ftpd and sshd logging of domain names

Len Conrad LConrad at Go2France.com
Sun Aug 24 22:19:36 UTC 2008

>At least for ftpd I think there is a solution:
>1. Edit /etc/inetd.conf
>         ftp     stream  tcp     nowait  root    /usr/libexec/ftpd 
>      ftpd -ll
>         ftp     stream  tcp6    nowait  root    /usr/libexec/ftpd 
>      ftpd -ll

with -ll, ftpd still logs failures as auth.log as

Aug 24 17:05:30 mx1 ftpd[1625]: FTP LOGIN FAILED FROM domain.tld, user

>    The flags -ll enable extended logging.
>2. Edit /etc/syslog.conf:
>         !ftpd
>         *.*                                             /var/log/ftpd.log
>3. Create the log file
>         # touch /var/log/ftpd.log

same in ftpd.log

>The IPs are being logged in the log file.

they are not logged.

>  I'm sure SSH
>allows something similar. If I remember correctly, this
>has recently been discussed at this list, maybe the archive
>brings up some helping informations for you.

thanks, I'll look.

like everybody else, we are getting hammered by brute force attacks.


More information about the freebsd-questions mailing list