How to read FTP operations logs in XFERLOG format?
DESCRIPTION The xferlog file contains logging information from the FTP server daemon, proftpd(8). This file usually is found in /var/log but can be located anywhere by using a proftpd(8) configuration directive. Each server entry is composed of a single line of the following form, with all fields being separated by spaces. current-time transfer-time remote-host file-size filename transfer-type special-action-flag direction access-mode username service-name authentication-method authenticated-user-id completion-status current-time is the current local time in the form "DDD MMM dd hh:mm:ss YYYY". Where DDD is the day of the week, MMM is the month, dd is the day of the month, hh is the hour, mm is the minutes, ss is the seconds, and YYYY is the year. transfer-time is the total time in seconds for the transfer. remote-host is the remote host name. file-size is the size of the transferred file in bytes. filename is the name of the transferred file. If the filename contains any spaces or control characters, each such character is replaced by an underscore ('_') character. transfer-type is a single character indicating the type of transfer. Can be one of: a for an ascii transfer b for a binary transfer special-action-flag is one or more single character flags indicating any special action taken. Can be one or more of: C file was compressed U file was uncompressed T file was tar'ed _ no action was taken direction is the direction of the transfer. Can be one of: o outgoing i incoming d deleted access-mode is the method by which the user is logged in. Can be one of: a (anonymous) is for an anonymous guest user. r (real) is for a local authenticated user. username is the local username, or if guest, the ID string given. service-name is the name of the service being invoked, usually FTP. authentication-method is the method of authentication used. Can be one of: 0 none 1 RFC931 Authentication authenticated-user-id is the user id returned by the authentication method. A * is used if an authenticated user id is not available. completion-status is a single character indicating the status of the transfer. Can be one of: c complete transfer i incomplete transfer AUTHORS ProFTPD is written and maintained by a number of people, full credits can be found on http://www.proftpd.org/credits.html
Source: man xferlog
Despite the best efforts for this site to be up-to-date, some of the information in the FAQ may be outdated. If you have and doubts or questions feel free to contact us by mail or by the phone.
Any ideas for our FAQ?Contact us | © 2006-2024 Popgunservers.com |