cutemeli/server
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2adfbd9ea73fc04955d459a3e37101263067ebdb
server/usr/share/doc/psa-proftpd/howto/LogMessages.html
cutemeli 2adfbd9ea7 .gitignore angepasst
2026-01-07 20:52:11 +01:00

378 lines
15 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<title>ProFTPD Logging: Log Messages</title>
</head>
<body bgcolor=white>
<hr>
<center><h2><b>ProFTPD Logging: Log Messages</b></h2></center>
<hr>
<p>
<b>Log Messages</b>
This document attempts to list the most common messages logged (either via
<code>syslog</code> or the <code>SystemLog</code> file), grouped by the
<a href="LogLevels.html">log level</a> for the message.
<p><a name="EMERG">
<b><code>EMERG</code> Log Messages</b><br>
There are currently no <code>EMERG</code>-level messages logged by
<code>proftpd</code>.
<p><a name="ALERT">
<b><code>ALERT</code> Log Messages</b><br>
<code>ALERT</code>-level messages are logged by <code>proftpd</code> when a
crucial system resource (<i>e.g.</i> memory, CPU, file descriptors, disk
space) has been exhausted.
<ul>
<li>"Out of memory!"<br>
This log message can be generated by various core subsystems and modules,
and indicates that <code>proftpd</code> could not allocate enough memory.
</li>
<p>
<li>"unable to fork"<br>
This log message indicates that <code>proftpd</code> tried to fork a new
process (<i>e.g.</i> to read passphrases, execute a script, <i>etc</i>) and
failed. This can happen when the process table is full, or when there is
not enough system memory to create a new process.
</li>
<p>
<li>"cannot write ExtendedLog", <i>or</i> "failed to write <em>file</em>: No space on device"<br>
These log messages indicate that the filesystem on which the files are
being written is out of space.
</li>
</ul>
<p><a name="CRIT">
<b><code>CRIT</code> Log Messages</b><br>
There are currently no <code>CRIT</code>-level messages logged by
<code>proftpd</code>.
<p><a name="ERR">
<b><code>ERR</code> Log Messages</b><br>
<code>ERR</code>-level messages are logged by <code>proftpd</code> when
<code>proftpd</code> cannot start up because it cannot use the given
configuration for some reason: no DNS resolution for hostnames, unable to listen
on addresses/ports, or necessary cryptographics keys/certs are unusable.
<ul>
<li>Failed binding to <i>address</i>, port <i>port</i><br>
Check the ServerType directive to ensure you are configured correctly<br>
Check to see if inetd/xinetd, or another proftpd instance, is already using <i>address</i>, port <i>port</i><br>
<br>
When <code>proftpd</code> starts up, it will attempt to bind sockets to,
and listen on, all of the configured addresses/ports. If it cannot bind
to an address/port, the above message is logged. As mentioned in the log
message, the most common cause is that another <code>proftpd</code> daemon
is running and is using the address/port, <i>or</i> that
<code>inetd/xinetd</code> is using the address/port because your FTP
server is supposed to be run that way; if so, check that the
<a href="ServerType.html"><code>ServerType</code></a> in the
<code>proftpd.conf</code> file is "inetd" and not "standalone".
</li>
<p>
<li>"unable to listen on <i>address</i>#<i>port</i>"<br>
When <code>proftpd</code> starts up, it will attempt to bind sockets to,
and listen on, all of the configured addresses/ports. If it cannot listen
on an address/port, the above message is logged. The most common cause of
this message is the use of different DNS names in
<code>&lt;VirtualHost&gt;</code> sections which resolve to the same IP
address(es). FTP, unlike HTTP, only deals with IP addresses, and thus
<code>proftpd</code> resolves the <code>&lt;VirtualHost&gt;</code> DNS name
to its IP address, then listens on that address. If two different
<code>&lt;VirtualHost&gt;</code> sections have different DNS names which
resolve to the same IP address, then the first section will get the
address, and listening to the second address will fail (probably with the
"Address already in use" error).
</li>
<p>
<li>"(Running from command line? Use `ServerType standalone' in config file!)"<br>
This log message almost always happen when you have "ServerType inetd" in
your <code>proftpd.conf</code>, <b>but</b> you are attempting to start
<code>proftpd</code> from the command line (or some init script). Chances
are that you do not really want to be doing this; if you do, see the
<a href="ServerType.html"><code>ServerType</code></a> docs for more
information.
</li>
<p>
<li>"unable to accept incoming connection"<br>
The server cannot accept a TCP connection from a remote client; the most
likely cause is too many open files (which includes sockets) and hitting
the per-process, or the system-wide, open file limit.
</li>
<p>
<li>"chroot to <em>directory</em> failed for user <em>name</em>"<br>
Restricting users via the <a href="Chroot.html">DefaultRoot</a> directive
requires that the logging-in user have the <i>execute</i> permission on
the target directory. Without that permission -- or if there are other
filesystem permission errors -- the above message will be logged.
