Need proftpd logs messages written to different log

ninehourdriven · 10-01-2007, 03:18 PM

Hello,

I am trying to get the proftpd log messages to write to a /var/log/proftpd.log file. It keeps filling up the system log. I have made adjustments to the syslog.conf file but it still writes all proftp messages to the /var/log/messages log. I have restarted the syslogd after changes made to the conf file, but it still doesn't move them over.

Here are my conf files.

proftpd.conf:

# This is a basic ProFTPD configuration file.
# It establishes a single server and a single anonymous login.
# It assumes that you have a user/group "nobody" and "ftp"
# for normal/anonymous operation.

ServerName "ProFTPD Default Installation"
#ServerType standalone
ServerType inetd
DefaultServer on

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# This next option is required for NIS or NIS+ to work properly:
#PersistentPasswd off

SystemLog /var/log/proftpd.log
TransferLog /var/log/xferlog

# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>

# A basic anonymous FTP server configuration.
# To enable this, remove the user ftp from /etc/ftpusers.
<Anonymous ~ftp>
RequireValidShell off
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 50

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>

# An upload directory that allows storing files but not retrieving
# or creating directories.
# <Directory incoming/*>
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>

</Anonymous>

syslog.conf:

# /etc/syslog.conf
# For info about the format of this file, see "man syslog.conf"
# and /usr/doc/sysklogd/README.linux. Note the '-' prefixing some
# of these entries; this omits syncing the file after every logging.
# In the event of a crash, some log information might be lost, so
# if this is a concern to you then you might want to remove the '-'.
# Be advised this will cause a performation loss if you're using
# programs that do heavy logging.

# Uncomment this to see kernel messages on the console.
#kern.* /dev/console

# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.info;*.!warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/messages

# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/syslog

# Debugging information is logged here.
*.=debug -/var/log/debug

# Private authentication message logging:
authpriv.* -/var/log/secure

# Cron related logs:
cron.* -/var/log/cron

# Mail related logs:
mail.* -/var/log/maillog

# Emergency level messages go to all users:
*.emerg *

# This log is for news and uucp errors:
uucp,news.crit -/var/log/spooler

# This log is for proftp messages:
ftp.* -/var/log/proftpd.log

# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#news.=crit -/var/log/news/news.crit
#news.=err -/var/log/news/news.err
#news.notice -/var/log/news/news.notice

This is syslogd ver 1.4.1.

If I manpage for syslog.conf on my box, it doesn't list ftp as a facility option. Most online man pages for syslog.conf have it listed as a facility. I don't know if that is the issue or not, like where my version doesn't support it, but surely it does.

Any help would be greatly appreciated.

J.

bathory · 10-02-2007, 02:05 AM

Quote:

SystemLog /var/log/proftpd.log

The above directive is enough for doing what you want (i.e. log connection to /var/log/proftpd.log). There is no need to edit syslog.conf.
Did you restart inetd/xinetd (whatever your distro uses) after adding the above directive in proftpd.conf?

tajamari · 10-02-2007, 02:37 AM

Quote:

Originally Posted by ninehourdriven

Hello,

I am trying to get the proftpd log messages to write to a /var/log/proftpd.log file. It keeps filling up the system log. I have made adjustments to the syslog.conf file but it still writes all proftp messages to the /var/log/messages log. I have restarted the syslogd after changes made to the conf file, but it still doesn't move them over.

Here are my conf files.

proftpd.conf:

# This is a basic ProFTPD configuration file.
# It establishes a single server and a single anonymous login.
# It assumes that you have a user/group "nobody" and "ftp"
# for normal/anonymous operation.

ServerName "ProFTPD Default Installation"
#ServerType standalone
ServerType inetd
DefaultServer on

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# This next option is required for NIS or NIS+ to work properly:
#PersistentPasswd off

SystemLog /var/log/proftpd.log
TransferLog /var/log/xferlog

# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>

# A basic anonymous FTP server configuration.
# To enable this, remove the user ftp from /etc/ftpusers.
<Anonymous ~ftp>
RequireValidShell off
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 50

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>

# An upload directory that allows storing files but not retrieving
# or creating directories.
# <Directory incoming/*>
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>

</Anonymous>

syslog.conf:

# /etc/syslog.conf
# For info about the format of this file, see "man syslog.conf"
# and /usr/doc/sysklogd/README.linux. Note the '-' prefixing some
# of these entries; this omits syncing the file after every logging.
# In the event of a crash, some log information might be lost, so
# if this is a concern to you then you might want to remove the '-'.
# Be advised this will cause a performation loss if you're using
# programs that do heavy logging.

# Uncomment this to see kernel messages on the console.
#kern.* /dev/console

# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.info;*.!warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/messages

# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/syslog

# Debugging information is logged here.
*.=debug -/var/log/debug

# Private authentication message logging:
authpriv.* -/var/log/secure

# Cron related logs:
cron.* -/var/log/cron

# Mail related logs:
mail.* -/var/log/maillog

# Emergency level messages go to all users:
*.emerg *

# This log is for news and uucp errors:
uucp,news.crit -/var/log/spooler

# This log is for proftp messages:
ftp.* -/var/log/proftpd.log

# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#news.=crit -/var/log/news/news.crit
#news.=err -/var/log/news/news.err
#news.notice -/var/log/news/news.notice

This is syslogd ver 1.4.1.

If I manpage for syslog.conf on my box, it doesn't list ftp as a facility option. Most online man pages for syslog.conf have it listed as a facility. I don't know if that is the issue or not, like where my version doesn't support it, but surely it does.

Any help would be greatly appreciated.

J.

you can edit /etc/syslog.conf by adding this line.
local6.* /var/log/proftp.log

then on /etc/logrotate.d/, edit the syslog file and insert /var/log/proftp.log in between the log files defined, then restart the syslog service.