[CentOS] vsftpd log issues

Tue Jan 3 03:14:58 UTC 2012
Nataraj <incoming-centos at rjl.com>

On 12/31/2011 02:48 AM, Timo Neuvonen wrote:
> I have an up-to-date CentOS 6 with reasonable amount of ftp activity (a 
> dozen of network cameras uploading images every second 24x7).
>
> The first issue was that the whole /var filesystem was about to get full,
> because of huge ftp daemon log.
>
> vsftpd.conf says:
>
> # You may override where the log file goes if you like. The default is shown
> # below.
> xferlog_file=/var/log/vsftpd.log
>
> Ok, the above works now. But while the setting was (by default) commented
> out, the default wasn't  /var/log/vsftpd.log  but  /var/log/xferlog  which
> was growing without limits (it was over 6 GB when I first time noticed the
> problem) since logrotate tried to rotate vsftpd.log
>
> -rw-------  1 root root         0 Dec 31 03:07 vsftpd.log
> -rw-------  1 root root  39134459 Dec 31 12:19 vsftpd.log.1
> -rw-------  1 root root 433305200 Dec 30 22:03 xferlog
>
> Now, after uncommenting the log file setting line in the conf the next issue
> is, that logrotate does rotate the log files (the old one gets .1 postfix 
> added to its name and a new file is created), but it still keeps writing to 
> the original file (which is renamed now)
>
> In the ls -l listing above:
> - vsftpd started to write log vsftpd.log around 10pm last night (when I
> uncommented the log setting from the conf and restarted the daemon, until
> that it was logging to xferlog)
> - during the night logrotate has changed the name of the existing log file
> to ...log.1 but now, several hours later, this renamed old file is still
> used for logging, and the new ...log file remains empty!
>
> Is there some simple option in logrotate's conf that could change this
> behaviour? Or how to fix this. There must be many others who already have
> run into this issue.
>
> Regards,
> Timo
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
Check out the man page for vsftpd.conf.  vsftpd supports 2 log file
formats.  The xferlog_file parameter is for the wu-ftpd style log and
the vsftpd_log_file is the native format log file.  The description of
xferlog_file is:

xferlog_file
              This option is the name of the file to which we  write 
the  wu-
              ftpd style transfer log. The transfer log is only written
if the
              option xferlog_enable is  set,  along  with 
xferlog_std_format.
              Alternatively,  it  is  written  if  you  have  set  the 
option
              dual_log_enable.


So if you enable the wu-ftpd style logging then it goes to to xferlog_file.

Nataraj