SECTCP home | Easy400 | IBM i home
Public-Source
 
Introduction
FTP settings
Quick start
Securing FTP
WRK user profiles
WRK directories
WRK IP addresses
Active Defense
Logging
VLDL vs USRPRF
User exit pgm
TELNET settings
Access-Reject Messages
HTTP logs
 
Download
 
 

 
previous page page 7 out of 16 next page
FTP settings (6/7)
7. Logging (See also 24hrs rejections log)

If you signed on as SECTCP owner, use option 7, 8 or 9 from the "Secured FTP" menu in Figure 2 to start, to end or to display the FTP log.

If you signed on with a user profile different from the SECTCP owner, you will receive the following "Display Logs" menu:
Figure 11 - Display Logs menu
and you should take option 3 (FTP log).

You are then asked whether you want to display the FTP log history or the log of the current day:
Figure 12 - Selecting what to display

If you select to display the FTP log history, you would receive a screen like the following:
Figure 13 - FTP Log Daily Summary

There will be a line for each day in which some FTP activity went on.
For each day you would know: the number of visitors (different IP addresses connecting via FTP), the number of accepted and rejected logons, the number of accepted and rejected FTP requests, the number of files sent to clients and the number of files received from clients.

The following shows the detail display of the FTP log entries of a day:
Figure 14 - FTP Log of a Day

You may position (top line) at a given time and filter a (generic) IP address.

Information available from an entry:
  • time
  • client IP address
  • Exit program identifier:
    • LOG Server Logon Exit Program
    • RQS Server Request Exit Program
  • User profile logged in
  • Type of request
  • Request status, as returned from the exit program.
    It can be Accepted or Rejected
  • Return code from the exit programs.
    Return codes from the Server Logon Exit Program:
    • 0: reject logon
    • 1: accept logon
    • 2: accept logon with a different user profile and password
    • 3: accept logon with some changes to NAMEFMT, current library or current home directory
    • 4: accept logon with a different user profile and password and with some changes to NAMEFMT, current library or current home directory
    Return codes from the Server Request Exit Program:
    • 0: reject request
    • 1: accept request
  
  • IP address description (if available)
  • object addressed by the request


Lifetime of detail daily logs

FTP detail daily logs are maintained in file SECTCPDATA/FTPLOG members. There is a member for each day.
  • Use command SECTCP/LOGPURGE to establish for how many days detail daily logs must be kept.
  • Use command SECTCP/LOGFIX to purge expired detail daily logs.
    Note- Command SECTCP/LOGFIX should be run every day. It is recommended to do so through a job scheduled entry (command ADDJOBSCDE).

FTP log statistics

Some statistics are available from the FTP log.
You may access them through function keys available on the screen in Figure 13.

A. Visitors
This is a list of the client IP addresses that connected via FTP.
Figure 15 - FTP Visitors
A description of the IP address is displayed, if available from one of the IP address lists.
You may get more details on the FTP logons, on the files sent to the server and on the files received from it.

B. Files sent
This is a list of files sent to FTP clients.
Figure 16 - Files sent to FTP clients
For each file you would know the number of times it was sent and the number of receiving clients.
You have also an option to display the IP addresses of the receiving clients. That would let you know when the events took place.

C. Files received
This is a list of files received from FTP clients.
Figure 17 - Files received from FTP clients
For each file you would know the number of times it was received and the number of sending clients.
You have also an option to display the IP addresses of the sending clients. That would let you know when the events took place.

previous page next page
    Contact