Log format

Post here if you have some suggestions or you want to request a new feature.
Post Reply
norus
Posts: 11
Joined: Fri Nov 04, 2011 2:28 pm

Log format

Post by norus »

It would be really nice to see some "standardazied" logging format for domain logs, especially. We need to provide our customers detailed reports and current format is not easy to parse.

Do you think you could have a look at it and create something like vsftpd did?

Code: Select all

Mon Jun 28 17:49:00 2010 1 192.168.166.254 158720 /Documents/SESSIONS/EC/EC-LXII/Russian/PINKs_tracked-changes/pink03-5_WIS_ru.doc b _ o a IEUser@ ftp 0 * c
EDIT:

By the way, dear developers, could you explain what the first column stands for?

Code: Select all

[02] Wed, 23 Jan 2013 00:00:01 (0001419) Connected from 77.190.16.233 (local address 192.168.14.20, port 21)
[04] Wed, 23 Jan 2013 00:00:01 (0001419) 220 ftp.foo.com ready...
[03] Wed, 23 Jan 2013 00:00:01 (0001419) USER anonymous
[04] Wed, 23 Jan 2013 00:00:01 (0001419) 331 Password required for anonymous
[03] Wed, 23 Jan 2013 00:00:01 (0001419) PASS **********
[04] Wed, 23 Jan 2013 00:00:01 (0001419) 230 User anonymous logged in.
[03] Wed, 23 Jan 2013 00:00:01 (0001419) PASV
[04] Wed, 23 Jan 2013 00:00:01 (0001419) 227 Entering Passive Mode (192,168,14,20,8,205)
[03] Wed, 23 Jan 2013 00:00:01 (0001419) CWD somedirectory
[04] Wed, 23 Jan 2013 00:00:01 (0001419) 250 CWD command successful. "/somedirectory" is current directory.
[03] Wed, 23 Jan 2013 00:00:01 (0001419) TYPE A
[04] Wed, 23 Jan 2013 00:00:01 (0001419) 200 Type set to A
[03] Wed, 23 Jan 2013 00:00:01 (0001419) NLST .
[04] Wed, 23 Jan 2013 00:00:01 (0001419) 150 Opening data channel for directory list.
[04] Wed, 23 Jan 2013 00:00:01 (0001419) 226 Transfer ok.
[03] Wed, 23 Jan 2013 00:00:01 (0001419) TYPE I
[04] Wed, 23 Jan 2013 00:00:01 (0001419) 200 Type set to I
[03] Wed, 23 Jan 2013 00:00:01 (0001419) PASV
[04] Wed, 23 Jan 2013 00:00:01 (0001419) 227 Entering Passive Mode (192,168,14,20,8,206)
[03] Wed, 23 Jan 2013 00:00:01 (0001419) RETR 20130121.zip
[04] Wed, 23 Jan 2013 00:00:01 (0001419) 150 Data connection accepted; transfer starting for  20130121.zip (20525862 Bytes).
[04] Wed, 23 Jan 2013 00:00:27 (0001419) 226 File sent ok.Transfer bytes:20525862Bytes;Average speed is:20044.787KB/s
[03] Wed, 23 Jan 2013 00:00:28 (0001419) QUIT
[04] Wed, 23 Jan 2013 00:00:28 (0001419) 221 Goodbye.
[02] Wed, 23 Jan 2013 00:00:28 (0001419) Closed session,disconnected from 77.190.16.233
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Log format

Post by FTP »

The first column means the message type, and we will consider to improve the log system.
norus
Posts: 11
Joined: Fri Nov 04, 2011 2:28 pm

Re: Log format

Post by norus »

And can you please explain what message types you have? In the meanwhile, we're writing our own parser to feed to some analytics tool.
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Log format

Post by FTP »

You can click on the button "Domain Log -> Log Legend".
norus
Posts: 11
Joined: Fri Nov 04, 2011 2:28 pm

Re: Log format

Post by norus »

Thank you for clarifying. And what does column nr. 7 represent? Is it session id (0001419)?

Code: Select all

[02] Wed, 23 Jan 2013 00:00:01 (0001419) Connected from 77.190.16.233 (local address 192.168.14.20, port 21)
Because I can see 3 different source IPs below:

[02] Wed, 23 Jan 2013 13:48:26 (0000002) Connected from 111.163.121.110 (local address 192.168.14.20, port 21)
[04] Wed, 23 Jan 2013 13:48:26 (0000002) 220 ftp.foo.org ready...
[03] Wed, 23 Jan 2013 13:48:26 (0000002) USER anonymous
[04] Wed, 23 Jan 2013 13:48:26 (0000002) 331 Password required for anonymous
[03] Wed, 23 Jan 2013 13:48:26 (0000002) PASS **********
[04] Wed, 23 Jan 2013 13:48:26 (0000002) 230 User anonymous logged in.
[03] Wed, 23 Jan 2013 13:48:26 (0000002) SYST
[04] Wed, 23 Jan 2013 13:48:26 (0000002) 215 UNIX Type: L8
[03] Wed, 23 Jan 2013 13:48:26 (0000002) PWD
[04] Wed, 23 Jan 2013 13:48:26 (0000002) 257 "/" is current directory.
[03] Wed, 23 Jan 2013 13:48:26 (0000002) TYPE I
[04] Wed, 23 Jan 2013 13:48:26 (0000002) 200 Type set to I
[03] Wed, 23 Jan 2013 13:48:26 (0000002) EPSV
[04] Wed, 23 Jan 2013 13:48:26 (0000002) 229 Entering Extended Passive Mode (|||1024|)
[03] Wed, 23 Jan 2013 13:49:42 (0000002) PASV
[04] Wed, 23 Jan 2013 13:49:42 (0000002) 227 Entering Passive Mode (192,168,14,20,4,1)
[03] Wed, 23 Jan 2013 13:49:42 (0000002) QUIT
[04] Wed, 23 Jan 2013 13:49:42 (0000002) 221 Goodbye.
[02] Wed, 23 Jan 2013 13:49:42 (0000002) Closed session,disconnected from 111.163.121.110
[02] Wed, 23 Jan 2013 14:28:52 (0000002) Connected from 111.194.138.132 (local address 192.168.14.20, port 21)
[04] Wed, 23 Jan 2013 14:28:52 (0000002) 220 ftp.foo.org ready...
[02] Wed, 23 Jan 2013 14:28:53 (0000002) Closed session,disconnected from 111.194.138.132
[02] Wed, 23 Jan 2013 15:10:06 (0000002) Connected from 111.246.5.12 (local address 192.168.14.20, port 21)
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 220 ftp.foo.org ready...
[03] Wed, 23 Jan 2013 15:10:06 (0000002) USER anonymous
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 331 Password required for anonymous
[03] Wed, 23 Jan 2013 15:10:06 (0000002) PASS **********
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 230 User anonymous logged in.
[03] Wed, 23 Jan 2013 15:10:06 (0000002) CWD qwer/madrid/romarin
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 250 CWD command successful. "/qwer/madrid/romarin" is current directory.
[03] Wed, 23 Jan 2013 15:10:06 (0000002) TYPE I
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 200 Type set to I
[03] Wed, 23 Jan 2013 15:10:06 (0000002) PORT 217,246,5,12,201,236
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:06 (0000002) RETR 20130122.zip
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:06 (0000002) PORT 217,246,5,12,201,237
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:06 (0000002) RETR 20130123.zip
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:06 (0000002) CWD ..
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 250 CWD command successful. "/qwer/madrid" is current directory.
[03] Wed, 23 Jan 2013 15:10:06 (0000002) CWD gazette
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 250 CWD command successful. "/qwer/madrid/gazette" is current directory.
[03] Wed, 23 Jan 2013 15:10:06 (0000002) PORT 217,246,5,12,201,238
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:06 (0000002) RETR i201303.zip
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:06 (0000002) PORT 217,246,5,12,201,239
[04] Wed, 23 Jan 2013 15:10:06 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201304.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:07 (0000002) PORT 217,246,5,12,201,240
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201305.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:07 (0000002) PORT 217,246,5,12,201,241
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201306.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:07 (0000002) PORT 217,246,5,12,201,242
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201307.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:07 (0000002) PORT 217,246,5,12,201,243
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201308.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:07 (0000002) PORT 217,246,5,12,201,244
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201309.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:07 (0000002) PORT 217,246,5,12,201,245
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201310.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:07 (0000002) PORT 217,246,5,12,201,246
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201311.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:07 (0000002) PORT 217,246,5,12,201,247
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201312.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:07 (0000002) PORT 217,246,5,12,201,248
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201313.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:07 (0000002) PORT 217,246,5,12,201,249
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201314.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:07 (0000002) PORT 217,246,5,12,201,250
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:07 (0000002) RETR i201315.zip
[04] Wed, 23 Jan 2013 15:10:07 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:08 (0000002) PORT 217,246,5,12,201,251
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:08 (0000002) RETR i201316.zip
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:08 (0000002) PORT 217,246,5,12,201,252
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:08 (0000002) RETR i201317.zip
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:08 (0000002) PORT 217,246,5,12,201,253
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:08 (0000002) RETR i201318.zip
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:08 (0000002) PORT 217,246,5,12,201,254
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:08 (0000002) RETR i201319.zip
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:08 (0000002) PORT 217,246,5,12,201,255
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:08 (0000002) RETR i201320.zip
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:08 (0000002) PORT 217,246,5,12,202,0
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:08 (0000002) RETR i201321.zip
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:08 (0000002) PORT 217,246,5,12,202,1
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:08 (0000002) RETR i201322.zip
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:08 (0000002) PORT 217,246,5,12,202,2
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:08 (0000002) RETR i201323.zip
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:08 (0000002) PORT 217,246,5,12,202,3
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:08 (0000002) RETR i201324.zip
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:08 (0000002) CWD ..
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 250 CWD command successful. "/qwer/madrid" is current directory.
[03] Wed, 23 Jan 2013 15:10:08 (0000002) CWD romarin/pending
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 250 CWD command successful. "/qwer/madrid/romarin/pending" is current directory.
[03] Wed, 23 Jan 2013 15:10:08 (0000002) PORT 217,246,5,12,202,4
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 200 Port command successful
[03] Wed, 23 Jan 2013 15:10:08 (0000002) RETR pending.zip
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 550 File not found
[03] Wed, 23 Jan 2013 15:10:08 (0000002) QUIT
[04] Wed, 23 Jan 2013 15:10:08 (0000002) 221 Goodbye.
[02] Wed, 23 Jan 2013 15:10:08 (0000002) Closed session,disconnected from 111.246.5.12
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Log format

Post by FTP »

Yes, that's the session ID.
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Log format

Post by FTP »

BTW, do you just need to record information such as user login, download and upload?
norus
Posts: 11
Joined: Fri Nov 04, 2011 2:28 pm

Re: Log format

Post by norus »

This is what would be nice to have, but of course, up to you to decide.

Datetime, Source IP, Method (RETR, STOR etc.), Requested file, Requested file size, Username, Download speed and/or Upload speed.
norus
Posts: 11
Joined: Fri Nov 04, 2011 2:28 pm

Re: Log format

Post by norus »

How is it possible that a single FTP session can have multiple "Connected from" lines? Can it be a bug?
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Log format

Post by FTP »

Did you restart the WingFTP service between two sessions?
Post Reply