</li>
<p>
<li>"RELINQUISH PRIVS", "REVOKE PRIVS", "ROOT PRIVS", "SETUP PRIVS", "USER PRIVS", "unable to set UID/GID"</br>
These log messages indicate that changing the UID/GID of the current
process (as during authentication, or the handling of
<a href="../modules/mod_core.html#UserOwner"><code>UserOwner</code></a>/<a href="../modules/mod_core.html#GroupOwner"><code>GroupOwner</code></a>
directives) has failed for some reason. The most common cause of these
messages is starting <code>proftpd</code> as a non-root user.
</li>
<p>
<li>"unable to open <em>log-file</em>: <em>parent-dir</em> is a world-writable directory"<br>
These log messages indicate that your logging configuration <b>is
insecure</b>. Log files in a world-writable directory can be deleted or
modified by <b>any user on the system</b>, which means that your logged
data cannot be trusted. For this reason, <code>proftpd</code> refuses to
write log files to such directories.
</li>
<p>
<li>"unable to open <em>log-file</em>: <em>log-file</em> is a symbolic link"<br>
These log messages indicate that your logging configuration <b>may</b> be
insecure. Symbolic links are subject to race conditions, where a local
user on the system might try to replace portions of the symlink path with
their own directories, changing the symlink to point somewhere else, such
as causing the log file to overwrite an existing file (<i>e.g.</i>
<code>/etc/passwd</code>).
<p>
For this reason, <code>proftpd</code> refuses to write log files to
symlinks, unless configured to do so via the <a href="../modules/mod_log.html#AllowLogSymlinks"><code>AllowLogSymlinks</code></a> directive.
</li>
<p>
<li>"unable to open <em>log-file</em>"<br>
These log messages indicate that the log file could be not used for some
other reason, such as lack of permissions or nonexistent directories.
</li>
<p>
<li>"mod_sql: unrecoverable backend error"<br>
Backend database server (<i>e.g.</i> MySQL, Postgres, SQLite, <i>etc</i>)
rejected the SQL statement being executed. This usually happens when a
table or column in the SQL statement does not exist, or if the table/column
names have a typo/mismatch between the config file and database server.
</li>
<p>
<li>"error: unable to set groups: Invalid argument"<br>
Setting the list of GIDs to use for the logged-in user uses the
<code>setgroups(2)</code> system call, which has some restrictions. Most
notably, attempting to make the user be a member of too many groups will
cause the above error. The maximum number of groups varies from platform
to platform, but can be anywhere from 4 to 32 (or more).
</li>
<p>
<li>"error opening scoreboard"<br>
The <a href="Scoreboard.html"><code>ScoreboardFile</code></a> is needed for
useful things like <code>ftpwho</code> and <code>ftptop</code>, thus if the
path cannot be opened, <code>proftpd</code> will fail to start. The most
common cause for this failure is that the configured
<code>ScoreboardFile</code> is in a directory which does not exist; the
parent directory <b>must</b> exist prior to starting <code>proftpd</code>.
</li>
<p>
<li>"Malformed entry in AuthUserFile/AuthGroupFile"<br>
The configured <a href="AuthFiles.html">AuthUserFile/AuthGroupFile</a>
has a line which is not in the necessary format. The most common cause
for this is when one of the file fields is missing, or if there an extra
colon (':') character in a field (<i>e.g.</i> in the name field).
</li>
</ul>
<p><a name="WARNING">
<b><code>WARNING</code> Log Messages</b><br>
<p><a name="NOTICE">
<b><code>NOTICE</code> Log Messages</b><br>
<p><a name="INFO">
<b><code>INFO</code> Log Messages</b><br>
<code>INFO</code>-level messages are logged by <code>proftpd</code> when
common events happen: a connection session begins/ends, a user logs in,
idle connections are dropped, <i>etc</i>.
<ul>
<li>"FTP/SSH2 session opened/closed"<br>
When a client connects, a session process begins. The type of session
(<i>i.e.</i> FTP, SSH2, <i>etc</i>) is determined by the server to which
the client connected.
</li>
<p>
<li>"USER <i>user</i>: Login successful" <i>or</i> "ANON <i>user</i>: Login successful"<br>
Successful authentication (via password, or anonymously) happened, as
opposed to a failed authentication/login.
</li>
<p>
<li>"<i>address</i>:<i>port</i> masquerading as <i>address</i>"<br>
This message is logged when the <a href="../modules/mod_core.html#MasqueradeAddress"><code>MasqueradeAddress</code></a> directive is in effect.
</li>
<p>
<li>"Client session idle timeout, disconnected"<br>
The configured <a href="../modules/mod_core.html#TimeoutIdle"><code>TimeoutIdle</code></a> was reached while the client did nothing useful, and so the
client had to be disconnected. This is quite common/normal.
</li>
<p>
<li>"mod_dso: module <i>name</i> already loaded"<br>
This log message happens when a <a href="../modules/mod_dso.html#LoadModule"><code>LoadModule</code></a> directive attempts to load a module which has
already been loaded, either by a previous <code>LoadModule</code> directive
<i>or</i> because the named module is a static module (and is thus always
"loaded"). Either way, this log message indicates that the configuration
has redundant <code>LoadModule</code> directives which can be removed.
