In a typical default configuration, WU-FTPD will log all uploads and downloads to the /var/log/xferlog file. You can, however, choose the types of users for which logging will be done (UNIX, anonymous, or guest), have the log written to syslog instead and select to record commands that are security violations for some types of users. Logging to the system log gives you more flexibility, as you can choose which file messages are written to, although they will be mixed in with other daemon facility messages. See Chapter 13 and the System Logs module for more information on how syslog works and to which files it ultimately writes.
Enabling the logging of all commands allows you to track exactly what clients are doing, but it can consume a large amount of disk space. The logging of security violations (attempts to violate WU-FTPD's file restrictions, covered in Section 41.6 “Denying Access to Files”) can be useful for detecting hackers and is unlikely to use up much space, as such violations are not usually very frequent.
To edit FTP logging-related options in Webmin, follow these steps:
1. | |||||||||||||||||||||||||||||||||||||
2. | |||||||||||||||||||||||||||||||||||||
3. | To change the types of users for whom transfer logging is done, select them from the Log transfers for field. The In directions subfield lets you choose whether uploads (Inbound), downloads (Outbound), or Both are recorded. On an anonymous FTP server, it may make sense to only record uploads due to the large number of downloads. | ||||||||||||||||||||||||||||||||||||
4. | To have transfers written to syslog, select System log in the Log transfers to field. Or, to tell WU-FTPD to write to the /var/log/xferlog file instead, select XFER log file. If Both is chosen, transfers will be logged to both destinations. If you want to use a program like Webalizer (covered in Chapter 39) to analyze your FTP server's logs, they must be written to xferlog as the lines that end up being written out by syslog have additional information added and thus cannot be parsed. Anything written to the system log will use the daemon facility, unless WU-FTPD has been compiled to use a different one, such as local7. This can in fact be quite useful, as it allows you to separate out the FTP messages and have them written to a different file while still enjoying all the benefits of syslog.
| ||||||||||||||||||||||||||||||||||||
5. | To enable the logging of attempted filename security violations, select the types of users for which this should be enabled from the Log security violations for field. These will always be written to syslog. | ||||||||||||||||||||||||||||||||||||
6. |
3.145.54.7