VSFTPD überwachen

[Serow]

Hi,
ich schreibe mir gerade ein kleines Tool, das die /var/log/vsftpd.log auswertet. Dabei ist mir aufgefällen, dass logouts nicht gelogt werden.
Hier eine Abfolge von Befehlen und der Log dazu:

mathias@mathias-laptop:~$ ftp localhost
Connected to localhost.
220 (vsFTPd 2.0.4)
Name (localhost:mathias): mathias
234 Proceed with negotiation.
[SSL Cipher DES-CBC3-SHA]
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mkdir test
257 "/home/mathias/test" created
ftp> quit
221 Goodbye.
mathias@mathias-laptop:~$

mathias@mathias-laptop:~$ sudo tail -f /var/log/vsftpd.log
Fri Feb 23 14:52:39 2007 [pid 8998] CONNECT: Client "127.0.0.1"
Fri Feb 23 14:52:43 2007 [pid 8997] [mathias] OK LOGIN: Client "127.0.0.1"
Fri Feb 23 14:52:48 2007 [pid 9000] [mathias] OK MKDIR: Client "127.0.0.1", "/home/mathias/test"

Seht ihr? Das "quit" wird nicht gelogt. Wie kann ich also rausfinden, wer gerade verbunden ist?

mfg
serow

 

[Opa Knack]

Probier doch mal in Deiner vsftpd.conf ein

log_ftp_protocol=YES

aus. Damit sollen alle Aktivitäten geloggt werden

Greets
Franky

 

[Serow]

Danke so klappts! Der FileZilla schein kein QUIT zu senden aber egal. In der Theorie klappts zumindest:

Sat Feb 24 10:23:49 2007 [pid 5571] CONNECT: Client "127.0.0.1"
Sat Feb 24 10:23:49 2007 [pid 5571] FTP response: Client "127.0.0.1", "220 (vsFTPd 2.0.4)"
Sat Feb 24 10:23:50 2007 [pid 5571] FTP command: Client "127.0.0.1", "AUTH SSL"
Sat Feb 24 10:23:50 2007 [pid 5571] FTP response: Client "127.0.0.1", "234 Proceed with negotiation."
Sat Feb 24 10:23:50 2007 [pid 5571] FTP command: Client "127.0.0.1", "USER mathias"
Sat Feb 24 10:23:50 2007 [pid 5571] [mathias] FTP response: Client "127.0.0.1", "331 Please specify the password."
Sat Feb 24 10:23:51 2007 [pid 5571] [mathias] FTP command: Client "127.0.0.1", "PASS <password>"
Sat Feb 24 10:23:51 2007 [pid 5570] [mathias] OK LOGIN: Client "127.0.0.1"
Sat Feb 24 10:23:51 2007 [pid 5574] [mathias] FTP response: Client "127.0.0.1", "230 Login successful."
Sat Feb 24 10:23:51 2007 [pid 5574] [mathias] FTP command: Client "127.0.0.1", "SYST"
Sat Feb 24 10:23:51 2007 [pid 5574] [mathias] FTP response: Client "127.0.0.1", "215 UNIX Type: L8"
Sat Feb 24 10:23:53 2007 [pid 5574] [mathias] FTP command: Client "127.0.0.1", "PORT 127,0,0,1,217,2"
Sat Feb 24 10:23:53 2007 [pid 5574] [mathias] FTP response: Client "127.0.0.1", "200 PORT command successful. Consider using PASV."
Sat Feb 24 10:23:53 2007 [pid 5574] [mathias] FTP command: Client "127.0.0.1", "LIST"
Sat Feb 24 10:23:53 2007 [pid 5574] [mathias] FTP response: Client "127.0.0.1", "150 Here comes the directory listing."
Sat Feb 24 10:23:53 2007 [pid 5574] [mathias] FTP response: Client "127.0.0.1", "226 Directory send OK."
Sat Feb 24 10:23:56 2007 [pid 5574] [mathias] FTP command: Client "127.0.0.1", "QUIT"
Sat Feb 24 10:23:56 2007 [pid 5574] [mathias] FTP response: Client "127.0.0.1", "221 Goodbye."