Date: Sun, 24 Aug 2008 23:44:12 +0200 From: Polytropon <freebsd@edvax.de> To: Len Conrad <LConrad@Go2France.com> Cc: freebsd-questions@freebsd.org Subject: Re: ftpd and sshd logging of domain names Message-ID: <20080824234412.c4356260.freebsd@edvax.de> In-Reply-To: <200808242325843.SM01744@TX2.Go2France.com> References: <200808242325843.SM01744@TX2.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 24 Aug 2008 16:32:56 -0500, Len Conrad <LConrad@Go2France.com> wrote: > Are there are any flags or tricks to get these two daemons to log IP > addresses of failed login attempts, rather than PTR hostnames? > > man ftpd > man sshd > > ... show nothing, afaics. At least for ftpd I think there is a solution: 1. Edit /etc/inetd.conf ftp stream tcp nowait root /usr/libexec/ftpd ftpd -ll ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll The flags -ll enable extended logging. 2. Edit /etc/syslog.conf: !ftpd *.* /var/log/ftpd.log 3. Create the log file # touch /var/log/ftpd.log 4. Optionally: Edit /etc/newsyslog.conf for preferred log rotation. The IPs are being logged in the log file. I'm sure SSH allows something similar. If I remember correctly, this has recently been discussed at this list, maybe the archive brings up some helping informations for you. -- Polytropon >From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080824234412.c4356260.freebsd>