</li>
</ul>
<p><a name="DEBUG">
<b><code>DEBUG</code> Log Messages</b><br>
There are many <code>DEBUG</code>-level messages logged by
<code>proftpd</code>. This section will be filled, over time, with the
ones most commonly seen/asked about by users.
<p><a name="strerror">
Many of the reasons for various errors/failures that appear in log messages
(and elsewhere) come from the <code>strerror(3)</code> libc function, which
provides human readable strings, given a numeric <code>errno</code> value.
The table below lists the reason strings you may commonly see, with a fuller
description of what it means.
<p>
<table border=1 summary="Error Messages">
<tr>
<td><b>Message</b></td>
<td><b>Code</b></td>
<td><b>Details</b></td>
</tr>
<tr>
<td>&nbsp;Operation not permitted&nbsp;</td>
<td>&nbsp;<code>EPERM</code>&nbsp;</td>
<td>Indicates that the requested operation cannot be done for some reason,
usually caused by misconfigurations or lack of system support/resources.
Note: Some platforms (<i>e.g.</i> Solaris) actually translate the
<code>EACCES</code> code to this message, which is confusing.
</td>
</tr>
<tr>
<td>&nbsp;Permission denied&nbsp;</td>
<td>&nbsp;<code>EACCES</code>&nbsp;</td>
<td>Means that the request operation is not allowed due to access controls:
the logged-in user does not have sufficient filesystem permissions
to open/read/write/delete a file/directory, the logged-in user (or
client) is barred from access by configuration, <i>etc</i>.
</td>
</tr>
<tr>
<td>&nbsp;Invalid argument&nbsp;</td>
<td>&nbsp;<code>EINVAL</code>&nbsp;</td>
<td>This generic message indicates that the supplied parameters are
considered invalid; the reasons behind this are myriad, depending on
the requested operation.
</td>
</tr>
<tr>
<td>&nbsp;No such file or directory&nbsp;</td>
<td>&nbsp;<code>ENOENT</code>&nbsp;</td>
<td>The requested resource does not exist; can apply to files,
directories, and other non-filesystem resources.
</td>
</tr>
<tr>
<td>&nbsp;Is a directory&nbsp;</td>
<td>&nbsp;<code>EISDIR</code>&nbsp;</td>
<td>The requested operation expects to operate on a file, but the
requested resource was a directory, not a file.
</td>
</tr>
<tr>
<td>&nbsp;Bad file descriptor&nbsp;</td>
<td>&nbsp;<code>EBADF</code>&nbsp;</td>
<td>Read/write/close/delete operation on a file was requested on a
file descriptor which was not already opened.
</td>
</tr>
<tr>
<td>&nbsp;Address already in use&nbsp;</td>
<td>&nbsp;<code>EADDRINUSE</code>&nbsp;</td>
<td>Process is attempting to listen on a network address/port which is
already bound; usually some other process on the system is listening
on that address (<i>e.g.</i> <code>inetd</code>/<code>xinetd</code>).
</td>
</tr>
<tr>
<td>&nbsp;Broken pipe&nbsp;</td>
<td>&nbsp;<code>EPIPE</code>&nbsp;</td>
<td>Process tried to send something to a connected TCP peer, and found
out that the connection had already been closed; can happen when
a firewall/router/NAT between TCP peers silently closes the connection
without informing one or both peers.
</td>
</tr>
<tr>
<td>&nbsp;Connection reset by peer&nbsp;</td>
<td>&nbsp;<code>ECONNRESET</code>&nbsp;</td>
<td>Remote TCP peer sent the <code>RST</code> TCP flag, indicating that
the connection should be reset; this almost always indicates an
issue with the connected client (or some firewall/router/NAT device
between the client and the server).
</td>
</tr>
<tr>
<td>&nbsp;Connection refused&nbsp;</td>
<td>&nbsp;<code>ECONNREFUSED</code>&nbsp;</td>
<td>The remote peer refused to accept the TCP connection; could be
firewalls/routers/NATs in the way, other network ACLs that deny the
connection, <i>etc</i>.
</td>
</tr>
<tr>
<td>&nbsp;Too many open files&nbsp;</td>
<td>&nbsp;<code>EMFILE</code>&nbsp;</td>
<td><b>Per-process</b> limit of number of open files (including sockets)
has been reached.
</td>
</tr>
<tr>
<td>&nbsp;Too many open files in system&nbsp;</td>
<td>&nbsp;<code>ENFILE</code>&nbsp;</td>
<td><b>System-wide</b> limit of number of open files (including sockets)
has been reached.
</td>
</tr>
</table>
<p>
<hr>
<font size=2><b><i>
&copy; Copyright 2013-2017 The ProFTPD Project<br>
All Rights Reserved<br>
</i></b></font>
<hr>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink