Книга: Fedora™ Unleashed, 2008 edition

Configure System Logging

Configure System Logging

Part of system administration involves reviewing log files for what the server is doing, who accessed it, what files were transferred, and other pieces of important information. You can use a number of commands within /etc/ftpacess to control your FTP server's logging actions.

Redirect Logging Records

This line allows the administrator to redirect where logging information from the FTP server is recorded:

log <syslog>{+<xferlog>}

By default, the information for commands is stored in /var/log/messages, although the man pages packaged in some RPMs state that this information is written to /var/log/xferlog. Check your server's settings for information regarding the location of your file transfer logs.

Log All User-Issued Commands

This line enables logging for all commands issued by the user:

log commands [<typelist>]
typelist
is a comma-separated list of anonymous, guest, and real. If no typelist is given, commands are logged for all users. Some wu-ftpd RPMs set the logging of all file transfers to /var/log/xferlog (see the next section). However, you can add the log command to ftpaccess with the commands keyword to capture user actions. Logging is then turned on and user actions are captured in /var/log/messages. Here is a sample log file:

Oct 6 12:21:42 shuttle2 ftpd[5229]: USER anonymous
Oct 6 12:21:51 shuttle2 ftpd[5229]: PASS [email protected]
Oct 6 12:21:51 shuttle2 ftpd[5229]: ANONYMOUS FTP LOGIN FROM 192.168.2.31 [192.168.2.31], [email protected]
Oct 6 12:21:51 shuttle2 ftpd[5229]: SYST
Oct 6 12:21:54 shuttle2 ftpd[5229]: CWD pub
Oct 6 12:21:57 shuttle2 ftpd[5229]: PASV
Oct 6 12:21:57 shuttle2 ftpd[5229]: LIST
Oct 6 12:21:59 shuttle2 ftpd[5229]: QUIT
Oct 6 12:21:59 shuttle2 ftpd[5229]: FTP session closed

The sample log shows the username and password entries for an anonymous login. The CWD entry shows that a cd command is used to navigate to the pub directory. Note that the commands shown do not necessarily reflect the syntax the user typed, but instead list corresponding system calls the FTP server received. For example, the LIST entry is actually the ls command.

Log Security Violations and File Transfers

Two other logging commands are useful in the /etc/ftpaccess configuration file. This line enables the logging of security violations:

log security [<typelist>]

Violations are logged for anonymous, guest, and real users, as specified in the typelist — the same as other log commands. If you do not specify a typelist, security violations for all users are logged.

This line writes a log of all files transferred to and from the server:

log transfers [<typelist> [<directions>]]
typelist
is the same as in log commands and log security lines. directions is a comma- separated list of the keywords inbound for uploaded files and outbound for downloaded files. If no directions list is given, both uploaded and downloaded files are logged. Inbound and outbound logging is turned on by default.

Оглавление книги


Генерация: 0.088. Запросов К БД/Cache: 0 / 0
поделиться
Вверх Вниз