_enable and xferlog_file values in /etc/vsftpd/vsftpd.conf. Is there any parameters that needs to be turn on.