On Sun, 24 Aug 2008 16:32:56 -0500, Len Conrad <[EMAIL PROTECTED]> wrote:
> Are there are any flags or tricks to get these two daemons to log IP 
> addresses of failed login attempts, rather than PTR hostnames?
> man ftpd
> man sshd
> ... show nothing, afaics.

At least for ftpd I think there is a solution:

1. Edit /etc/inetd.conf

        ftp     stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -ll
        ftp     stream  tcp6    nowait  root    /usr/libexec/ftpd       ftpd -ll

   The flags -ll enable extended logging.

2. Edit /etc/syslog.conf:

        *.*                                             /var/log/ftpd.log

3. Create the log file

        # touch /var/log/ftpd.log

4. Optionally: Edit /etc/newsyslog.conf for preferred log

The IPs are being logged in the log file. I'm sure SSH
allows something similar. If I remember correctly, this
has recently been discussed at this list, maybe the archive
brings up some helping informations for you.

>From Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to