vsftp logging login attempts somewhere?
 

Does anyone know if vsftpd logs successful and failed logon attempts anywhere? I grep'd my /var/log directory and didnt find anything.

or if it can, do you know how to enable it?

Have you enabled logs in the vsftpd.conf ?

Or add these to enable the vsftpd.log:

So now a vsftpd.log will be generated in your /var/log directory .

And whenever a failed login is there you will get a line in the vsftpd.log as :

Here's what I have for those settings:

xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES

I dont even see the log_ftp_protocol in there, or in the comments that are throughout the file

Here's the home site for vsftpd and you can see all (& its a LOT) of options, inc that one http://vsftpd.beasts.org/vsftpd_conf.html
:) HTH

Thanks. So let me ask what will probably be a silly question. When examples are in comments in config files, those are really just a small sampling, and not necesarilly all the options that apply for that version then, right?

In this case yes, but there's no fixed rule. If a prog only has a small num of params, you may well see all of them in there.
My advice: 'never assume' (you know what they say about 'assume').
Its generally a good idea to at least look at the home site for a tool, just to see what's available.

If its not there, you can add that.

just run this on your terminal.

And you will get all the rules with their usage and add them in vsftpd.conf according to your need.

Thanks guys. i'll have to read to see why that one setting is set to YES which seems to not go with that other setting.

OK, I read this some more, seems like xferlog_std_format is just a purely formatting thing, and by having it set to YES it makes it harder to read. We dont have any log monitoring that's looking for a specific format, so not sure why that would have been turned on to begin with. am i not understanding this one right?

with the log_ftp_protocol, what does it mean by "all FTP requests and responses", i already get a line in the log for each file uploaded/downloaded. just wondering if turning this on (and the other to NO) is going to cause way too much to get logged.

Try it briefly or on a test box & see.... It prob means it'll also log eg login failures as well; you may or may not want that ...
My recommendation: don't guess, try it.

Yeah, i'm going to try to setup a virtual machine and see if i can figure it out there. Cross your fingers haha.

I resolved the issue by opening ports 990 for both TCP and UDP in the firewall. Since VSFTPD uses secure ports. Hope this helps someone...

Yes , before putting anything into production, make a test with virtual machine and do all kind of r&d on that.