[BlueOnyx:16326] Re: Proftp logging buggy.

Michael Stauber mstauber at blueonyx.it
Thu Oct 30 15:18:22 -05 2014 

Hi George,

> I tried the (temp) fix of making 2 config files and pointing the
> xinetd services to one for plain and one for TLS.

Please try it again with the official fixes ("yum clean all" / "yum
update").

> I was able to tranfer files with each.  Plain ftp logged transfers showed
> up in /var/log/xferlog as expected, but NONE of the TLS transfers showed
> up *anywhere* that I could find.

I just tried that on a 5207R that's fully YUM updated:

[root at 5207r buildarea_5200r]# tail -f /var/log/xferlog
Thu Oct 30 15:14:22 2014 0 181.136.85.29 122602
/home/.users/112/admin/admin-SAB-140929165430.tar.gz b _ o r admin ftp 0 * c
Thu Oct 30 15:14:54 2014 4 181.136.85.29 2339248
/home/.users/112/admin/mbox a _ o r admin ftps 0 * c

Download of the first file was via FTP.
Download of the second file was via FTPS.

And it logged both.

> I also noted that there's lots of messages in /var/log/proftpd/ban.log
> There's never anything appearing in /var/log/proftpd/ban.tab.

ProFTPd handles that (AFAIK) internally. I did some repeat connections
(flooding) and it banned me alright. Both via FTP and FTPS.

Additionally the logging in /var/log/messages works for both FTP and
FTPS connections. Below is an excerpt:

Oct 30 15:10:32 5207r xinetd[9508]: START: ftps pid=11325
from=::ffff:181.136.85.29
Oct 30 15:10:33 5207r proftpd[11325]: 127.0.0.1
(181.136.85.29[181.136.85.29]) - FTP session opened.
Oct 30 15:11:03 5207r proftpd[11325]: 127.0.0.1
(181.136.85.29[181.136.85.29]) - FTP session closed.
Oct 30 15:11:03 5207r xinetd[9508]: EXIT: ftps status=0 pid=11325
duration=31(sec)
Oct 30 15:11:09 5207r xinetd[9508]: START: ftp pid=11326
from=::ffff:181.136.85.29
Oct 30 15:11:09 5207r proftpd[11326]: 38.114.102.13
(181.136.85.29[181.136.85.29]) - FTP session opened.
Oct 30 15:11:37 5207r proftpd[11326]: 38.114.102.13
(181.136.85.29[181.136.85.29]) - FTP session closed.
Oct 30 15:11:37 5207r xinetd[9508]: EXIT: ftp status=0 pid=11326
duration=28(sec)

First connection: FTPS
Second connection: FTP

The type of connection (FTPS or FTP) is also visible in the logfile.

So ... it *appears* as if it's working.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list