ftp logging

der Mouse mouse at thunder.mcrcim.mcgill.edu
Thu Jun 6 23:48:09 AEST 1991 

In article <9107 at ucdavis.ucdavis.edu>, fisherjm at iris.UCDavis.EDU (John M. Fisher) writes:

> I am interested in an FTP logging utility.  That is, I wish to record
> information about people connecting.  This information would be such
> things as: the user's name, source address (email and US), files
> taken or put up, etc.  Of course, the name and address will require
> an initial questionaire.

(It's a relief to read that last sentence.  Many people would have
expected to be able to determine that automatically.)

You do, I hope, realize that there is no way to tell whether the user
is telling the truth about anything (except the machine from which the
connection occurs).

> Therefore, I need to do two things:

> 1) How do I get a program to run each time a user connects to my ftp
>    site?  This program would ask questions about the caller.

This program is normally called ftpd.  I don't know how you expect to
conduct an interactive dialog with the user, since the FTP protocol
does not provide any such facilities.  You're going to have to hack on
ftpd.  (If your vendor didn't supply source, you shouldn't trust the
binary anyway; in any case, fetch the Berkeley ftpd and use that as a
base to build upon.)

Also note that such extensive questioning is *not* the norm and is apt
to be looked at somewhat askance.  *I* certainly would go to fair
lengths to avoid using such a site.  (I consider those sites that
require "an email address" as the password excessive - there are a few
such in Europe.)

> 2) Are there any systems available for logging file transactions?
>    Or, perhaps even better, is there a way to completely capture the
>    entire session of a user?

Our ftpd logs all anonymous sessions through syslog.  This involves a
handful of changes - a variable (which may already exist - I don't
recall offhand) to remember whether an anonymous session is in progress
and a call to syslog for every command received.  On our machine I had
to hack syslog(), too, so it worked when under the influence of chroot,
but that was fairly straightforward.

I can run diff and mail patches, but it's doubtful of how much benefit
they will be to anyone....

					der Mouse

			old: mcgill-vision!mouse
			new: mouse at larry.mcrcim.mcgill.edu

More information about the Comp.unix.wizards mailing list