/var/log/vsftpd.log thường có nhiều thông báo CONNECT đáng ngờ từ những IP lạ gây bối rối cho người dùng.
Cấu hình log qua /etc/vsftpd.conf
- syslog_enable=NO #writes directly to log file instead
- log_ftp_protocol=NO #Logs everything passing between client and ftp service
- xferlog_enable=YES #Logs the uploads and downloads and the username of which has done this.
- vsftpd_log_file=… #Specifies where i want the log file to be written
- xferlog_std_format=YES/NO #currently have this set yo yes need to play with it a bit more to find if its actually any use or not.
- xferlog_file=… #Don’t know if this is really required, again need to play, doesn’t seem to log anything overly helpful
- dual_log_enable=YES #enables logging in both vsftpd or xfer logging styles, vsftpd looks better so far
Sau đây là những thông báo thường gặp:
Mon Jul 10 15:51:17 2006 [pid 26152] CONNECT: Client "220.127.116.11"
Mon Aug 21 14:33:24 2006 [pid 20175] [dcid] FAIL LOGIN: Client "127.0.0.1"
Mon Aug 21 14:37:23 2006 [pid 20293] [dcid] OK LOGIN: Client "127.0.0.1"
Mon Aug 21 14:32:06 2006 [pid 20127] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lala@"
Sun Aug 27 16:28:20 2006 [pid 13962] [xx] OK UPLOAD: Client "18.104.22.168", "/a.php", 8338 bytes, 18.77Kbyte/sec