Understanding the FTP Log

 

 

The FTP log contains a record of all FTP connections but excludes any connections made via SFTP/SSH. The log itself is a plain text file which can be read with any plain text reader.

 

The FTP log entries

A sample entry from an FTP log is:

Tue Jul 17 12:59:37 2012 0 123.456.789.000 750 /home/$USER/public_html/index.html b _ i r $USER ftp 1 * c

Tue Jul 17 12:59:37 2012 0 123.456.789.000 750 /home/$USER/public_html/index.html b _ o r $USER ftp 1 * c


The first part gives you:

♦ the weekday, date and time of the operation

♦ the IP address of the person connecting via FTP

♦ the file size in bytes

♦ the file path

 

FIRST LETTER : TRANSFER MODE

♦ a = ascii

♦ b = binary

Underscore: A letter in this position would indicate any special operations, like gzipping or tarring the data on-the-fly. “_”, meaning “no special operation”.

 

SECOND LETTER : TRANSFER DIRECTION

♦ i = input (= upload = FTP PUT)

♦ o = output (=download = FTP GET)

 

THIRD LETTER : ACCESS MODE

♦ a = anonymous

♦ g = guest user

♦ r = regular user

Followed by the username of the person performing the operation.

ftp 1 *“: service name, authentication method and authentication user id (if applicable). This is a constant string that carries no useful information.

 

THE LAST LETTER : COMPLETION STATUS

♦ c = completed

♦ i = interrupted (transfer failed)

 

Revisions

There are no revisions for this post.

Tags: , ,

No comments yet.

Leave a Reply