1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
|
#
# $Id: SYSLOG,v 1.8 2002/05/02 14:25:04 mt Exp $
#
# These are all currently existing syslog(3) message types
# except of the USER-DBG and TECH-DBG levels.
#
# TECH-FTL are usually internal program errors, where
# a function receives no argument or the like.
#
# TECH-ERR are usually errors which cannot be corrected
# and may lead to program termination. If the
# errno variable has a non-zero value, it will
# appended to the error message in the form:
# ... (errno=<errno> [err-string])
#
# TECH-WRN are usually conditions that indicate some sort
# of misbehaviour, but need no immediate action.
#
# TECH-INF are usually confirmation or progress messages
# and can be ignored in terms of auditing.
#
# USER-FTL do not exist at the time of this writing.
#
# USER-ERR are usually situations that ask for some kind
# of operator investigation. Most likely some
# illegal action has been tried and rejected.
#
# USER-WRN are usually situations that operators might
# want to look into just out of curiosity. If
# they don't, nothing will happen -- probably.
#
# USER-INF are usually situations that show some legal
# user actions or statistics. They can always
# be ignored, but operators might want to keep
# them for maintaining an audit trail.
#
#
# The following variables are used in this discussion:
#
# <prog> name of the current program
# <file> file, including source file
# <dir> directory (e.g. for chroot)
# <line> source line
# <hls> "High Level Socket"
# <ctyp> HLS "Connection Type":
# Cli-Ctrl, Cl-Data, Srv-Ctrl, Srv-Data
# <name> symbolic name, incl. config options
# <value> value, usually for a config option
# <gid> UNIX style group ID
# <uid> UNIX style user ID
# <addr> IP address in dotted decimal notation
# <port> TCP port number as a umber
# <sock> socket number (sort of file descriptor)
# <cmd> FTP command
# <arg> argument to an FTP command
# <user> FTP user name
# <num> number of, i.e. bytes, secs, ...
# <code> response code from an FTP server
# <opt> Telnet option
# <lwr> lower end of a port range
# <upr> upper end of a port range
# <regex> POSIX 1002.3 regular expression
#
# The following paragraphs summarize the exact wording of all
# currently implemented syslog(3) messages, sorted by source
# file.
#
# Source file: ++++ common/com-config.c
Severity Pattern Text
======== ======== ===============================================
crit TECH-FTL <prog> (<file>:<line>): config_line: ?fp?
crit TECH-FTL <prog> (<file>:<line>): config_read: ?file?
crit TECH-FTL <prog> (<file>:<line>): config_int: ?name?
crit TECH-FTL <prog> (<file>:<line>): config_bool: ?name?
crit TECH-FTL <prog> (<file>:<line>): config_str: ?name?
crit TECH-FTL <prog> (<file>:<line>): config_addr: ?name?
crit TECH-FTL <prog> (<file>:<line>): config_port: ?name?
crit TECH-FTL <prog> (<file>:<line>): config_uid: ?name?
crit TECH-FTL <prog> (<file>:<line>): config_gid: ?name?
err TECH-ERR can't open config file '<file>'
warn TECH-WRN no config value for '<name>'
info TECH-INF Config-File: '<file>'
info TECH-INF Config-Section ------ '<name>'
info TECH-INF Config: <name> = '<value>'
# Source file: ++++ common/com-misc.c
Severity Pattern Text
======== ======== ===============================================
crit TECH-FTL <prog> (<file>:<line>): misc_alloc: ?len?
crit TECH-FTL <prog> (<file>:<line>): out of memory
crit TECH-FTL <prog> (<file>:<line>): misc_strdup: ?str?
err TECH-ERR can't remove pidfile '<file>'
err TECH-ERR can't open pidfile '<file>'
err TECH-ERR can't chroot to '<dir>'
err TECH-ERR can't determine Group-ID to use
err TECH-ERR can't set Group-ID to <gid>
err TECH-ERR can't determine User-ID to use
err TECH-ERR can't set User-ID to <uid>
# Source file: ++++ common/com-socket.c
Severity Pattern Text
======== ======== ===============================================
crit TECH-FTL <prog> (<file>:<line>): socket_kill: ?hls?
crit TECH-FTL <prog> (<file>:<line>): socket_gets: ?hls? ?ptr? ?len?
crit TECH-FTL <prog> (<file>:<line>): socket_flag: ?hls?
crit TECH-FTL <prog> (<file>:<line>): socket_write: ?hls? ?ptr?
crit TECH-FTL <prog> (<file>:<line>): socket_printf: ?hls? ?fmt?
crit TECH-FTL <prog> (<file>:<line>): socket_file: ?hls? ?file?
crit TECH-FTL <prog> (<file>:<line>): socket_ll_read: ?hls?
crit TECH-FTL <prog> (<file>:<line>): socket_ll_write: ?hls?
crit TECH-FTL <prog> (<file>:<line>): socket_msgline: ?fmt?
