ftpd and sshd logging of domain names
Len Conrad
LConrad at Go2France.com
Sun Aug 24 22:19:36 UTC 2008
>At least for ftpd I think there is a solution:
>
>1. Edit /etc/inetd.conf
>
> ftp stream tcp nowait root /usr/libexec/ftpd
> ftpd -ll
> ftp stream tcp6 nowait root /usr/libexec/ftpd
> ftpd -ll
with -ll, ftpd still logs failures as auth.log as
Aug 24 17:05:30 mx1 ftpd[1625]: FTP LOGIN FAILED FROM domain.tld, user
> The flags -ll enable extended logging.
>
>2. Edit /etc/syslog.conf:
>
> !ftpd
> *.* /var/log/ftpd.log
>
>3. Create the log file
>
> # touch /var/log/ftpd.log
same in ftpd.log
>The IPs are being logged in the log file.
they are not logged.
> I'm sure SSH
>allows something similar. If I remember correctly, this
>has recently been discussed at this list, maybe the archive
>brings up some helping informations for you.
thanks, I'll look.
like everybody else, we are getting hammered by brute force attacks.
thanks
Len
More information about the freebsd-questions
mailing list