[Logwatch] Parsing pure-ftpd problem

Thomas Berton thomas.berton at ugent.be
Fri Aug 4 03:13:21 MST 2006

I'm having trouble parsing my pure-ftpd logfiles using logwatch.
I'm using pure-ftpd on Debian (installed using debian package system). 
Installed version is 1.0.19-4. The logwatch version was also installed 
using the debian package system, version 5.2.2-5.
The pure-ftpd entries are written in /var/log/syslog. Here are some entries:
Aug  4 04:15:58 my_host pure-ftpd: (?@some_host) [INFO] New connection 
from some_host
Aug  4 04:15:58 my_host pure-ftpd: (?@some_host) [INFO] backup is now 
logged in
Aug  4 04:15:58 my_host pure-ftpd: (user at some_host) [NOTICE] /my/file 
uploaded  (20646 bytes, 814.40KB/sec)
Aug  4 04:15:58 my_host pure-ftpd: (user at some_host) [NOTICE] 
/another/file uploaded  (17511 bytes, 749.24KB/sec)
Aug  4 04:15:58 my_host pure-ftpd: (user at some_host) [INFO] Logout.

I've looked at the logwatch configuration files: 
/etc/logwatch/conf/services/pureftpd.conf and 

This is my pureftpd.conf (services)

Title = "pureftp"

# Which logfile group...
LogFile = pureftp

*OnlyService = pure-ftpd
*RemoveHeaders =

# Should we show some details?
$show_logins = 1
$show_logouts = 1

# This can get rather large, it details files which were uploaded or 
# by who, and where from.
$show_data_transfers = 1

# How many connections did we get?
# This only shows where it came from and how many per ip / host.
$show_new_connections = 1

And this is my pureftp.conf (logfiles)

# What actual file?  Defaults to LogPath if not absolute path....
LogFile = /var/log/syslog

# If the archives are searched, here is one or more line
# (optionally containing wildcards) that tell where they are...
# Note: if these are gzipped, you need to end with a .gz even if
#       you use wildcards...
Archive = /var/log/pureftp/syslog.log.*
Archive = /var/log/pureftp/syslog.log.*.gz

# Keep only the lines in the proper date range...

However i'm not getting any info in my reports. Any hints on how to 
solve this? I'm sure I'm forgetting something...

Thanks in advance,
Thomas Berton.

ICT&O Expertisecentrum Universiteit Gent
thomas.berton at ugent.be

More information about the Logwatch mailing list