SunOS and ftp logging

UNIX Solaris
1

Hi,
I'd want to enable ftp logging on a SunOS 5.9 machine. I've read some guides I've found on the Internet but, in the syslog file, I stil not have information about that.
In the /etc/inetd.conf I have this line:

ftp     stream  tcp6    nowait  root    /usr/sbin/in.ftpd       in.ftpd -d

In /etc/syslog.conf I added this:

daemon.debug                                   /var/adm/ftp.log

Finally I created ftp.log in /var/adm, but when I connect via ftp from another machine, I have no information in ftp.log.
I also tried without modifying syslog.conf file, for logging in the /var/adm/messages (is that the file where syslogd writes?), but stil nothing...

What can I do? Please help...

ps
sorry for my english

2

Did you remember to send a HUP to syslogd after modifying /etc/syslog.conf?

You might also want to look into "man ftpaccess" for refining your logging.

Cheers,
ZB

3

I killed both syslogd and inetd with:

kill -HUP process-pid

Though the problem is that, after adding "-d" option to the ftpd line in inetd.conf, I still haven't any kind of logging...
I also tried to add "-A" to disable ftpaccess but no result.

The only information that I can get is

Aug  1 11:55:50 timoteo ftpd[4941]: [ID 532633 daemon.notice] FTP LOGIN REFUSED (username in /etc/ftpd/ftpusers) FROM 192.168.2.26 [192.168.2.26], root

when I try to log in as root (that is in users denied access)
With other users I have no information in the log file.
Why it doesn't log to syslog?

4

Now I tried with

ftp     stream  tcp6    nowait  root    /usr/sbin/in.ftpd       in.ftpd -A -l -d

in /etc/inetd.conf, and with

daemon.*                                        /var/adm/ftp.log

in /etc/syslog.conf, but no log information at all!! :frowning:

...help...

5

Hi, one short question!
You are sure that the /etc/syslog.conf file is without any
other ascii characters then TAB ?

For the syslog.conf file it is mandetory to use only TAB between the objekts.

You can check it inside the vi with the "set list" command.

best regards joerg

6

I always stop syslogd, then run in interactive debug mode to test changes to syslog.conf

/usr/sbin/syslogd -d

Cheers
ZB

7

Ok, I solved with your tips.
There are some non-tab character but, after deleting them, I tried with

/usr/sbin/syslogd -d

and the output was:

bash-2.05# /usr/sbin/syslogd -d
main(1): Started at time Wed Aug  8 10:03:19 2007
getnets(1): found 1 addresses, they are: 0.0.0.0.2.2
amiloghost(1): testing 192.168.2.122.2.2
conf_init(1): I am loghost
cfline(1): (*.err;kern.notice;auth.notice                       /dev/sysmsg)
cfline(1): (*.err;kern.debug;daemon.notice;mail.crit    /var/adm/messages)
cfline(1): (*.alert;kern.err;daemon.err                 operator)
cfline(1): (*.alert                                             root)
cfline(1): (*.emerg                                             *)
cfline(1): (mail.debug                  /var/log/syslog)
cfline(1): (daemon.*                                    /var/adm/ftp.log)
logerror_format(1): out syslogd: line 32: unknown priority name "*"
logerror(1): syslogd: line 32: unknown priority name "*"
logerror_to_console(1): syslogd: line 32: unknown priority name "*"
logerror_format(1): out syslogd: syslogd pid 867 already running. Cannot start another syslogd pid 882
logerror(1): syslogd: syslogd pid 867 already running. Cannot start another syslogd pid 882
logerror_to_console(1): syslogd: syslogd pid 867 already running. Cannot start another syslogd pid 882

so I replaced "daemon.*" with "daemon.debug" and now it logs!!! :slight_smile:

Thank you so much!!!!!!

8

couldnt you use "$ last {username}" to display the login entries recorded from any successfull logins from your ftp users? -otherwise, "$ dmesg | grep -i ftp" could possibly display you any errors in ftp (and other stuff containing ftp i dmesg).

Just some thoughts...

9

It is a security requirement to have syslog logging enabled for ftp in many organisations.