log users who ftp into QNX machine

rashidmirza · September 7, 2010, 12:18pm

I would like to know if there is a facility in QNX ( i am using 6.3.0), where a log is created of the users who FTP into or out of a QNX machine.
I was under the impression, that users get written to /var/log/syslog, but this is incorrect.
Any suggestions, advice.

Tim · September 7, 2010, 4:58pm

rashidmirza

There is a -l option to ftpd (the daemon process that listens for ftp request) to log to the syslog.

Since ftpd is launched by inetd, look in the /etc/inetd.conf file. In there you’ll see where ftpd is launched. Add the -l option to that launch. That should do it.

Tim

rashidmirza · September 7, 2010, 5:54pm

hi

in my inetd.conf, enabled the line for ftpd with -ll option.
stopped the inetd service, and restarted it.
did several ftp ito the QNX machine, but no logs created in /var/log/syslog…

Tim · September 7, 2010, 6:50pm

rashidmirza,

By default, the system logger ‘slogger’ only logs to RAM not to a file. Use the ‘sloginfo’ command to view what’s logged current in memory. I suspect you’ll find the ftp log data being logged.

Then start slogger with the -l and -f commands in order to log to an actual file.

Tim

rashidmirza · September 8, 2010, 5:46am

Hi Tim

made some progress, did the following:
slayed the slogger
then:
slogger -l /var/log/ftpd.log
(created the file ftpd.log first)

when i do a ftp into the machine, in the file ftpd.log i see the following:
$Lnpm-qnet(L4): en ionet rx up(): no L4 found for rxd pkt c 1 e 2 i 0

I dont really see any USER info (of the person who did a ftp into the machine)

rashidmirza · September 8, 2010, 5:55am

I would like to make a correction to my previous reply,
not sure if the file ftpd.log is correctly logging when i ftp into the machine, but the file size is increasing, even when i dont ftp into the system.

rashidmirza · September 8, 2010, 7:12am

solved the above mentioned issue by doing the following:
mount -Tio-net npm-qnet.so

did a ftp into the system, and monitored the syslog file, and noticed the following:
Sep 08 13:18:54 nto inetd[233490-1]: ftp/tcp6: *: the address family is not supported by the kernel

dont know if i am heading in the right direction.

rashidmirza · September 8, 2010, 7:23am

again a correction, when i slayed the ftpd service and restarted it with a -l option, thats when i got the above entry in syslog.
that means, when i ftp into or out of the qnx system, there is not entry being created anywhere.

Tim · September 8, 2010, 2:48pm

Rashidmirza,

The system logger is going to log events from every process that is running. That’s why you see other information in there besides just ftp stuff.

If you just want ftp data try using the -u option with ftpd instead of -l which logs to /var/run/utmp.

If you are determined to use slogger, I’d try altering the severity of the errors filtered by slogger by changing the -f option (try 0 and 7). Also the more l’s you add after ftpd the more information that gets logged. It’s possible one l isn’t enough.

Incidentally, ftping OUT of your QNX box is not going to generate any log messages because ftp doesn’t log, only the receiving deamon does.

Tim

rashidmirza · September 8, 2010, 3:24pm

hi

as suggested i added the -u option, slayed the inetd service and started it.
i noticed i dont have a /var/run/utmp file, but the utmp file is in /var/log.

the /var/log/utmp is empty in size, even though i did a ftp into the machine, and did a ‘get’ file.

Tim · September 8, 2010, 4:40pm

Rashidmirza

That suggests only 2 possibilities.

The -u/-l options were added incorrectly in the inetd.conf file
The -u option AND the -l option to ftpd don’t work.

I find #2 to be unlikely given that ftpd is probably ported from a common open source. In fact you could likely get the ftpd source from the QNX repository on foundry27 and compile it yourself.

Have you tried slaying inetd and just manually starting ftpd with the -l or -u option and then ftping into the box? It would be a quick and dirty test to see if it’s logging or not.

Tim

rashidmirza · September 8, 2010, 5:28pm

'Have you tried slaying inetd and just manually starting ftpd with the -l or -u option and then ftping into the box? It would be a quick and dirty test to see if it’s logging or not. ’
i have tried this, but not working as yet.
i am now thinking of downloading pure-FTPd and tring it out.

my ftp line from inetd.conf is :
ftp stream tcp6 nowait root /usr/sbin/ftpd ftpd -ll -u

the line i see in syslog worries me:
Sep 08 13:18:54 nto inetd[233490-1]: ftp/tcp6: *: the address family is not supported by the kernel

i am trying to understand what this means.

does the QNX repository need permissions to access?

rashidmirza · September 8, 2010, 6:49pm

made some progress, installed pure-ftpd in QNX environment, under /usr/sbin.
executed pure-ftpd with -d option.
slayed inetd.
did a ftp into the qnx machine, and referred to var/log/syslog, and saw the entry!!
i hope this worked with fptd…(:

Tim · September 8, 2010, 8:47pm

Rashidmirza,

You are trying to use ftp with IPV6. The kernel is saying it only supports IPV4. In the inetd.conf file (mine at least) there are 2 ftp entries. One specifying tcp4 near the top and another later on tcp6. You might trying changing just to tcp4 and see if that helps.

On the other hand you appear to have pure-ftpd working. So you should be able to just modify your ftpd entry in inetd.conf to call pure-ftpd.

Tim

rashidmirza · September 9, 2010, 6:13am

Hello

its works, like you suggested, IP4 is supported, and all this time i have been adding the options to the IP6 ftp entry in inetd.conf…

thanks