I want to log all action of vsftpd.
vim /etc/vsftpd.conf
vsftpd_log_file=/var/log/vsftpd.log
Create the log file
touch /var/log/vsftpd.log
Restart vsftpd.
service vsftpd restart
Login my sftp server and download and upload,then to check log in vsftpd.log.
Nothing output for "cat vsftpd.log".
and did you set & unset the other parameters required for the log to actually get written ?
For successful vsftpd file logging you need at least these log related options:
vsftpd_log_file=/tmp/vsftpd.log
log_ftp_protocol=YES
xferlog_enable=YES
worksforme! 
All the settings in my /etc/vsftpd.conf.
background=YES
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
check_shell=NO
session_support=NO
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
local_root=/home/ftp
vsftpd_log_file=/var/log/vsftpd.log
log_ftp_protocol=YES
I have created the file /var/log/vsftpd.log with touch command, reboot my router and ssh login it, strange enough, the file /var/log/vsftpd.log gone,disapeared!
I guess that openwrt remove vsftpd.log automatically,same thing happens when to make configuration for samba,you have to edite in the template---/etc/samba/smb.conf.template,if not, the edited lines in smb.conf lost after rebooting.
Where should i edite a template for vsftpd ?
I can't check log at all.
Please doublecheck the vsftpd manpage, e.g. regarding ' vsftpd_log_file':
This log is only written if the option xferlog_enable is set, and xferlog_std_format is NOT set.
So remove the latter option from your config (see https://security.appspot.com/vsftpd/vsftpd_conf.html for reference) and there is no need to create manually an empty logfile beforehand.
That's not strange at all, usually the 'tmp' directory ('var' is a symlink to 'tmp') is on a tmpfs fs and scratched with every reboot, e.g.
df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 18.5M 18.5M 0 100% /rom
tmpfs 1.9G 13.5M 1.9G 1% /tmp
[...]
Remove the line which contains xferlog_std_format and try again,i type wrong password and login .
Why nothing logged in the /var/log/vsftpd.log ?
I haven't checked all your log related options (do it on your own with the referenced manpage). Just start with the three log options I've provided in my first post and restart the vsftpd service afterwards.
I remove all the unrelated setting.
cat /etc/vsftpd.conf
background=YES
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
check_shell=NO
session_support=NO
vsftpd_log_file=/var/log/vsftpd.log
log_ftp_protocol=YES
xferlog_enable=YES
local_root=/home/ftp
Reboot and try,it is no use ,can't find any log records in log file.
Check dmesg too.
Just for reference my working config (it's a only local available ftp instance without passwords/user (anonymous only), e.g.
cat vsftpd.conf
background=YES
listen=YES
write_enable=YES
check_shell=NO
local_umask=022
ftp_username=nobody
anonymous_enable=YES
anon_root=/mnt/data/ftp
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_world_readable_only=NO
no_anon_password=YES
vsftpd_log_file=/tmp/vsftpd.log
log_ftp_protocol=YES
xferlog_enable=YES
and an example log:
cat vsftpd.log
[...]
Sat Jun 12 07:46:32 2021 [pid 2] CONNECT: Client "192.168.1.133"
Sat Jun 12 07:46:32 2021 [pid 2] FTP response: Client "192.168.1.133", "220 (vsFTPd 3.0.4)"
Sat Jun 12 07:46:44 2021 [pid 2] FTP command: Client "192.168.1.133", "USER anonymous"
Sat Jun 12 07:46:44 2021 [pid 1] [nobody] OK LOGIN: Client "192.168.1.133", anon password "<no_password>"
Sat Jun 12 07:46:44 2021 [pid 3] [nobody] FTP response: Client "192.168.1.133", "230 Login successful."
Sat Jun 12 07:46:44 2021 [pid 3] [nobody] FTP command: Client "192.168.1.133", "SYST"
Sat Jun 12 07:46:44 2021 [pid 3] [nobody] FTP response: Client "192.168.1.133", "215 UNIX Type: L8"
Sat Jun 12 07:51:44 2021 [pid 3] [nobody] FTP response: Client "192.168.1.133", "421 Timeout."
Delete all my setting and copy your setting,restart vsftpd.
Three issues remain:
1.can't login with nobody
2.no log record when to login with ftpadmin
3.the /var/log/vsftpd.log automatically deleted after rebooting my router.
I have set ddns and port forwarding on my router ,anyone is willing to help me ,please send email to elearn2014@gmail.com, i email you the password ,you can remotely login my router,and check what happened.
I can get the log record with
logread | grep ssh
Sat Jun 12 07:34:21 2021 auth.info sshd[2055]: Server listening on :: port 22.
Sat Jun 12 07:34:21 2021 auth.info sshd[2055]: Server listening on 0.0.0.0 port 22.
Sat Jun 12 07:37:33 2021 auth.err sshd[3887]: error: kex_exchange_identification: Connection closed by remote host
Sat Jun 12 07:38:10 2021 auth.info sshd[3888]: Accepted password for ftpadmin from 192.168.2.144 port 33466 ssh2
Sat Jun 12 07:38:27 2021 auth.info sshd[3892]: Accepted password for root from 192.168.2.144 port 33468 ssh2
Sat Jun 12 07:41:56 2021 auth.err sshd[4090]: error: kex_exchange_identification: Connection closed by remote host
Why can't write the log records into /var/log/vsftpd.log?
sshd != (vs)ftp.
are you mixing up ftp / sftp / ftps ?
sftp is a file transfer program, similar to ftp(1), which performs all operations over an encrypted ssh(1) transport. It use ftp over ssh,i have create user--ftpadmin for my vsftp.
Sat Jun 12 07:38:10 2021 auth.info sshd[3888]: Accepted password for ftpadmin from 192.168.2.144 port 33466 ssh2
SSHD log the info when ftpadmin try to login ,it is also a log record for vsftpd.
How can i set vsftpd log directly and successfully then?
No, they're both protocols, but there are applications using the same name as the protocol.
you probably can't, because you're talking to the FTP server via SSH.
Unless you'd like to have all ssh logging to the vsftp log.
or look into the syslog-ng package, or some other logging tool.
If it suits you, you could redirect the vsftpd log to the common system log.
syslog_enable=YES
root@OpenWrt:~# logread -e ftp
Sat Jun 12 16:14:12 2021 ftp.warn vsftpd[2453]: [root] FAIL LOGIN: Client "192.168.92.146"
Sat Jun 12 16:14:26 2021 ftp.info vsftpd[2455]: [root] OK LOGIN: Client "192.168.92.146"
Sat Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", "230 Login successful."
Sat Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP command: Client "192.168.92.146", "SYST"
Sat Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", "215 UNIX Type: L8"
Sat Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP command: Client "192.168.92.146", "FEAT"
Sat Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", "211-Features:"
"t Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", " EPRT
"t Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", " EPSV
"t Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", " MDTM
"t Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", " PASV
"t Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", " REST STREAM
"t Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", " SIZE
"t Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", " TVFS
"t Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", " UTF8
Sat Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", "211 End"
Sat Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP command: Client "192.168.92.146", "PWD"
Sat Jun 12 16:14:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", "257 "/root" is the current directory"
Sat Jun 12 16:19:26 2021 ftp.info vsftpd[2457]: [root] FTP response: Client "192.168.92.146", "421 Timeout."
I don't think it's the real issue, i think it's the fact the actual logon gets written to the system log by ssh, but that's to be expected, since the traffic is coming in through there.