Solved Where are the logs of FTPd?

[joancatala]

Hi all,
I have installed and configured the ftpd correctly. It starts on rc.conf like this:

ftpd_enable="YES"

Everything works fine, the chroot of my users, etc.
After installation, I read that /etc/syslog.conf reads about services and create its logs. I have this:

ftp.info                                        /var/log/xferlog

But when I try to see my FTPd logs, there are random (and old) logs:

[joan@benicassim /var/log]$ doas tail -f /var/log/xferlog
Password:
Apr 22 21:23:45 benicassim ftpd[45521]: control setsockopt (TCP_NODELAY): Connection reset by peer
Apr 23 18:28:56 benicassim ftpd[850]: accept: Software caused connection abort
May 20 13:44:20 benicassim ftpd[22884]: control setsockopt (TCP_NODELAY): Connection reset by peer
May 24 10:44:13 benicassim ftpd[14388]: control setsockopt (TCP_NODELAY): Connection reset by peer
May 26 14:36:21 benicassim ftpd[853]: accept: Software caused connection abort
Jun 24 07:09:11 benicassim ftpd[4070]: control setsockopt (TCP_NODELAY): Connection reset by peer
Jul  7 11:54:13 benicassim ftpd[853]: accept: Software caused connection abort
Jul  7 21:05:43 benicassim ftpd[20769]: repeated login failures from 185-157-162-19.pool.ovpn.com
Jul 18 18:47:27 benicassim ftpd[14829]: control setsockopt (TCP_NODELAY): Connection reset by peer
Jul 18 20:12:39 benicassim ftpd[851]: accept: Software caused connection abort

How can I have normal logs like "Users logging in FTP, Users login out from FTP, Users uploading some file, etc"?
Is there a way to control whats happening on the FTP server?

 

[SirDice]

I have installed and configured the ftpd correctly.

Which one did you use? There are a number you can choose from and not all of them are configured the same.

 

[joancatala]

Hi SirDice, I didn't install any port. I'm using ftpd from base system.

 

[SirDice]

Ok, that's cool. Then we know where to look

How can I have normal logs like "Users logging in FTP, Users login out from FTP, Users uploading some file, etc"?

If I'm not mistaken logging in or out is logged in /var/log/auth.log, transfers should show up in /var/log/xferlog.

Is there a way to control whats happening on the FTP server?

Define "control"? What do you want to control?

 

[joancatala]

I did tail -f /var/log/auth.log and I can see new access if I do SSH, but there is no log entries when I access using FTP.

I attatch an screenshot. I log in on FTP with the user "santi", and there is any log below the screenshot.

When I said control, I mean "to see". Sorry for my poor English

 

[SirDice]

It's been a while since I last used it. I would actually recommend using sftp(1) instead, FTP is not really secure (logins are plain-text) and FTP itself is notoriously tricky to firewall.

That said, for ftpd(8) I think you might need this option:

     -l      Each successful and failed ftp(1) session is logged using syslog
             with a facility of LOG_FTP.  If this option is specified twice,
             the retrieve (get), store (put), append, delete, make directory,
             remove directory and rename operations and their filename
             arguments are also logged.  By default, syslogd(8) logs these to
             /var/log/xferlog.

You can add it to rc.conf:

ftpd_flags="-l"

 

[joancatala]

Yeah! It worked like a charm ;-)

After adding ftpd_flags="-l" on rc.conf every access and event from the FTP server is clear on the logs /var/log/xferlog

Thanks very much SirDice

 

[Reaperzx]

I recommend running vsftpd instead, It is much better configurable.