From owner-freebsd-questions@FreeBSD.ORG Sun Aug 24 21:44:16 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 30B451065671 for ; Sun, 24 Aug 2008 21:44:16 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) by mx1.freebsd.org (Postfix) with ESMTP id 0938A8FC1C for ; Sun, 24 Aug 2008 21:44:15 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r55.edvax.de (port-92-195-21-147.dynamic.qsc.de [92.195.21.147]) by mx02.qsc.de (Postfix) with ESMTP id 6F22B16C018F; Sun, 24 Aug 2008 23:44:13 +0200 (CEST) Received: from r55.edvax.de (localhost [127.0.0.1]) by r55.edvax.de (8.14.2/8.14.2) with SMTP id m7OLiDej002257; Sun, 24 Aug 2008 23:44:13 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Sun, 24 Aug 2008 23:44:12 +0200 From: Polytropon To: Len Conrad Message-Id: <20080824234412.c4356260.freebsd@edvax.de> In-Reply-To: <200808242325843.SM01744@TX2.Go2France.com> References: <200808242325843.SM01744@TX2.Go2France.com> Organization: EDVAX X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: ftpd and sshd logging of domain names X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2008 21:44:16 -0000 On Sun, 24 Aug 2008 16:32:56 -0500, Len Conrad wrote: > Are there are any flags or tricks to get these two daemons to log IP > addresses of failed login attempts, rather than PTR hostnames? > > man ftpd > man sshd > > ... show nothing, afaics. At least for ftpd I think there is a solution: 1. Edit /etc/inetd.conf ftp stream tcp nowait root /usr/libexec/ftpd ftpd -ll ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll The flags -ll enable extended logging. 2. Edit /etc/syslog.conf: !ftpd *.* /var/log/ftpd.log 3. Create the log file # touch /var/log/ftpd.log 4. Optionally: Edit /etc/newsyslog.conf for preferred log rotation. The IPs are being logged in the log file. I'm sure SSH allows something similar. If I remember correctly, this has recently been discussed at this list, maybe the archive brings up some helping informations for you. -- Polytropon >From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...