HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   syslog entries from pure-ftp (http://www.howtoforge.com/forums/showthread.php?t=44575)

afandino 2nd April 2010 18:59

syslog entries from pure-ftp
 
Why do i get all these pure ftp entries in my syslog

Apr 2 08:45:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 08:45:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Apr 2 08:50:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 08:50:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Apr 2 08:55:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 08:55:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Apr 2 09:00:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 09:00:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Apr 2 09:05:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 09:05:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Apr 2 09:10:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 09:10:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Apr 2 09:15:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 09:15:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Apr 2 09:20:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 09:20:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Apr 2 09:25:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 09:25:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Apr 2 09:30:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 09:30:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Apr 2 09:35:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 09:35:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Apr 2 09:40:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 2 09:40:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.


What is happening exactly ?

Antennipasi 2nd April 2010 21:57

Quote:

Originally Posted by afandino (Post 223995)
What is happening exactly ?

Ispconfig3 Monitor Module is testing if ftp-daemon is alive. You can safely ignore those.

Doug G 3rd April 2010 03:04

Is there any way to suprress the messages logged from the ispconfig3 monitor but still log user login events? In a quick look in the config file for pureftpd it looked like syslogging was an 'all or nothing' setting.

mike_p 22nd April 2010 10:38

I don't like my main system log being filled with these ftp info messages so I've edited /etc/syslog.conf and changed the line

*.info;mail.none;authpriv.none;cron.none /var/log/messages

to

*.info;mail.none;authpriv.none;cron.none;ftp.!info /var/log/messages

(then run:# /etc/init.d/syslog reload )

This prevents ftp info data being written to the log.
If I want to know what users have been logging in via ftp I just inspect the
/var/log/pureftp.log
- it shows a lot more detail! & excludes the localhost logins.

--------------------
I also want to remove the clamd "SelfCheck: Database status OK." messages so I've also added
local6.!info to the line in syslog.conf
Those messages are also in the ClamAV log which is viewable from the ISPConfig monitor page.

Now I've got a really clean system log.

esmiz 17th June 2010 02:36

That's good tip
 
That's good tip

Does anyone know how to get the same in Debian?

Regards

BorderAmigos 17th June 2010 03:14

Quote:

Originally Posted by esmiz (Post 231365)
That's good tip
Does anyone know how to get the same in Debian?

The same but in /etc/rsyslog.conf

esmiz 17th June 2010 04:22

Thanks for your answer.

Yes I tried that, but had no luck, perhaps I didn't find the right place in the file.
This is which I changed in /etc/rsyslog.conf

Code:

Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none    -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages

Is that correct?
I also tried adding a new file in /etc/rsyslog.d/ but didn't work either.

Regards

BorderAmigos 17th June 2010 04:58

You can add it to that...
Code:


Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none    -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none;\
        ftp.!info                      -/var/log/messages

I make separate files...
Code:


Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none    -/var/log/debug
*.=info;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none;\
        ftp.!info                      -/var/log/messages.info
*.=notice;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none        -/var/log/messages.notice
*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages.warn


esmiz 17th June 2010 05:21

Hi, mate

Thanks again for your answer.
I'll give it a try and tell you. I realize now what could be the error I had.
This was my not working rsyslog.conf before was corrected:
Code:

# Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none        -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none;\
        ftp.!info;local6.!info;        -/var/log/messages

Last line should be:
Code:

ftp.!info,local6.!info        -/var/log/messages
instead isn'it?

Regards


All times are GMT +2. The time now is 03:09.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.