CODEWITHSUNDEEP
windowsiisftpftp-client
madmachine
madmachine

Reputation: 9

Need to know FTP files transferred

We have an IIS FTP setup, i see the logs are in "C:\inetpub\logs\LogFiles\FTPSVC2" But from these logs how can we know what files were transferred? is there a possibility to get the file name in the logs for FTP sites? Also there are no logs collected for last two days, how do we know the reason for no logs? please can someone advise

tried to check the logs from C:\inetpub\logs\LogFiles\FTPSVC2 but seems like there are no files details in these logs, i wanted to know if there is a way to capture the files name that are being transferred

Upvotes: -1

Views: 705

Answers (1)

YurongDai
YurongDai

Reputation: 2430

In the IIS FTP log, the log file uses the W3C extended log file format. The detailed level of the log content depends on the W3C fields configured in IIS. You should see columns with headers, such as date, time, c-ip, cs-username, s-ip, s-port, cs-method, cs-uri-stem, cs-uri-query, sc-status, sc-bytes, cs-bytes, etc.

enter image description here

You need to check the cs-method column and the corresponding cs-uri-stem column in the FTP logs.

Method (cs-method): Logs the HTTP method, such as GET, that is used in the request.

URI Stem (cs-uri-stem): Logs the Uniform Resource Identifier (URI) that is the target of the action.

For example:

date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status
2023-12-14 12:34:56 192.168.1.1 - 192.168.1.2 21 GET /Default.htm - 200

"GET" means that the user issues a GET or download command. "/Default.htm" indicates that the user wants to download the content of Default.htm.

For more information about the W3C fields, please refer to:

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831624(v=ws.11)#information-to-log-dialog-box

For a list of methods available in IIS ftp logging, please refer to:

https://superuser.com/questions/1467775/what-are-the-list-of-methods-available-in-iis-ftp-logging.

For the W3C extended log file examples, please refer to:

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc738725(v=ws.10)#example-of-an-ftp-site

Regarding the problem you mentioned that no logs have been collected in the past two days, I suggest you first check whether the IIS FTP log configuration has set a size limit for the IIS log file. If the limit is reached, new log files may not be created. Also try restarting the IIS service, sometimes this can resolve logging issues due to some reasons.

Upvotes: 0

Related Questions