Logging user FTP activity 1

[ggitlin]

Hi,
One of our clients wants to monitor users' FTp activity on AIX 4.3.3 ML9 for files sent from the system to a remote server. The thing they want monitored are user name, time transfer initiated, and file name(s) transferred. I tried using 'last' command, but it does not have file names. The syslog.conf file monitors only incoming connections (correct me if I am wrong). Any suggestions appreciated.

 

[gileb]

I installed wu ftp on my aix systems just to have verbose logs. i don't know if theres an other way, with native ftpd... maybe you can use a wrapper like tcpwrapper, and tcpwrapper's logging system ?

 

[gheist]

default AIX ftpd logs its actions to syslog
so - review /etc/syslog.conf
touch respective logfiles in /var/msgs and make them root owned&writable

run smitty syslogd and configure it to run now& at boot

you may adjust syslog.conf &referesh syslogd later if logging level seems insufficien

I prefer using proftpd as it has fewer bugs than wu and most of them can be worked around in config files, not changing binaries

 

[ggitlin]

gheist,

Followed the instructions, but no activity is being logged into the logfile. Any ideas?

 

[gheist]

if you want something more - raise daemon to debug or filter on host
i wrote some syslog.conf example - but i am stil not sure if it offers xferlog functionality

auth.debug<tab><tab>/var/msgs/auth_log
daemon.info<tab><tab>/var/msgs/daemons
mark.info<tab><tab>/var/msgs/timeline

 

[ggitlin]

Will give it a go. Thank you.