6

I'm trying to analyze my FTP log to investigate some unauthorized access, but I can't make sense of some of the far right columns.

Thu Oct 01 00:13:55 2009 0 92.54.102.153 2547 /home/user1/public_html/index.html a _ o r user1 ftp 1 * c
Thu Oct 01 00:13:58 2009 0 77.252.189.148 2606 /home/user1/public_html/index.html a _ i r user1 ftp 1 * c

I can't find any documentation on how to read these logs.

Castaglia
  • 3,239
  • 3
  • 19
  • 40
user22872
  • 85
  • 1
  • 1
  • 5

1 Answers1

7

Here is the website describing your log format. It has a good description of what every field in your log file means.

Josh Budde
  • 2,378
  • 14
  • 7
  • Awesome. I'm wondering if the proftpd and pureftpd log files are the same, or maybe I'm wrong about what's running on my server? – user22872 Oct 15 '09 at 14:21
  • Your link was really hard to spot at the start there. It was exactly what I was after though. Thanks. =) – Wireblue Nov 25 '12 at 23:10