Reputation: 3731
What is the syntax of the FTP log file
I'm trying to go through some of my FTP logs to examine an issue I've experienced. But the log files have some shorthand flags, I don't know what they mean, and I am unable to find any sort of documentation on it.
An example of a line from the FTP log is:
Tue Jan 05 17:18:22 2016 0 1.2.3.4 3581 /path/to/file/file.php a _ o r username ftp 1 * c
Date and time are obvious, 1.2.3.4 would be my IP address, 3581 I'm assuming is the Linux PID, username is my FTP account username.
The ending of the line, a _ o r username ftp 1 * c (except for username and ftp) is what I'm most confused about. And the 0 between the date and my IP address.
Is there any documentation somewhere about what all those flags represent?
Upvotes: 1
Views: 4343
Answers (2)
Reputation: 3089
The format of that log line appears to be the xferlog(5) format, traditionally used by many FTP servers.
Upvotes: 1
Reputation: 34002
Based on https://svn.apache.org/repos/asf/httpd/mod_ftp/trunk/modules/ftp/ftp_log.c you have the following ftp-specific variables:
These callbacks extend mod_log_config by adding additional
% directives as follows:
%..M The mode that was used to transfer the file.
A single character is printed, a (ascii) or b (binary)
%..F Any action that was taken on the file (concationated as needed)
C - file was compressed.
U - file was uncompressed.
T - file was tarred.
_ - no action taken.
%..d Direction the file was sent.
o - outgoing
i - incoming
%..W How the file was accessed.
r - real
a - anonymous
g - guest
%..S Service name, usually 'ftp'
%..Z Authentication method
0 - no auth
1 - rfc931 auth
%..Y Authenticated user id
* - if not available
The "normal" Apache variables can be found here: https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats
With a default log format of (based on https://httpd.apache.org/mod_ftp/ftp/ftp_tls.html)
LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z %Y" ftp_transfer
Combined it seems to be:
Date (%{%b %e %H:%M:%S %Y}t)
The time taken to serve the request, in seconds. (%T)
Client IP address of the request (%a)
Size of response in bytes, excluding HTTP headers. (%B)
The URL path requested, not including any query string. (%U)
The mode that was used to transfer the file, a=ascii, b=binary (%M)
Any action that was taken on the file (%F)
Direction the file was sento=outgoing, i=incoming (%d)
How the file was accessed (%W)
username (%u)
Service name, usually 'ftp' (%S)
Authentication method 0=none, 1=rfc9321 (%Z)
Authenticated user id *=n/a (%Y)
Upvotes: 0
Related Questions
- When to use the different log levels
- How to have 'git log' show filenames like 'svn log -v'
- logger configuration to log to file and print to stdout
- Making Python loggers output all messages to stdout in addition to log file
- The shortest possible output from git log containing author and date
- How to log PostgreSQL queries?
- How to output git log with the first line only?
- How do I log a Python error with debug information?
- Where is the Docker daemon log?
- What is the difference between active and passive FTP?