syslog entries from pure-ftp

Discussion in 'General' started by afandino, Apr 2, 2010.

  1. afandino

    afandino ISPConfig Developer ISPConfig Developer

    Why do i get all these pure ftp entries in my syslog

    Apr 2 08:45:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 08:45:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Apr 2 08:50:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 08:50:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Apr 2 08:55:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 08:55:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Apr 2 09:00:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 09:00:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Apr 2 09:05:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 09:05:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Apr 2 09:10:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 09:10:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Apr 2 09:15:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 09:15:01 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Apr 2 09:20:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 09:20:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Apr 2 09:25:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 09:25:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Apr 2 09:30:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 09:30:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Apr 2 09:35:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 09:35:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Apr 2 09:40:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 2 09:40:02 ispconfig1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.


    What is happening exactly ?
     
  2. Antennipasi

    Antennipasi ISPConfig Developer ISPConfig Developer

    Ispconfig3 Monitor Module is testing if ftp-daemon is alive. You can safely ignore those.
     
  3. Doug G

    Doug G Member HowtoForge Supporter

    Is there any way to suprress the messages logged from the ispconfig3 monitor but still log user login events? In a quick look in the config file for pureftpd it looked like syslogging was an 'all or nothing' setting.
     
  4. mike_p

    mike_p Member

    I don't like my main system log being filled with these ftp info messages so I've edited /etc/syslog.conf and changed the line

    *.info;mail.none;authpriv.none;cron.none /var/log/messages

    to

    *.info;mail.none;authpriv.none;cron.none;ftp.!info /var/log/messages

    (then run:# /etc/init.d/syslog reload )

    This prevents ftp info data being written to the log.
    If I want to know what users have been logging in via ftp I just inspect the
    /var/log/pureftp.log
    - it shows a lot more detail! & excludes the localhost logins.

    --------------------
    I also want to remove the clamd "SelfCheck: Database status OK." messages so I've also added
    local6.!info to the line in syslog.conf
    Those messages are also in the ClamAV log which is viewable from the ISPConfig monitor page.

    Now I've got a really clean system log.
     
    Last edited: Apr 22, 2010
  5. esmiz

    esmiz New Member

    That's good tip

    That's good tip

    Does anyone know how to get the same in Debian?

    Regards
     
  6. BorderAmigos

    BorderAmigos New Member

    The same but in /etc/rsyslog.conf
     
  7. esmiz

    esmiz New Member

    Thanks for your answer.

    Yes I tried that, but had no luck, perhaps I didn't find the right place in the file.
    This is which I changed in /etc/rsyslog.conf

    Code:
     Some "catch-all" log files.
    #
    *.=debug;\
            auth,authpriv.none;\
            news.none;mail.none     -/var/log/debug
    *.=info;*.=notice;*.=warn;\
            auth,authpriv.none;\
            cron,daemon.none;\
            mail,news.none          -/var/log/messages
    Is that correct?
    I also tried adding a new file in /etc/rsyslog.d/ but didn't work either.

    Regards
     
  8. BorderAmigos

    BorderAmigos New Member

    You can add it to that...
    Code:
     
    Some "catch-all" log files.
    #
    *.=debug;\
            auth,authpriv.none;\
            news.none;mail.none     -/var/log/debug
    *.=info;*.=notice;*.=warn;\
            auth,authpriv.none;\
            cron,daemon.none;\
            mail,news.none;\
            ftp.!info                      -/var/log/messages
    
    I make separate files...
    Code:
     
    Some "catch-all" log files.
    #
    *.=debug;\
            auth,authpriv.none;\
            news.none;mail.none     -/var/log/debug
    *.=info;\
            auth,authpriv.none;\
            cron,daemon.none;\
            mail,news.none;\
            ftp.!info                      -/var/log/messages.info
    *.=notice;\
            auth,authpriv.none;\
            cron,daemon.none;\
            mail,news.none         -/var/log/messages.notice
    *.=warn;\
            auth,authpriv.none;\
            cron,daemon.none;\
            mail,news.none          -/var/log/messages.warn
    
     
    Last edited: Jun 17, 2010
  9. esmiz

    esmiz New Member

    Hi, mate

    Thanks again for your answer.
    I'll give it a try and tell you. I realize now what could be the error I had.
    This was my not working rsyslog.conf before was corrected:
    Code:
    # Some "catch-all" log files.
    #
    *.=debug;\
    	auth,authpriv.none;\
    	news.none;mail.none	-/var/log/debug
    *.=info;*.=notice;*.=warn;\
    	auth,authpriv.none;\
    	cron,daemon.none;\
    	mail,news.none;\
    	ftp.!info;local6.!info;	-/var/log/messages
    Last line should be:
    Code:
     ftp.!info,local6.!info	-/var/log/messages
    instead isn'it?

    Regards
     

Share This Page