Newsgroups: comp.unix.wizards Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!snorkelwacker.mit.edu!thunder.mcrcim.mcgill.edu!mouse From: mouse@thunder.mcrcim.mcgill.edu (der Mouse) Subject: Re: ftp logging Message-ID: <1991Jun6.134809.27567@thunder.mcrcim.mcgill.edu> Organization: McGill Research Centre for Intelligent Machines References: <9107@ucdavis.ucdavis.edu> Date: Thu, 6 Jun 91 13:48:09 GMT Lines: 52 In article <9107@ucdavis.ucdavis.edu>, fisherjm@iris.UCDavis.EDU (John M. Fisher) writes: > I am interested in an FTP logging utility. That is, I wish to record > information about people connecting. This information would be such > things as: the user's name, source address (email and US), files > taken or put up, etc. Of course, the name and address will require > an initial questionaire. (It's a relief to read that last sentence. Many people would have expected to be able to determine that automatically.) You do, I hope, realize that there is no way to tell whether the user is telling the truth about anything (except the machine from which the connection occurs). > Therefore, I need to do two things: > 1) How do I get a program to run each time a user connects to my ftp > site? This program would ask questions about the caller. This program is normally called ftpd. I don't know how you expect to conduct an interactive dialog with the user, since the FTP protocol does not provide any such facilities. You're going to have to hack on ftpd. (If your vendor didn't supply source, you shouldn't trust the binary anyway; in any case, fetch the Berkeley ftpd and use that as a base to build upon.) Also note that such extensive questioning is *not* the norm and is apt to be looked at somewhat askance. *I* certainly would go to fair lengths to avoid using such a site. (I consider those sites that require "an email address" as the password excessive - there are a few such in Europe.) > 2) Are there any systems available for logging file transactions? > Or, perhaps even better, is there a way to completely capture the > entire session of a user? Our ftpd logs all anonymous sessions through syslog. This involves a handful of changes - a variable (which may already exist - I don't recall offhand) to remember whether an anonymous session is in progress and a call to syslog for every command received. On our machine I had to hack syslog(), too, so it worked when under the influence of chroot, but that was fairly straightforward. I can run diff and mail patches, but it's doubtful of how much benefit they will be to anyone.... der Mouse old: mcgill-vision!mouse new: mouse@larry.mcrcim.mcgill.edu