Log All User Issued Commands

This line enables logging for all commands issued by the user:

log commands [<typelist>]

typelist is a comma-separated list of anonymous , guest , and real . If no typelist is given, commands are logged for all users. Some wu-ftpd packages set the logging of all file transfers to /var/log/xferlog (see the next section). However, you can add the log command to ftpaccess with the commands keyword to capture user actions. Logging will then be turned on and user actions captured in /var/log/messages . Here is an example of a sample log file:

[View full width]Oct 6 12:21:42 shuttle2 ftpd[5229]: USER anonymous

Oct 6 12:21:51 shuttle2 ftpd[5229]: PASS [email protected]

Oct 6 12:21:51 shuttle2 ftpd[5229]: ANONYMOUS FTP LOGIN FROM 192.168.2.31 [192.168.2.3

[email protected]

Oct 6 12:21:51 shuttle2 ftpd[5229]: SYST

Oct 6 12:21:54 shuttle2 ftpd[5229]: CWD pub

Oct 6 12:21:57 shuttle2 ftpd[5229]: PASV

Oct 6 12:21:57 shuttle2 ftpd[5229]: LIST

Oct 6 12:21:59 shuttle2 ftpd[5229]: QUIT

Oct 6 12:21:59 shuttle2 ftpd[5229]: FTP session closed

The example log shows the username and password entries for an anonymous login. The CWD entry shows that a cd command is used to navigate to the pub directory. Note that the commands shown do not necessarily reflect the syntax the user typed in, but instead list corresponding system calls the FTP server received. For example, the list enTRy is actually the ls command.

0 0

Post a comment