Date: Sun, 24 Aug 2008 17:18:55 -0500 From: Len Conrad <LConrad@Go2France.com> To: freebsd-questions@freebsd.org Subject: Re: ftpd and sshd logging of domain names Message-ID: <200808250011937.SM01744@TX2.Go2France.com> In-Reply-To: <20080824234412.c4356260.freebsd@edvax.de> References: <200808242325843.SM01744@TX2.Go2France.com> <20080824234412.c4356260.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
>At least for ftpd I think there is a solution: > >1. Edit /etc/inetd.conf > > ftp stream tcp nowait root /usr/libexec/ftpd > ftpd -ll > ftp stream tcp6 nowait root /usr/libexec/ftpd > ftpd -ll with -ll, ftpd still logs failures as auth.log as Aug 24 17:05:30 mx1 ftpd[1625]: FTP LOGIN FAILED FROM domain.tld, user > The flags -ll enable extended logging. > >2. Edit /etc/syslog.conf: > > !ftpd > *.* /var/log/ftpd.log > >3. Create the log file > > # touch /var/log/ftpd.log same in ftpd.log >The IPs are being logged in the log file. they are not logged. > I'm sure SSH >allows something similar. If I remember correctly, this >has recently been discussed at this list, maybe the archive >brings up some helping informations for you. thanks, I'll look. like everybody else, we are getting hammered by brute force attacks. thanks Len
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808250011937.SM01744>