I have random connections coming into my FTP server, but the source IP is not showing up in my logs. Here is what my logs look for me trying to connect as a "whatever" user that doesn't exist. You can see there is no source IP telling me where this connection came from:
Jun 27 10:13:40 hostname daemon:debug ftpd[7733374]: <--- 220
Jun 27 10:13:40 hostname daemon:debug ftpd[7733374]: hostname FTP server (Version 4.2 Mon Dec 3 12:04:40 CST 2012) ready.
Jun 27 10:13:48 hostname daemon:debug ftpd[7733374]: command: USER whatever^M
Jun 27 10:13:48 hostname daemon:debug ftpd[7733374]: <--- 331
Jun 27 10:13:48 hostname daemon:debug ftpd[7733374]: Password required for whatever.
Jun 27 10:13:56 hostname daemon:debug ftpd[7733374]: command: PASS
Jun 27 10:13:56 hostname daemon:debug ftpd[7733374]: <--- 530
Jun 27 10:13:56 hostname daemon:debug ftpd[7733374]: Login incorrect.
Jun 27 10:14:00 hostname daemon:debug ftpd[7733374]: command: QUIT^M
Jun 27 10:14:00 hostname daemon:debug ftpd[7733374]: <--- 221
Jun 27 10:14:00 hostname daemon:debug ftpd[7733374]: Goodbye.
Here's my ftp entry in the inetd.conf file:
hostname:/:$ grep ^ftp /etc/inetd.conf
ftp stream tcp6 nowait root /usr/sbin/ftpd ftpd -u 002 -d
Here's my daemon.debug entry in my syslog.conf:
hostname:/:$ grep ^daemon.debug /etc/syslog.conf
daemon.debug /var/log/syslogs/syslog.daemon.debug rotate size 30m files 5 # maintain 5 files, 30M each
Is there something else I need to enable to get more detailed logs so I can see the source IP of where connections are coming from?