Kamis, Januari 14, 2010

Logging di ProFTP Server

ProFTP server mempunyai beberapa log*:

  • session log (/var/log/secure)
Contoh isinya:

Jan 10 22:57:57 svr1 proftpd[2770]: svr1.trj.co.id (::ffff:168.12.2.4[::ffff:168.12.2.4]) - ANON ftp: Login successful.
Jan 10 15:57:57 svr1 proftpd[2770]: svr1.trj.co.id (::ffff:168.12.2.4[::ffff:168.12.2.4]) - Preparing to chroot to directory '/var/ftp'
Jan 10 15:57:59 svr1 proftpd[2770]: svr1.trj.co.id (::ffff:168.12.2.4[::ffff:168.12.2.4]) - FTP session closed.
Jan 11 07:39:40 svr1 proftpd: Deprecated pam_stack module called from service "proftpd"
Jan 11 07:39:40 svr1 last message repeated 2 times
Jan 11 07:39:40 svr1 proftpd: pam_unix(proftpd:session): session opened for user userftp by (uid=0)
Jan 11 07:39:40 svr1 proftpd: Deprecated pam_stack module called from service "proftpd"
Jan 11 07:39:40 svr1 proftpd[10005]: svr1.trj.co.id (::ffff:168.2.76.209[::ffff:168.2.76.209]) - USER ftpuser: Login successful.
Jan 11 00:39:40 svr1 proftpd[10005]: svr1.trj.co.id (::ffff:168.2.76.209[::ffff:168.2.76.209]) - Preparing to chroot to directory '/mnt/data13/webroot'

  • operation log (/var/log/proftpd/opr.log)
contoh isinya sbb:

::ffff:168.16.6.6 UNKNOWN ftp [14/Jan/2010:01:33:16 +0000] "MKD tempo" 257 -
::ffff:168.16.6.6 UNKNOWN ftp [14/Jan/2010:01:33:41 +0000] "RMD tempo" 250 -
::ffff:168.16.6.6 UNKNOWN ftp [14/Jan/2010:01:35:39 +0000] "STOR Screenshot.png" 226 183426
::ffff:168.16.6.6 UNKNOWN ftp [14/Jan/2010:01:36:18 +0000] "RETR Screenshot.png" 226 183426
::ffff:168.16.6.6 UNKNOWN ftp [14/Jan/2010:01:36:47 +0000] "DELE Screenshot.png" 250 -
::ffff:168.16.6.6 UNKNOWN ftp [14/Jan/2010:01:48:13 +0000] "RETR /JIN-Online/" 550 -

  • Transfer log (/var/log/xferlog)
contoh isinya sbb:

Thu Jan 14 01:35:39 2010 0 ::ffff:168.12.16.200 183426 /var/ftp/JIN-Online/Screenshot.png b _ i a ^[[A ftp 0 * c
Thu Jan 14 01:36:18 2010 0 ::ffff:168.12.16.200 183426 /var/ftp/JIN-Online/Screenshot.png b _ o a ^[[A ftp 0 * c
Thu Jan 14 01:36:47 2010 0 ::ffff:168.12.16.200 183426 /var/ftp/JIN-Online/Screenshot.png a _ d a ^[[A ftp 0 * c

Cukup kira-kira untuk memonitor FTP server. Tinggal nyari log Viewer yang memadai agar hidup lebih indah.. :-)

* CentOS 5.3 x64.
** nama berkas log bisa beda, tergantung OS dan konfigurasinya.

Tidak ada komentar: