syslog entries from pure-ftp

Why do i get all these pure ftp entries in my syslog

Apr 2 08:45:01 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 08:45:01 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.
Apr 2 08:50:01 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 08:50:01 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.
Apr 2 08:55:01 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 08:55:01 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.
Apr 2 09:00:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 09:00:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.
Apr 2 09:05:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 09:05:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.
Apr 2 09:10:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 09:10:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.
Apr 2 09:15:01 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 09:15:01 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.
Apr 2 09:20:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 09:20:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.
Apr 2 09:25:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 09:25:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.
Apr 2 09:30:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 09:30:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.
Apr 2 09:35:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 09:35:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.
Apr 2 09:40:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Apr 2 09:40:02 ispconfig1 pure-ftpd: ([email protected]) [INFO] Logout.


What is happening exactly ?

 

Ispconfig3 Monitor Module is testing if ftp-daemon is alive. You can safely ignore those.

 

Is there any way to suprress the messages logged from the ispconfig3 monitor but still log user login events? In a quick look in the config file for pureftpd it looked like syslogging was an 'all or nothing' setting.

 

I don't like my main system log being filled with these ftp info messages so I've edited /etc/syslog.conf and changed the line

*.info;mail.none;authpriv.none;cron.none /var/log/messages

to

*.info;mail.none;authpriv.none;cron.none;ftp.!info /var/log/messages

(then run:# /etc/init.d/syslog reload )

This prevents ftp info data being written to the log.
If I want to know what users have been logging in via ftp I just inspect the
/var/log/pureftp.log
- it shows a lot more detail! & excludes the localhost logins.

--------------------
I also want to remove the clamd "SelfCheck: Database status OK." messages so I've also added
local6.!info to the line in syslog.conf
Those messages are also in the ClamAV log which is viewable from the ISPConfig monitor page.

Now I've got a really clean system log.

 

That's good tip

That's good tip

Does anyone know how to get the same in Debian?

Regards

 

The same but in /etc/rsyslog.conf

 

Thanks for your answer.

Yes I tried that, but had no luck, perhaps I didn't find the right place in the file.
This is which I changed in /etc/rsyslog.conf

Code:

 Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages

Is that correct?
I also tried adding a new file in /etc/rsyslog.d/ but didn't work either.

Regards

 

You can add it to that...

Code:

 
Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none;\
        ftp.!info                      -/var/log/messages

I make separate files...

Code:

 
Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     -/var/log/debug
*.=info;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none;\
        ftp.!info                      -/var/log/messages.info
*.=notice;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none         -/var/log/messages.notice
*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages.warn

 

Hi, mate

Thanks again for your answer.
I'll give it a try and tell you. I realize now what could be the error I had.
This was my not working rsyslog.conf before was corrected:

Code:

# Some "catch-all" log files.
#
*.=debug;\
	auth,authpriv.none;\
	news.none;mail.none	-/var/log/debug
*.=info;*.=notice;*.=warn;\
	auth,authpriv.none;\
	cron,daemon.none;\
	mail,news.none;\
	ftp.!info;local6.!info;	-/var/log/messages

Last line should be:

Code:

 ftp.!info,local6.!info	-/var/log/messages

instead isn'it?

Regards