rotation, location, opening, log analysis
Any of the common tools for managing log rotatation can be used with Proftpd. The most commonly used package is logrotate as shipped with Redhat. Some suggested configurations are shown below.
Example 4-1. logrotate configuration
# cat /etc/logrotate.d/proftpd
/var/log/proftpd {
nocompress
missingok
}Example 4-2. logrotate configuration
/var/log/xferlog {
# ftpd doesn't handle SIGHUP properly
nocompress
}
/var/log/proftpd {
nocompress
} Example 4-3. logrotate configuration
/var/log/xferlog {
postrotate
/usr/bin/killall -HUP proftpd
endscript
}Proftpd does not use SIGHUP to close and reopen the logfiles so one of two basic stratagies have to be employed to ensure that the logfiles are not being held open. The first and most aggressive is to shutdown proftpd, rotate the logs and restart. This might be acceptable on a small server but not on a commercial system
A second approach would be to rotate the logfiles and not perform any parsing or compression until all the live connections have ended. This time can either be based on guesswork (ie I'm pretty sure everyone will have finished the active connection within 60 minutes) or by employing a script to kill off any remaining connections after a suitable time period (by using such as the fuser command).
So, you want to know what's happening with your ftp server, are those logs any help. Not normally is the most common response, as a general rule logfiles are unreadable and while providing the raw information for spotting trends are not the best format for presenting the information.
There are a number of different packages and approaches available to the sysadmin on the go to process his logs into a more readily understandable format.
Webalizer is primarily designed as a web server log analysis tool. However it is capable of handling ftp server logs (set the logtype configuration option to 'ftp'). The latest version uses the png graphic format.
http://www.mrunix.net/webalizer/
http-analyze is the system from which webalizer was derived. It requires more work in setting up proftpd's logging format however it can give far more detailed reports.
http://www.netstore.de/Supply/http-analyze/
If you want to use Analog (works fine for me) this is your logformat:
Produces more 'professional' looking reports based on analog data.
Logsurfer (need URL) and a Perl custom reporting module (http://www.cpan.org/modules/by-authors/id/S/SN/SNEEX/)
Thank you so much! This has GREATLY reduced the load on my server! Now I just have my ftp log, and the secure log with proftpd entries. Thanks again! LogFormat xfer_fmt "%t %u %f" ExtendedLog /var/log/upload write xfer_fmt ExtendedLog /var/log/dnload read xfer_fmt You can use this directive to disable the syslogd usage : SystemLog /usr/local/proftpd/logs/system_log a) will proftpd support piped logs? b) anyone intersted in make a mod_cronolog? http://www.ford-mason.co.uk/resources/cronolog/ im running Proftpd 1.2.0pre3 and i'm having trouble finding a log analyser that will support the type of logs i run through it. the main problem being i have extended characters and white spaces in file names. all log analysers i've tried interperet the whitespace as the end of the file name. is there any way to have proftpd use %20 instead of a space in the log file? or better yet, have proftpd keep a log CLF style?
| Prev | Zmey`s Home | Themes Wordpress | Home | Next |
| Timezone issues | Up | FXP |