Enable VSFTPD logging and its interpretation (repost)
In vsftpd.conf, the following content defines how logs are recorded:
# indicates that the FTP server records upload and download conditions
Xferlog_enable=yes
# indicates that the upload download of the record is written in the file specified by Xferlog_file, which is the file specified in the Xferlog_file option
Xferlog_std_format=yes
Xferlog_file=/var/log/xferlog
# enable double-copy logging. While using Xferlog file to record server upload download situation,
# The file specified by Vsftpd_log_file, or/var/log/vsftpd.log, will also be used to record the server's transport status
Dual_log_enable=yes
Vsftpd_log_file=/var/log/vsftpd.log
The VSFTPD two log files are analyzed as follows:
/var/log/xferlog
Examples of recorded content
Thu Sep 6 09:07:48 7 192.168.57.1 4323279/home/student/phpmyadmin-2.11.0-all-languages.tar.gz b-i r student FTP 0 * C
/var/log/vsftpd.log
Examples of recorded content
Tue Sep 14:59:03 [pid 3460] connect:client "127.0.0.1"
Tue Sep 14:59:24 [pid 3459] [ftp] OK LOGIN; Client "127.0.0.1", anon password "?"
/var/log/xferlog Analysis and parameter description of data in log file
VSFTPD Log Description
The meaning of FTP digital code
110 reboot Tag answer.
120 How long is the service available?
125 Data Link port open, ready to transmit.
150 file status OK, open the data connection port.
200 command execution succeeded.
202 command execution failed.
211 System status or system help response.
212 The status of the catalog.
The status of the 213 file.
214 message for help.
215 Name System type.
220 new online Services ready.
221 The control connection port of the service is off and can be logged off.
225 data connection is turned on, but no transfer action.
226 The data connection port is closed and the requested file operation succeeds.
227 Enter passive mode.
230 users log in.
250 The requested file operation is complete.
257 Displays the current path name.
331 the user name is correct and a password is required.
332 Login required account information.
350 The requested operation requires a command in the next section.
421 Unable to provide service, close control link.
425 The data link cannot be turned on.
426 Close the connection and terminate the transfer.
450 The requested operation was not performed.
451 Command termination: There is a local error.
452 command not executed: insufficient disk space.
500 format error, command not recognized.
501 parameter syntax error.
502 command execution failed.
503 Command sequence error.
The 504 command received an incorrect parameter.
530 not logged in.
532 Storage file requires account login.
550 the requested operation was not performed.
551 The requested command terminates, the type is unknown.
552 the requested file terminates and the storage bit overflows.
553 The requested command is not executed, the name is incorrect.
Enable VSFTPD logging and its interpretation