How 2 Know
If you can't Google it, You Can Knowing it.

how to log ftp commands

if you need to see FTP users log, and what they do on your system, just do the following commands ( this article doesn’t useful for past commands, it will be useful to get commands in the future after you do these steps):

1 – open file ” /etc/inetd.conf” and add option “-d” on the end on FTP Line, like the following :

ftp     stream  tcp6    nowait  root    /usr/sbin/ftpd         ftpd -d

2- refresh inetd service like that”

# refresh -s inetd
0513-095 The request for subsystem refresh was completed successfully.

3- open syslog.conf file and add the following line:

daemon.debug /tmp/daemon.log

4- refresh syslog daemon like this :

 # refresh -s syslogd
0513-095 The request for subsystem refresh was completed successfully.

and this is sample of log :

Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 220
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: localhost FTP server (Version 4.2 Mon Sep 10 15:04:59 CDT 2012) ready.
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: command: USER root^M
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 331
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: Password required for root.
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: command: PASS
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 230-
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: Last unsuccessful login: Mon Oct 21 11:58:41 EGYPT 2013 on ssh from 10.10.10.10
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 230-
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: Last login: Tue Oct 22 12:07:07 EGYPT 2013 on ftp from 10.10.10.10
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 230
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: User root logged in.
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: command: SYST^M
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 215
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: UNIX Type: L8 Version: BSD-44
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: command: FEAT^M
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 500
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: 'FEAT': command not understood.
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: command: PWD^M
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 257
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: "/" is current directory.
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: command: TYPE A^M
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 200
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: Type set to A; form set to N.
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: command: PORT 10.10.10.10,204,219^M
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 200
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: PORT command successful.
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: command: LIST -a^M
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 150
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: Opening data connection for /bin/ls.
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: <--- 226
Oct 22 12:19:09 localhost daemon:debug ftpd[18219568]: Transfer complete.
Oct 22 12:19:15 localhost daemon:debug ftpd[18219568]: <--- 221
Oct 22 12:19:15 localhost daemon:debug ftpd[18219568]: You could at least say goodbye.
Tags: , , , ,

Tuesday, October 22nd, 201312:20 pmThis entry was posted on at and is filed under AIX. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

«
»

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from How 2 Know

Subscribe now to keep reading and get access to the full archive.

Continue reading