logging ftp sessions

logging ftp sessions

Post by Mark Evan » Fri, 12 Apr 2002 10:50:20



is there a way to log  ftp sessions for only certain users?
i've been able to get it to log ftp sessions for all customers,
but i really only need it to log for a couple of users.
any one have any ideas?

Thanks

 
 
 

logging ftp sessions

Post by Alun Jon » Fri, 12 Apr 2002 12:58:00




Quote:>is there a way to log  ftp sessions for only certain users?
>i've been able to get it to log ftp sessions for all customers,
>but i really only need it to log for a couple of users.
>any one have any ideas?

It would probably help if you could tell the gentle readers of this newsgroup
what server you're using, on what platform.  They don't all work exactly the
same way.

[All I know is, it isn't my server :-)]

Alun.
~~~~

[Note that answers to questions in newsgroups are not generally
invitations to contact me personally for help in the future.]
--
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at

Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.

 
 
 

logging ftp sessions

Post by m0ng » Fri, 12 Apr 2002 21:23:23


Mark,

Alun makes a good point. If you are using Solaris you can append an "dl"
(lower case letter L) to the ftp line of the inted.conf file (i.e., ftp
stream    tcp    nowait    root    /usr/sbin/in.ftpd    in.ftpd -dl) which
will provide debugging and log connections. Also, be sure to configure the
/etc/ftpusers file to include all the users that should not be ftp'ing to
your server (i.e., privileged accounts). Implementing both of these
features, I think, addresses your question because you will be able to
prevent specific users from logging via ftpusers and from there log all
connections. If on the other had you want to allow several people to ftp to
your server, but only log specified users, then you may have to implement
something like Solaris' Basic Security Module (BSM), or simply ignore the
additional logging of users.

Alternatively, you could use tcp_wrappers or sftp (i.e., OpenSSH), which is
my recommendation. More reading here:
TCP_Wrappers: ftp://ftp.porcupine.org/pub/security/index.html
OpenSSH: http://www.openssh.org

HTH,
m0ng0




> >is there a way to log  ftp sessions for only certain users?
> >i've been able to get it to log ftp sessions for all customers,
> >but i really only need it to log for a couple of users.
> >any one have any ideas?

> It would probably help if you could tell the gentle readers of this
newsgroup
> what server you're using, on what platform.  They don't all work exactly
the
> same way.

> [All I know is, it isn't my server :-)]

> Alun.
> ~~~~

> [Note that answers to questions in newsgroups are not generally
> invitations to contact me personally for help in the future.]
> --
> Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at

> Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
> Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.

 
 
 

logging ftp sessions

Post by Doug Freyubrg » Sat, 13 Apr 2002 01:11:06




> >is there a way to log  ftp sessions for only certain users?
> >i've been able to get it to log ftp sessions for all customers,
> >but i really only need it to log for a couple of users.
> >any one have any ideas?

> It would probably help if you could tell the gentle readers of
> this newsgroup  what server you're using, on what platform.  They
> don't all work exactly the same way.

For example, some ftpd servers use a configuration file in
/etc/default, some have options compiled into them, etc.  The man
page for ftpd on the server is the place to start.

Quote:> [Note that answers to questions in newsgroups are not generally
> invitations to contact me personally for help in the future.]

This is a real reason for this follow-up posting.

True, but as a general principle posting in a public place is an
invitation for correspondance on the topic specific to that posting.
It is quite appropriate to read whatever "remove antispam to reply"
notes and send e-mail to a poster as long as that e-mail is on the
topic of the posting thread.  Usenet displays the poster's e-mail
address for this reason as a part of its original design and all
newsreaders I've ever used offer options to reply by posting or
reply by e-mail as a part of this original design.

That is, e-mail messages in response to a UseNet posting are
always allowed and never spam as long as they remain on topic.  Of
course, all e-mail reader software have easy ways to delete
messages, so if you send a direct e-mail there's never any
expectation that you'll get a response.  Over the years I've had
a lot of correspondance with people as a result of their
postings and mine, but correspondance on other topics is based
on mutual agreement.  A single posting and a returned response
to an e-mail question do not create an "ongoing relationship".

Posting in a public places isn't a general invitation for random
correspondance, though.  It doesn't constitute as an invitation
for "you asked to be added to our mailing list so this isn't spam"
messages, it isn't an invitation to request free consulting on
other topics, etc.

 
 
 

logging ftp sessions

Post by Alan J. Flavel » Sun, 14 Apr 2002 22:41:27


On Apr 11, Alun Jones inscribed on the eternal scroll:

Quote:> Here's my problem.  I post an answer over in comp.protocols.tcp-ip about
> someone's FTP problem, and I get an email in response from someone I've never
> heard of, who says "you were so good with that FTP problem, I wonder if you
> could tell me why my clothes dryer is making a funny noise"

With respect, I think all established Usenauts are familiar with that
scenario. But we don't all clutter up Usenet with a disclaimer on
every posting.

Quote:> Additionally, I get a lot of requests that are on-topic for the
> newsgroup, but are off-topic for my inbox.

That's a nice turn of phrase.

When I was new at this game, I used to send back what I thought to be
a quite diplomatically worded standard suggestion explaining that my
employer doesn't allow me to use my time giving one-to-one support
services, with or without payment, and suggesting some other sources
of assistance.

After this brought me a number of nastily-worded hate-mails, I took to
simply deleting requests for personal assistance, and, where I felt it
was appropriate, adding the sender to the mail client's killfile.

Quote:> I really don't run a free tech support service
> for all comers on all topics.

Do any of us?  Your motivation was always clear, but I've doubted the
utility of your particular measure.  If you'd worded it generically as
a public announcement, rather than wording it as if you were asking
for some personal privilege that wasn't due to other established
Usenet participants, perhaps I'd be more sympathetic.

Quote:>  I frequently provide free answers in the
> newsgroups, but I generally reserve my inbox for personal discussion or
> customer help.

Sure.  In what way does that single you out from the rest of us,
though?

[f'up group suggested]