Clean your /var/log/messages, move ftp logs to /var/log/ftp

[thisisit3]

The server monitors the various processes if they are alive or not. In order to check the ftp server is alive, it connects to it about every 8 minutes and then promptly disconnects. As a result, the /var/log/messages is filled with:

Code:

Mar 24 08:46:25 deed pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Mar 24 08:46:25 deed pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Mar 24 08:54:49 deed pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Mar 24 08:54:49 deed pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Mar 24 09:03:11 deed pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Mar 24 09:03:11 deed pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Mar 24 09:11:34 deed pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Mar 24 09:11:34 deed pure-ftpd: (?@127.0.0.1) [INFO] Logout.

Which fills up your /var/log/messages with that garbage and you may miss something important. Here is a solution to solve the problem:

STEP 1

Edit your /etc/syslog.conf and:

Code:

change this:
*.info;mail.none;authpriv.none;cron.none       -/var/log/messages

into this:
*.info;mail.none;authpriv.none;cron.none;ftp.none       -/var/log/messages

at the end of the file, add this:
ftp.*                                                   -/var/log/ftp

STEP 2

Now, edit your /etc/logrotate.d/syslog and:

Code:

change this:
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {

into this:
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron /var/log/ftp {

STEP 3

Now execute the following command, in order to restart syslogd for the changes to take effect:

Code:

service syslog restart

Now all ftp related messages go to /var/log/ftp instead of /var/log/messages!


PS:
If you are running BFD with the rules i've created here, make sure you edit your /usr/local/bfd/rules/pure-ftpd file and change the line LP="/var/log/messages" to LP="/var/log/ftp".

Another cool tip by thisisit3

[chrismfz]

Is cpanel "reads" /var/log/messages for calculating ftp traffic ?
If someone do this will he has problems with cpanel traffic monitor or anything else?

[Vin DSL]

LoL!

I think someone has a log fetish...

[chrismfz]

I am just curious, I dont know how cpanel/whm works exactly (or, at all...)

[thisisit3]

cpanel calculates and stores ftp (and others) bandwidth under /var/cpanel/bandwidth/