From Bugzilla Helper: User-Agent: Mozilla/4.78 [en] (Win95; U) Description of problem: /etc/ftpaccess has: log transfers anonymous,real inbound,outbound log commands anonymous,guest,real log security anonymous,guest,real log syslog /etc/syslog.conf has: ftp.* /var/log/ftpd.log thus, all ftp activities are logged to both /var/log/messages & /var/log/ftpd.log The problem/bug: if you ftp to the box, and fail to login correctly the 1st time, it is logged in both /var/log/messages & /var/log/ftpd.log if you type "user username" from the ftp command line prompt and login correctly, /var/log/ftpd.log does not capture this... /var/log/messages does capture this, but the formatting is all whacked out...instead of 1 line, it's 1 long line with extra whitespace - the fields don't match either....furthermore, subsequent ftp commands are not logged to /var/log/ftpd.log... but are logged (in bad format) to /var/log/messages... but the whole point is to separate ftp messages from the messages file into its own ftpd.log file why doesn't syslog capture it into /var/log/ftpd.log correctly? Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. setup /etc/ftpaccess & /etc/syslog to be like mine above 2. in 2 windows: tail -f /var/log/messages, tail -f /var/log/ftpd.log 3. in another window, start ftp manually - ftp localhost - type in valid username - type-in-wrong-password - get the ftp> prompt - type in "user username" - type in correct password - look at the window with "tail -f /var/log/ftpd.log" - there's no further updates there... - look at the window with "tail -f /var/log/messages" - there's updates there - but badly formatted.... - in ftp window, type "dir" or "ls" or whatever, and notice that only 1 window is updated with syslog data.... Expected Results: /var/log/ftpd.log should have captured the subsequent ftp login & ftp commands... why does /var/log/messages capture it, but not ftpd.log? again: ftpd.log is the logfile specified in /etc/syslog.conf where the added entry is "ftp.* /var/log/ftpd.log" Additional info: is this a problem with syslogd? is this a problem with wu-ftpd? is this a problem with me?
I ran syslogd manually then did "kill -10 PID" and got it into debug mode I think what I noticed is that the "logmsg:" field changes from "ftp.info<94>" to "auth.notice<37>" to "auth.info<38>" and stays that way, even though I relogin correctly and proceed to type in ftp commands... below is extract from debug output of syslogd ... logmsg: ftp.info<94>, flags 2, from hostname, msg Nov 14 17:24:45 ftpd[4080]: PASS password called fprintlog, logging to FILE /var/log/messages called fprintlog, logging to FILE /var/log/ftpd.log ... logmsg: auth.notice<37>, flags 2, from hostname, msg Nov 14 17:24:46 PAM_unix[4080]: authentication failure; (uid=0) -> wlowe for system-auth service called fprintlog, logging to FILE /var/log/messages ... logmsg: auth.info<38>, flags 2, from hostname, msg Nov 14 17:24:50 ftpd: localhost: connected: USER wlowe ... [4080]: USER wlowe called fprintlog, logging to FILE /var/log/messages ... logmsg: auth.info<38>, flags 2, from hostname, msg Nov 14 17:24:52 ftpd: localhost: connected: IDLE ... [4080]: PASS password called fprintlog, logging to FILE /var/log/messages ... logmsg: auth.info<38>, flags 2, from hostname, msg Nov 14 17:24:52 ftpd: localhost: wlowe ... [4080]: FTP LOGIN FROM localhost [127.0.0.1], wlowe called fprintlog, logging to FILE /var/log/messages
Any progress on this?
I'm attaching a patch. It WORKSFORME, YMMV, etc., #include<stddisclaimer.h>.
Created attachment 57424 [details] Patch to fix syslog problems
Created attachment 93995 [details] Patch against wu-ftpd-2.6.2-11.73.1
Please use vsftpd, wu-ftpd is not maintained anymore.