How to Read a Pure FTPD log file?

Question

I'm trying to analyze my FTP log to investigate some unauthorized access, but I can't make sense of some of the far right columns.

Thu Oct 01 00:13:55 2009 0 92.54.102.153 2547 /home/user1/public_html/index.html a _ o r user1 ftp 1 * c
Thu Oct 01 00:13:58 2009 0 77.252.189.148 2606 /home/user1/public_html/index.html a _ i r user1 ftp 1 * c

I can't find any documentation on how to read these logs.

score 7 · Accepted Answer · answered Oct 13 '09 at 19:25

7

Here is the website describing your log format. It has a good description of what every field in your log file means.

answered Oct 13 '09 at 19:25

Josh Budde

2,368

score 1 · Answer 2 · answered Apr 19 '24 at 03:33

That log file format is called xferlog :

The default format of the xferlog for ProFTP contains the following information on each line:

current-time

Fri April 19 13:18:51 2024

transfer-time

whole seconds

remote-host file-size

size of transferred file in bytes

file-name transfer-type

a = ascii; b = binary

special-action-flag

C = compressed; U = uncompressed; T = tar'ed; _ = no action was taken

direction

o = outgoing; i = incoming; d = deleted

access-mode

a = anonymous; r = real

username service-name

usually ftp

authentication-method

0 = none; 1 = RFC931 Authentication

authenticated-user-id

user id or '*'

completion-status

c = complete; i = incomplete

How to Read a Pure FTPD log file?

2 Answers2