Source IP not in my ftpd debug logs


 
Thread Tools Search this Thread
Operating Systems AIX Source IP not in my ftpd debug logs
# 1  
Old 06-27-2014
Source IP not in my ftpd debug logs

I have random connections coming into my FTP server, but the source IP is not showing up in my logs. Here is what my logs look for me trying to connect as a "whatever" user that doesn't exist. You can see there is no source IP telling me where this connection came from:

Code:
Jun 27 10:13:40 hostname daemon:debug ftpd[7733374]: <--- 220
Jun 27 10:13:40 hostname daemon:debug ftpd[7733374]: hostname FTP server (Version 4.2 Mon Dec 3 12:04:40 CST 2012) ready.
Jun 27 10:13:48 hostname daemon:debug ftpd[7733374]: command: USER whatever^M
Jun 27 10:13:48 hostname daemon:debug ftpd[7733374]: <--- 331
Jun 27 10:13:48 hostname daemon:debug ftpd[7733374]: Password required for whatever.
Jun 27 10:13:56 hostname daemon:debug ftpd[7733374]: command: PASS
Jun 27 10:13:56 hostname daemon:debug ftpd[7733374]: <--- 530
Jun 27 10:13:56 hostname daemon:debug ftpd[7733374]: Login incorrect.
Jun 27 10:14:00 hostname daemon:debug ftpd[7733374]: command: QUIT^M
Jun 27 10:14:00 hostname daemon:debug ftpd[7733374]: <--- 221
Jun 27 10:14:00 hostname daemon:debug ftpd[7733374]: Goodbye.

Here's my ftp entry in the inetd.conf file:
Code:
hostname:/:$ grep ^ftp /etc/inetd.conf
ftp     stream  tcp6    nowait  root    /usr/sbin/ftpd  ftpd -u 002 -d

Here's my daemon.debug entry in my syslog.conf:
Code:
hostname:/:$ grep ^daemon.debug /etc/syslog.conf
daemon.debug    /var/log/syslogs/syslog.daemon.debug     rotate size 30m files 5  # maintain 5 files, 30M each

Is there something else I need to enable to get more detailed logs so I can see the source IP of where connections are coming from?

Last edited by kah00na; 06-27-2014 at 01:29 PM..
# 2  
Old 06-27-2014
Neither inetd nor syslog control what information gets put in your logfiles, you need to configure the FTP daemon to do that. Which FTP daemon are you using?
# 3  
Old 06-27-2014
I'm using the FTP daemon that is part of the AIX default install. The inetd.conf file has the ftpd executable listed in it with these arguments:
Code:
ftpd -u 002 -d

What am I missing to get it to log source IPs?
# 4  
Old 06-27-2014
You may need to add the -l flag too.


Robin
These 2 Users Gave Thanks to rbatte1 For This Post:
# 5  
Old 06-27-2014
Quote:
Originally Posted by rbatte1
You may need to add the -l flag too.


Robin
EDIT!! That did it... "-l" must send "info" messages to the syslogd and the remote hostname/IP must be "info" level instead of "debug" level. Thanks rbatte1!

Code:
Jun 27 11:27:25 hostname daemon:info ftpd[5963900]: connection from remotehost at Fri Jun 27 11:27:25 2014
Jun 27 11:27:25 hostname daemon:debug ftpd[5963900]: <--- 220
Jun 27 11:27:25 hostname daemon:debug ftpd[5963900]: hostname FTP server (Version 4.2 Mon Dec 3 12:04:40 CST 2012) ready.
Jun 27 11:27:30 hostname daemon:debug ftpd[5963900]: command: USER whatever^M
Jun 27 11:27:30 hostname daemon:debug ftpd[5963900]: <--- 331
Jun 27 11:27:30 hostname daemon:debug ftpd[5963900]: Password required for whatever.
Jun 27 11:27:32 hostname daemon:debug ftpd[5963900]: command: PASS
Jun 27 11:27:32 hostname daemon:debug ftpd[5963900]: <--- 530
Jun 27 11:27:32 hostname daemon:debug ftpd[5963900]: Login incorrect.
Jun 27 11:27:33 hostname daemon:debug ftpd[5963900]: command: QUIT^M
Jun 27 11:27:33 hostname daemon:debug ftpd[5963900]: <--- 221
Jun 27 11:27:33 hostname daemon:debug ftpd[5963900]: Goodbye.


