Ftp – Proftpd doesn’t send xferlogs to syslog

ftpproftpdsyslog

I have a Proftpd v1.3.2 server, and I need to send every logs (system logs + auths logs + xferlogs) to a remote syslog server. It works fine for system+auth logs. But even if "TransferLog" was removed from the configuration file, Proftpd keeps opening /var/log/xferlog to log transferts (I checked with lsof), and sends nothing to syslog server (I checked with tcpdump).

How can I tell proftpd to send xferlogs to a remote syslog server ?

Best Answer

Ok, I found a solution : using fifo. In /etc/proftpd/proftpd.conf :

#SystemLog   /var/log/proftpd/proftpd.log
#ControlsLog /var/log/proftpd/controls.log
TransferLog /var/log/xferlog.fifo

Then :

mknod  /var/log/xferlog.fifo p
chmod 666 /var/log/xferlog.fifo

And a Perl script like that one (inspired from several ones found on the web), listening at the other side of the fifo :

#!/usr/bin/perl -w

use strict;
use File::Basename qw(basename);
use Sys::Syslog qw(:DEFAULT setlogsock);

$|=1;
my $fifo_file = "/var/log/xferlog.fifo";
my $syslog_facility = 'daemon';
my $syslog_level = 'info';
my $program = "xfer_ftp";

unless (-p $fifo_file)
{
  unlink $fifo_file;
  system('mknod', $fifo_file, 'p')  && die "can't mknod $fifo_file: $!";
  system('chmod', '666', $fifo_file)  && die "can't chown $fifo_file: $!";
}

my $fifo_fh;
open($fifo_fh, "+< $fifo_file") or die "The FIFO file \"$fifo_file\" is missing, and this program can't run without it.:$!";

setlogsock 'unix';
openlog($program, 'pid', $syslog_facility);

# just keep reading from the fifo and processing the events we read
while (<$fifo_fh>) {
    chomp;
    syslog($syslog_level, $_);
}

closelog();

# should never really come down here ...
close $fifo_fh;
exit(0);

If you have a cleaner solution... :-)

Best Answer

Related Solutions

Can remote logging with syslog-ng hang the application

Freebsd – Remote Logging with syslog

Related Topic