Hello Devon,

On Tue, 13 Dec 2005 08:06:06 -0500 Devon Harding devonharding@gmail.com wrote:

Anyone?

On 12/12/05, Devon Harding devonharding@gmail.com wrote:

...

Is there any way to monitor vsftpd traffic? Like ftpwho?

At least some ones are listening :-) (I'd also like to know)

Google told me: http://www.cse.iitb.ac.in/nilesh/linux/ftpmonitor/?w=help

Maybe you could get better answer from the IRC channel or the forum (have a look at the bottom page): http://vsftpd.beasts.org/

Regards,

Hello Mike,

On Tue, 13 Dec 2005 08:09:07 -0600 Mike Klinke lsomike@futzin.com wrote:

On Monday 12 December 2005 19:01, Devon Harding wrote:

...

Is there any way to monitor vsftpd traffic?  Like ftpwho?

Monitoring at the packet level? .... tcpdump port 21

Other points/levels of monitoring depend on how you have vsftpd confiured:

At the login level you can monitor /var/log/messages

tail -f /var/log/messages | grep pam_userdb

if you have virtual users set up.

At the file transfer level you can monitor your xferlog file if you've configured this logging mechanism.

Also at the login level you can set up vsftpd to run under xinetd and log user, host, etc by watching /var/log/secure

tail -f /var/log/secure | grep vsftpd

I've been told that tail'ing logs is not pertinent on overloaded machines.. maybe smth like proftp's ftptop would help (show online users, current d/l and u/l, rates, etc.).

Regards,

Will ftptop work with vsftpd?

On 12/13/05, wwp subscript@free.fr wrote:

Hello Mike,

On Tue, 13 Dec 2005 08:09:07 -0600 Mike Klinke lsomike@futzin.com wrote:

...

On Monday 12 December 2005 19:01, Devon Harding wrote:

...

Is there any way to monitor vsftpd traffic? Like ftpwho?

Monitoring at the packet level? .... tcpdump port 21

Other points/levels of monitoring depend on how you have vsftpd confiured:

At the login level you can monitor /var/log/messages

tail -f /var/log/messages | grep pam_userdb

if you have virtual users set up.

At the file transfer level you can monitor your xferlog file if you've configured this logging mechanism.

Also at the login level you can set up vsftpd to run under xinetd and log user, host, etc by watching /var/log/secure

tail -f /var/log/secure | grep vsftpd

I've been told that tail'ing logs is not pertinent on overloaded machines.. maybe smth like proftp's ftptop would help (show online users, current d/l and u/l, rates, etc.).

Regards,

-- wwp

-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

I hear there were some security issues with proftpd.

On 12/16/05, wwp subscript@free.fr wrote:

Hello Devon,

On Thu, 15 Dec 2005 19:36:44 -0500 Devon Harding devonharding@gmail.com wrote:

...

Will ftptop work with vsftpd?

I wouldn't bet on this (excerpts from online man page): ftptop - display running status on proftpd server connections

Moreover, google reported many threads about people switching to proftpd to get benefit of those ftptop/ftpwho/etc. tools. It remain 3 possibilities now: either you find someone who already did a ftptop-like thing, or you program/script it, or send a feature request to the author..

Regards,

...

On 12/13/05, wwp subscript@free.fr wrote:

...

Hello Mike,

On Tue, 13 Dec 2005 08:09:07 -0600 Mike Klinke lsomike@futzin.com wrote:

...

On Monday 12 December 2005 19:01, Devon Harding wrote:

...

Is there any way to monitor vsftpd traffic? Like ftpwho?

Monitoring at the packet level? .... tcpdump port 21

Other points/levels of monitoring depend on how you have vsftpd confiured:

At the login level you can monitor /var/log/messages

tail -f /var/log/messages | grep pam_userdb

if you have virtual users set up.

At the file transfer level you can monitor your xferlog file if you've configured this logging mechanism.

Also at the login level you can set up vsftpd to run under xinetd and log user, host, etc by watching /var/log/secure

tail -f /var/log/secure | grep vsftpd

I've been told that tail'ing logs is not pertinent on overloaded machines.. maybe smth like proftp's ftptop would help (show online users, current d/l and u/l, rates, etc.).

Regards,

-- wwp

-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

-- wwp

-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

On Tue, 2006-01-03 at 19:06 -0500, Devon Harding wrote:

Has anyone found a way to monitor vsftpd connections?

Put these lines in vsftpd.conf then restart vsftpd:

setproctitle_enable=YES session_support=YES

The first one allows you to monitor all current sessions along with what's going on in the session, what's the source IP, etc, by simply listing the current processes:

ps ax | grep vsftpd | grep -v grep

Or, if you prefer:

watch -n 1 'ps ax | grep vsftpd | grep -v grep'

Example:

# ps ax | grep vsftpd | grep -v grep 32668 ? S 0:00 vsftpd: LISTENER 985 ? Ss 0:00 vsftpd: 192.168.0.12: connected 989 ? S 0:00 vsftpd: 192.168.0.12/florin: IDLE

The second one will reveal vsftpd sessions using the "last" command. Example:

# last | head -n 2 florin vsftpd:985 192.168.0.12 Tue Jan 3 19:31 still logged in florin vsftpd:375 192.168.0.12 Tue Jan 3 19:24 - 19:29 (00:05)

These two options should cover most, if not all, bases. If I understand your request correctly, that's all you need. It could be argued that the first option should be enabled by default in the vsftpd RPM shipped with Fedora. The contrary too could be argued just as successfully. :-)

    > Moreover, google reported many threads about people
    switching to proftpd to 
    > get benefit of those ftptop/ftpwho/etc. tools.

They also get the "benefit" of switching to an FTP server with a _much_ worse security history (and also poorer performance, although this shouldn't concern too many people).

From a security perspective vsftpd is rock hard. Stay with it unless you

have very compelling reasons.