crit TECH-FTL <prog> (<file>:<line>): socket_d_listen: ?phls? ?ctyp?
crit TECH-FTL <prog> (<file>:<line>): socket_d_listen: ?*phls?
crit TECH-FTL <prog> (<file>:<line>): socket_d_connect: ?phls? ?ctyp?
crit TECH-FTL <prog> (<file>:<line>): socket_d_connect: ?*phls?
err TECH-ERR can't create listener socket
err TECH-ERR can't bind to <addr>:<port>
err TECH-ERR can't accept client
err TECH-ERR can't execute select
err TECH-ERR can't accept <ctyp>
err TECH-ERR can't create <ctyp> socket
err TECH-ERR can't read from <sock>=<addr>
err TECH-ERR can't ll_read: <ctyp> <sock>=<addr>
err TECH-ERR can't ll_write: <ctyp> <sock>=<addr>
err TECH-ERR can't get num of bytes: <ctyp> <sock>=<addr>
err TECH-ERR can't get sockname for socket <sock>
err TECH-ERR can't get peername for socket <sock>
err TECH-ERR can't get iptables transparent destination
err TECH-ERR can't get ipnat transparent destination
err TECH-ERR can't open ipnat device '<file>'
warn TECH-WRN port <port> is in use...
err USER-ERR <name> reject: '<addr>' (Wrap)
# Source file: ++++ common/com-syslog.c
Severity Pattern Text
======== ======== ===============================================
crit TECH-FTL <prog> (<file>:<line>): invalid log level '<file>'
crit TECH-FTL <prog> (<file>:<line>): can't remove logfile '<file>'
crit TECH-FTL <prog> (<file>:<line>): can't open logfile '<file>'
crit TECH-FTL <prog> (<file>:<line>): can't open logpipe '<value>'
crit TECH-FTL <prog> (<file>:<line>): can't rotate logfile '<file>'
info TECH-INF reopening log - new destination is '<file>'
info TECH-INF rotating log file '<file>'
# Source file: ++++ common/com-debug.c
Severity Pattern Text
======== ======== ===============================================
crit TECH-FTL <prog> (<file>:<line>): invalid debug settings <value> / <file>
# Source file: ++++ ftp-proxy/ftp-client.c
Severity Pattern Text
======== ======== ===============================================
crit TECH-FTL <prog> (<file>:<line>): client_run: ?cli_ctrl?
err TECH-ERR bad response <num> from server for <addr>
err TECH-ERR bad PASV 227 response from server for <addr>
err TECH-ERR can't connect Srv-Data for <addr>
err TECH-ERR can't connect Cli-Data for <addr>
err TECH-ERR Srv-Ctrl: can't create socket for <addr>
err TECH-ERR Srv-Ctrl: can't bind to <addr>:<port> for <addr>
err TECH-ERR Srv-Ctrl: can't connect <addr>:<port> for <addr>
warn TECH-WRN server closed connection for <addr>
warn TECH-WRN bogus '<code>' from Server-PI for <addr>
info TECH-INF '<cmd> <arg>' sent for <addr>
info TECH-INF '<cmd>' sent for <addr>
err USER-ERR reject: '<addr>' (DenyMessage)
warn USER-WRN WILL/WONT refused for <addr>
warn USER-WRN DO/DONT refused for <addr>
warn USER-WRN <cmd> from <addr> not allowed
warn USER-WRN bad arg '<arg>' for '<cmd>' from <addr>: <errmsg>
warn USER-WRN unknown '<cmd>' from <addr>
info USER-INF connect from <addr>
info USER-INF IAC-<opt> from <addr>
info USER-INF Transfer for <addr>: <cmd> '<arg>' read <num>/<num> byte/sec
info USER-INF Transfer for <addr>: <cmd> '<arg>' send <num>/<num> byte/sec
info USER-INF closing connect from <addr> after <num> secs - read <num>/<num>, sent <num>/<num> byte/sec
# Source file: ++++ ftp-proxy/ftp-cmds.c
Severity Pattern Text
======== ======== ===============================================
crit TECH-FTL <prog> (<file>:<line>): cmds_pthr: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_pthr: ?curr_cmd?
crit TECH-FTL <prog> (<file>:<line>): cmds_user: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_user: ?srv_ctrl?
crit TECH-FTL <prog> (<file>:<line>): cmds_pass: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_rein: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_quit: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_port: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_pasv: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_xfer: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_xfer: ?curr_cmd?
crit TECH-FTL <prog> (<file>:<line>): cmds_xfer: ?mode <mode>?
crit TECH-FTL <prog> (<file>:<line>): cmds_abor: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_auth: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_reg_comp: ?ppre?
crit TECH-FTL <prog> (<file>:<line>): cmds_reg_exec: ?regex? ?str?
crit TECH-FTL <prog> (<file>:<line>): cmds_apsv: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_eprt: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): cmds_epsv: ?ctx?
