41.10. Configuring Logging

In a typical default configuration, WU-FTPD will log all uploads and downloads to the /var/log/xferlog file. You can, however, choose the types of users for which logging will be done (UNIX, anonymous, or guest), have the log written to syslog instead and select to record commands that are security violations for some types of users. Logging to the system log gives you more flexibility, as you can choose which file messages are written to, although they will be mixed in with other daemon facility messages. See Chapter 13 and the System Logs module for more information on how syslog works and to which files it ultimately writes.

Enabling the logging of all commands allows you to track exactly what clients are doing, but it can consume a large amount of disk space. The logging of security violations (attempts to violate WU-FTPD's file restrictions, covered in Section 41.6 “Denying Access to Files”) can be useful for detecting hackers and is unlikely to use up much space, as such violations are not usually very frequent.

To edit FTP logging-related options in Webmin, follow these steps:

1.
On the module's main page, click on the Logging icon to bring up the small logging options form.

2.
To have all FTP commands executed by clients (including trivial ones such as CWD and LIST) recorded in the system log, select types of users for which they should be logged from the Log all commands for field.

3.
To change the types of users for whom transfer logging is done, select them from the Log transfers for field. The In directions subfield lets you choose whether uploads (Inbound), downloads (Outbound), or Both are recorded. On an anonymous FTP server, it may make sense to only record uploads due to the large number of downloads.

4.
To have transfers written to syslog, select System log in the Log transfers to field. Or, to tell WU-FTPD to write to the /var/log/xferlog file instead, select XFER log file. If Both is chosen, transfers will be logged to both destinations. If you want to use a program like Webalizer (covered in Chapter 39) to analyze your FTP server's logs, they must be written to xferlog as the lines that end up being written out by syslog have additional information added and thus cannot be parsed.

Anything written to the system log will use the daemon facility, unless WU-FTPD has been compiled to use a different one, such as local7. This can in fact be quite useful, as it allows you to separate out the FTP messages and have them written to a different file while still enjoying all the benefits of syslog.

Table 41.1. Codes Usable in Message Files
%TLocal time on the server, formatted like Thu Nov 15 17:12:42 1990
%FFree space on the filesystem of the current directory, in kilobytes
%CThe current working directory
%EThe maintainer's email address
%RRemote host name
%LLocal host name
%uRemote username as determined via ident authentication
%UUsername given at log in time
%MMaximum allowed number of users in this class
%NCurrent number of users in this class
%BAbsolute limit on disk blocks allocated
%bPreferred limit on disk blocks
%QCurrent block count
%IMaximum number of allocated inodes (+1)
%iPreferred inode limit
%qCurrent number of allocated inodes
%HTime limit for excessive disk use
%hTime limit for excessive file use

5.
To enable the logging of attempted filename security violations, select the types of users for which this should be enabled from the Log security violations for field. These will always be written to syslog.

6.
Click the Save button at the bottom of the page to save and activate the new logging settings.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.54.7