[Logwatch] Parsing pure-ftpd problem

Thomas Berton thomas.berton at ugent.be
Fri Aug 4 03:13:21 MST 2006


Hello,
I'm having trouble parsing my pure-ftpd logfiles using logwatch.
I'm using pure-ftpd on Debian (installed using debian package system). 
Installed version is 1.0.19-4. The logwatch version was also installed 
using the debian package system, version 5.2.2-5.
The pure-ftpd entries are written in /var/log/syslog. Here are some entries:
Aug  4 04:15:58 my_host pure-ftpd: (?@some_host) [INFO] New connection 
from some_host
Aug  4 04:15:58 my_host pure-ftpd: (?@some_host) [INFO] backup is now 
logged in
Aug  4 04:15:58 my_host pure-ftpd: (user at some_host) [NOTICE] /my/file 
uploaded  (20646 bytes, 814.40KB/sec)
Aug  4 04:15:58 my_host pure-ftpd: (user at some_host) [NOTICE] 
/another/file uploaded  (17511 bytes, 749.24KB/sec)
Aug  4 04:15:58 my_host pure-ftpd: (user at some_host) [INFO] Logout.

I've looked at the logwatch configuration files: 
/etc/logwatch/conf/services/pureftpd.conf and 
/etc/logwatch/conf/logfiles/pureftp.conf

This is my pureftpd.conf (services)

Title = "pureftp"

# Which logfile group...
LogFile = pureftp

*OnlyService = pure-ftpd
*RemoveHeaders =

# Should we show some details?
$show_logins = 1
$show_logouts = 1

# This can get rather large, it details files which were uploaded or 
downloaded
# by who, and where from.
$show_data_transfers = 1

# How many connections did we get?
# This only shows where it came from and how many per ip / host.
$show_new_connections = 1

And this is my pureftp.conf (logfiles)

# What actual file?  Defaults to LogPath if not absolute path....
LogFile = /var/log/syslog

# If the archives are searched, here is one or more line
# (optionally containing wildcards) that tell where they are...
# Note: if these are gzipped, you need to end with a .gz even if
#       you use wildcards...
Archive = /var/log/pureftp/syslog.log.*
Archive = /var/log/pureftp/syslog.log.*.gz

# Keep only the lines in the proper date range...
*OnlyHost
*ApplyStdDate

However i'm not getting any info in my reports. Any hints on how to 
solve this? I'm sure I'm forgetting something...

Thanks in advance,
Thomas Berton.

-- 
ICT&O Expertisecentrum Universiteit Gent
thomas.berton at ugent.be


More information about the Logwatch mailing list