err TECH-ERR check of transparent destination failed
err TECH-ERR Srv-Data: can't bind to <addr>:<lwr>-<upr> for <addr>
err TECH-ERR Cli-Data: can't bind to <addr>:<lwr>-<upr> for <addr>
err TECH-ERR can't eval RegEx '<regex>': <errmsg>
warn TECH-WRN can't open NAT file '<file>'
info TECH-INF 'PORT <addr>:<port>' for <addr>
info TECH-INF transparent proxy request to <addr>:<port> from <addr>
err USER-ERR unknown destination address
warn USER-WRN '<cmd>' without login from <addr>
warn USER-WRN 'USER' without name from <addr>
warn USER-WRN 'USER' without auth from <addr>
warn USER-WRN bad arg '<arg>' for '<cmd>' from <addr>: <errmsg>
warn USER-WRN bad 'USER@' dest '<addr>:<port>' from <addr>
warn USER-WRN 'PASS' without login from <addr>
warn USER-WRN syntax error in 'PORT' from <addr>
warn USER-WRN different address in 'PORT' from <addr>
warn USER-WRN killing old PASV socket for <addr>
warn USER-WRN 'ABOR' from <addr>
info USER-INF '<cmd>' from <addr>
info USER-INF '<cmd> <arg>' from <addr>
info USER-INF 'USER <user>' dest <addr>:<port> from <addr>
info USER-INF 'USER <user>' from <addr>
info USER-INF PASV set to <addr>:<port> for <addr>
# Source file: ++++ ftp-proxy/ftp-daemon.c
Severity Pattern Text
======== ======== ===============================================
err TECH-ERR can't fork daemon
err TECH-ERR can't detach daemon
err TECH-ERR can't bind daemon to <port>
err TECH-ERR can't write config file into chroot
err TECH-ERR child with PID <value> went away (removing it)
err TECH-ERR can't fork client
warn TECH-WRN can't fork client now
err USER-ERR reject: '<addr>' (ForkLimit <num>)
err USER-ERR reject: '<addr>' (MaxClients <num>)
# Source file: ++++ ftp-proxy/ftp-ldap.c
Severity Pattern Text
======== ======== ===============================================
crit TECH-FTL <prog> (<file>:<line>): ldap_setup_user: ?ctx?
crit TECH-FTL <prog> (<file>:<line>): ldap_fetch: ?ctx? ?srv?
crit TECH-FTL <prog> (<file>:<line>): ldap_fetch: ?BaseDN?
crit TECH-FTL <prog> (<file>:<line>): ldap_fetch: ?ObjectClass?
crit TECH-FTL <prog> (<file>:<line>): ldap_fetch: ?Identifier?
crit TECH-FTL <prog> (<file>:<line>): ldap_attrib: ?ld? ?e? ?attr?
err TECH-ERR can't read LDAP data for <addr>: <errmsg>
err TECH-ERR can't eval DestAddr for <addr>
err TECH-ERR can't eval DestPort for <addr>
err TECH-ERR can't eval DestMode for <addr>
err TECH-ERR can't reach LDAP server <addr>:<port>
err TECH-ERR can't bind LDAP using dn '<bind-dn>'
err TECH-ERR can't bind LDAP anonymously
err TECH-ERR invalid user name or with asterisk
err TECH-ERR ldap user auth - prefix missed
info USER-INF reading data for '<user>' from LDAP
info USER-INF reading data for '<user>' from cfg-file
err USER-ERR LDAP user auth failed for <user> from <auth>
err USER-ERR access denied for <user>
# Source file: ++++ ftp-proxy/ftp-main.c
Severity Pattern Text
======== ======== ===============================================
err TECH-ERR can't run without an destination address
##################################################################
# $Log: SYSLOG,v $
# Revision 1.8 2002/05/02 14:25:04 mt
# updated to match v1.9 messages, removed debug level
#
# Revision 1.7 2002/05/02 13:13:31 mt
# merged with v1.8.2.2
#
# Revision 1.6.2.1 2002/04/04 14:30:44 mt
# improved transparent proxy log messages
#
# Revision 1.6 2002/01/14 19:03:58 mt
# added transparent proxying, extended transfer messages, actualized
#
# Revision 1.5 1999/10/19 10:19:15 wiegand
# use port range also for control connection to server
#
# Revision 1.4 1999/09/30 09:48:57 wiegand
# added dynamic TranslatedAddress via file
#
# Revision 1.3 1999/09/24 06:38:52 wiegand
# added regular expressions for all commands
# removed character map and length of paths
# added flag to reset PASV on every PORT
# added "magic" user with built-in destination
# added some argument pointer fortification
#
# Revision 1.2 1999/09/21 07:13:07 wiegand
# syslog / abort cleanup and review
#
# Revision 1.1 1999/09/15 14:06:22 wiegand
# initial checkin
#
##################################################################
|
