[syslog-ng] wu-ftpd
Peter Czanik
czanik at balabit.hu
Thu Oct 7 08:49:18 CEST 2010
Hello,
I covered the three major ftpd implementations (proftpd/pureftpd/vuftpd)
with login/logout/failure patterns, and as I used wu-ftpd for a long
time, I also wanted to create a pattern for that one. No luck, I can't
get it running, there are no messages in the logs and strace does not
reveal anything :-(
So, I'd like to ask, if anybody uses wu-ftpd here? Some logs or even
better, patterns, would be very helpful. My latest blogs have some
hints, how I collect logs and create rules (
http://czanik.blogs.balabit.com/2010/10/pattern-writing-tips-and-tricks/
and
http://czanik.blogs.balabit.com/2010/10/pattern-writing-tips-and-tricks-ii/
).
For ftp I collected logs for the following situations:
- anonymous ftp login
- root login (actually a failure...)
- invalid username
- valid user, invalid password
- valid user, successful login
Anyone could help?
Bye,
--
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/
More information about the syslog-ng
mailing list