speicher@mitre.arpa (02/09/88)
I manage a VAX 11/785 running Ultrix 1.2. The inet daemon on this system looks at the file "/etc/inetd.conf" to determine what internet daemons run (telnet, ftp, etc) and what pathnames to use when calling them. Here's what the entry for ftpd looks like: ftp stream tcp nowait /etc/ftpd ftpd The manual entry for the config file says that you can append options to the last item in the list. I assume that the last occurrence of "ftpd" in this list is argv[0] when the program is called by inetd. The manual for the ftp daemon (ftpd) says that ftpd can be invoked with a "-l" option to log transactions to the standard output. Hence, they recommend: /etc/ftpd -l > logfile to log transactions. Here is my problem. Changing the line to read: ftp stream tcp nowait /etc/ftpd ftpd -l > logfile won't work because the ">" gets passed directly to ftpd. Any suggestions? Clay Speicher - speicher@mitre.arpa
chris@trantor.umd.edu (Chris Torek) (02/09/88)
In article <11726@brl-adm.ARPA> speicher@mitre.arpa writes: >The manual for the [Ultrix x.y] ftp daemon (ftpd) says that ftpd can >be invoked with a -l" option to log transactions to the standard output. >ftp stream tcp nowait /etc/ftpd ftpd -l > logfile > >won't work because the ">" gets passed directly to ftpd. > >Any suggestions? Try ftp stream tcp nowait /etc/ftpd.logging ftpd with /etc/ftpd.logging being an executable shell script: #! /bin/sh exec /etc/ftpd -l >> /somewhere/logfile In-Real-Life: Chris Torek, Univ of MD Computer Science, +1 301 454 7163 (hiding out on trantor.umd.edu until mimsy is reassembled in its new home) Domain: chris@mimsy.umd.edu Path: not easily reachable
fisherjm@iris.UCDavis.EDU (John M. Fisher) (06/05/91)
I am interested in an FTP logging utility. That is, I wish to record information about people connecting. This information would be such things as: the user's name, source address (email and US), files taken or put up, etc. Of course, the name and address will require an initial questionaire. Therefore, I need to do two things: 1) How do I get a program to run each time a user connects to my ftp site? This program would ask questions about the caller. 2) Are there any systems available for logging file transactions? Or, perhaps even better, is there a way to completely capture the entire session of a user? Thanks, John
mouse@thunder.mcrcim.mcgill.edu (der Mouse) (06/06/91)
In article <9107@ucdavis.ucdavis.edu>, fisherjm@iris.UCDavis.EDU (John M. Fisher) writes: > I am interested in an FTP logging utility. That is, I wish to record > information about people connecting. This information would be such > things as: the user's name, source address (email and US), files > taken or put up, etc. Of course, the name and address will require > an initial questionaire. (It's a relief to read that last sentence. Many people would have expected to be able to determine that automatically.) You do, I hope, realize that there is no way to tell whether the user is telling the truth about anything (except the machine from which the connection occurs). > Therefore, I need to do two things: > 1) How do I get a program to run each time a user connects to my ftp > site? This program would ask questions about the caller. This program is normally called ftpd. I don't know how you expect to conduct an interactive dialog with the user, since the FTP protocol does not provide any such facilities. You're going to have to hack on ftpd. (If your vendor didn't supply source, you shouldn't trust the binary anyway; in any case, fetch the Berkeley ftpd and use that as a base to build upon.) Also note that such extensive questioning is *not* the norm and is apt to be looked at somewhat askance. *I* certainly would go to fair lengths to avoid using such a site. (I consider those sites that require "an email address" as the password excessive - there are a few such in Europe.) > 2) Are there any systems available for logging file transactions? > Or, perhaps even better, is there a way to completely capture the > entire session of a user? Our ftpd logs all anonymous sessions through syslog. This involves a handful of changes - a variable (which may already exist - I don't recall offhand) to remember whether an anonymous session is in progress and a call to syslog for every command received. On our machine I had to hack syslog(), too, so it worked when under the influence of chroot, but that was fairly straightforward. I can run diff and mail patches, but it's doubtful of how much benefit they will be to anyone.... der Mouse old: mcgill-vision!mouse new: mouse@larry.mcrcim.mcgill.edu
hp@vmars.tuwien.ac.at (Peter Holzer) (06/07/91)
mouse@thunder.mcrcim.mcgill.edu (der Mouse) writes: >Our ftpd logs all anonymous sessions through syslog. This involves a >handful of changes - a variable (which may already exist - I don't >recall offhand) to remember whether an anonymous session is in progress >and a call to syslog for every command received. On our machine I had >to hack syslog(), too, so it worked when under the influence of chroot, >but that was fairly straightforward. The newest version of the Berkeley ftpd does this also if called with the -a flag. We installed it last week, and it is interesting to see what files are fetched most and from where people are connecting. -- | _ | Peter J. Holzer | Think of it | | |_|_) | Technical University Vienna | as evolution | | | | | Dept. for Real-Time Systems | in action! | | __/ | hp@vmars.tuwien.ac.at | Tony Rand |
guenther@vmars.tuwien.ac.at (Guenther Leber) (06/07/91)
In <1991Jun6.183642.11413@email.tuwien.ac.at> hp@vmars.tuwien.ac.at (Peter Holzer) writes: >The newest version of the Berkeley ftpd does this also if called with >the -a flag. No! The ftpd I got from relay.cs.toronto.edu is a BSD-ftpd of 1989 with additional hacks (the -a flag) for logging anonymous ftp sessions. It also contained a bug. I corrected this bug and made the new version available for anonymous ftp at ftp.vmars.tuwien.ac.at [128.130.39.16] in /pub/unix/ftpd.tar.Z. > We installed it last week, and it is interesting to see what files >are fetched most and from where people are connecting. It is indeed interesting! -- Guenther H. Leber Technical University Vienna Voice: +43/222/58801-8176 Dept. for Real-Time Systems Fax: +43/222/569149 E-mail: guenther@vmars.tuwien.ac.at All eyes were on Ford Prefect, some of them were on stalks.