Last edited by kah00na; 06-27-2014 at 03:18 PM..
These 2 Users Gave Thanks to kah00na For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Cd \bad-directory ; source junk.1 logs me off!

Dear Gentle Folk, I thought I knew unix/bash etc. The compound statement USING TCSH! cd /lkjsdf ; source junk.1 completes and then logs me off IF the cd directory does not exist. It works fine if the directory does exist. Why is this and how do I fix it. It doesn't matter what... (1 Reply)
Discussion started by: homerwsmith
1 Replies

2. Shell Programming and Scripting

If I ran perl script again,old logs should move with today date and new logs should generate.

Appreciate help for the below issue. Im using below code.....I dont want to attach the logs when I ran the perl twice...I just want to take backup with today date and generate new logs...What I need to do for the below scirpt.............. 1)if logs exist it should move the logs with extention... (1 Reply)
Discussion started by: Sanjeev G
1 Replies

3. Solaris

Ftpd alarms

Hi, I am facing following alarms in var/adm/messages after an interval of 10 mins. I dont know what the impact is and how can i fix it. Can anyone help please? Dec 4 07:50:03 hxcsvc-a01 ftpd: open_module: stat(/usr/lib/security/pam_unix_session.so.1) failed: No such file or directory Dec ... (4 Replies)
Discussion started by: sni_engineer
4 Replies

4. Programming

Compile and debug Vim source code

Hi, I want to debug Vim source code with GDB but I can't get it. It seems to run without debugger. Here is my try. I have supressed output of most commands. Tell me if you need them. $ uname -mor 2.6.37-ARCH i686 GNU/Linux $ mkdir ~/birei && cd ~/birei $ wget... (2 Replies)
Discussion started by: birei
2 Replies

5. Linux

wu-ftpd

Hello everyone! I looking for wu-ftpd latest rpm or sorce package. Anyone have idea where i can find? I need to install on Centos 5. please help. -thanks, :) (4 Replies)
Discussion started by: email-lalit
4 Replies

6. UNIX Desktop Questions & Answers

how to check if a file ftpd to mainframe was actually ftpd

Hi All, I am ftping a file from unix to mainframe. Now the problem arises that i want to check if the file was ftpd or not. Is there any way i could do this? (4 Replies)
Discussion started by: vikas.rao11
4 Replies

7. Solaris

Turning in.ftpd on and off

For two straight days someone was running in.ftpd in my server (apparently looking to break in) and when I would do "top" almost every line would read "in.ftpd". I had a unix sysadmin friend of mine shut it down and then start it back up in a day and a half and all seems OK for now. Here's what I... (1 Reply)
Discussion started by: thomi39
1 Replies

8. Programming

How to debug C source file using GVD debugger

Anyone pls. help !!! I want to debug C source file using GVD debugger. However, I am unable to find the way to debug source files. Thanks in advance (2 Replies)
Discussion started by: argupta
2 Replies

9. UNIX for Advanced & Expert Users

ftpd message

hello, On my AIX server 4.3.3.0 the following message appears on the screen: ftpd :Failed dlopen :/usr/lib/libpag.a(shr.o):a file or directory in the path name does not exist. Please help, Thanks . (1 Reply)
Discussion started by: eyounes
1 Replies

10. UNIX for Dummies Questions & Answers

wu-ftpd question

ya i was wondering if there was anyone out there who could show me a good how to page on wu-ftpd ...im running RH 7.1 and i have the update of wu i just need to know how to use it and configure it so the users are limited to their dir and not the whole system .....any help will do ..thx (2 Replies)
Discussion started by: mista_king
2 Replies
Login or Register to Ask a Question