LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-27-2011, 08:17 PM   #1
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,668

Rep: Reputation: 46
vsftp logging login attempts somewhere?


Does anyone know if vsftpd logs successful and failed logon attempts anywhere? I grep'd my /var/log directory and didnt find anything.

or if it can, do you know how to enable it?
 
Old 06-28-2011, 01:34 AM   #2
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,362

Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by rjo98 View Post
Does anyone know if vsftpd logs successful and failed logon attempts anywhere? I grep'd my /var/log directory and didnt find anything.

or if it can, do you know how to enable it?
Have you enabled logs in the vsftpd.conf ?

Or add these to enable the vsftpd.log:

PHP Code:
xferlog_enable=YES
xferlog_file
=/var/log/vsftpd.log
log_ftp_protocol
=YES
xferlog_std_format
=NO 
So now a vsftpd.log will be generated in your /var/log directory .

And whenever a failed login is there you will get a line in the vsftpd.log as :


PHP Code:
[usernameFTP responseClient "IP of the user""530 Login incorrect." 
 
1 members found this post helpful.
Old 06-28-2011, 09:06 AM   #3
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,668

Original Poster
Rep: Reputation: 46
Here's what I have for those settings:

xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES

I dont even see the log_ftp_protocol in there, or in the comments that are throughout the file
 
Old 06-28-2011, 07:14 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Here's the home site for vsftpd and you can see all (& its a LOT) of options, inc that one http://vsftpd.beasts.org/vsftpd_conf.html
Quote:
log_ftp_protocol
When enabled, all FTP requests and responses are logged, providing the option xferlog_std_format is not enabled. Useful for debugging.

Default: NO
HTH
 
Old 06-28-2011, 07:20 PM   #5
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,668

Original Poster
Rep: Reputation: 46
Thanks. So let me ask what will probably be a silly question. When examples are in comments in config files, those are really just a small sampling, and not necesarilly all the options that apply for that version then, right?
 
Old 06-28-2011, 07:35 PM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
In this case yes, but there's no fixed rule. If a prog only has a small num of params, you may well see all of them in there.
My advice: 'never assume' (you know what they say about 'assume').
Its generally a good idea to at least look at the home site for a tool, just to see what's available.
 
1 members found this post helpful.
Old 06-29-2011, 03:24 AM   #7
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,362

Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by rjo98 View Post
Here's what I have for those settings:

xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES

I dont even see the log_ftp_protocol in there, or in the comments that are throughout the file
If its not there, you can add that.

just run this on your terminal.

PHP Code:
man vsftpd.conf 
And you will get all the rules with their usage and add them in vsftpd.conf according to your need.
 
1 members found this post helpful.
Old 06-29-2011, 08:41 AM   #8
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,668

Original Poster
Rep: Reputation: 46
Thanks guys. i'll have to read to see why that one setting is set to YES which seems to not go with that other setting.
 
Old 06-29-2011, 03:21 PM   #9
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,668

Original Poster
Rep: Reputation: 46
OK, I read this some more, seems like xferlog_std_format is just a purely formatting thing, and by having it set to YES it makes it harder to read. We dont have any log monitoring that's looking for a specific format, so not sure why that would have been turned on to begin with. am i not understanding this one right?

with the log_ftp_protocol, what does it mean by "all FTP requests and responses", i already get a line in the log for each file uploaded/downloaded. just wondering if turning this on (and the other to NO) is going to cause way too much to get logged.
 
Old 06-29-2011, 08:16 PM   #10
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Try it briefly or on a test box & see.... It prob means it'll also log eg login failures as well; you may or may not want that ...
My recommendation: don't guess, try it.
 
Old 06-30-2011, 12:31 PM   #11
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,668

Original Poster
Rep: Reputation: 46
Yeah, i'm going to try to setup a virtual machine and see if i can figure it out there. Cross your fingers haha.
 
Old 07-02-2011, 10:39 PM   #12
jerryleem412
LQ Newbie
 
Registered: Jul 2011
Posts: 2

Rep: Reputation: Disabled
I resolved the issue by opening ports 990 for both TCP and UDP in the firewall. Since VSFTPD uses secure ports. Hope this helps someone...
 
Old 07-02-2011, 11:15 PM   #13
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,362

Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by rjo98 View Post
Yeah, i'm going to try to setup a virtual machine and see if i can figure it out there. Cross your fingers haha.
Yes , before putting anything into production, make a test with virtual machine and do all kind of r&d on that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Prevent Login by IP address / limit login attempts / remedial IP tables question whiskey06 Linux - Security 5 04-26-2009 04:48 AM
logging login attempts gzusgeek Linux - Security 3 03-18-2008 06:40 PM
OpenSSH - how to force logging of failed attempts? haertig Linux - Security 4 06-07-2006 06:49 PM
Stopping vsftp login attempts? ExoZagNoid Linux - Security 4 03-18-2006 09:46 PM
vsftp - limit login attempts bandersson Linux - Security 0 01-01-2003 05:37 PM


All times are GMT -5. The time now is 10:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration