LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Does VSFTP log when people upload/download from server? (http://www.linuxquestions.org/questions/linux-newbie-8/does-vsftp-log-when-people-upload-download-from-server-767404/)

rjo98 11-06-2009 04:32 PM

Does VSFTP log when people upload/download from server?
 
Does VSFTP log when people upload/download from server? I have a case where someone swears they uploaded some files to our ftp site, but the people who pull the files down say they were never there. I'd like to solve the he said she said debate with some proof if i can find it, but I don't even know where to look or if its even possible to have this stuff logged?

bathory 11-06-2009 04:36 PM

Hi,

You can check /etc/vsftpd.conf to see if logging is enabled and the location/name of the logfile.

Regards

rjo98 11-06-2009 04:53 PM

Great, it did log all the ins and outs. now if only i could find out if someone deleted the files or not, i see they were uploaded successfully.

bathory 11-06-2009 05:15 PM

If the files were deleted from inside an ftp session, you cannot find who deleted them, unless you had the following 2 options set in vsftpd.conf
Code:

log_ftp_protocol=YES
xferlog_std_format=NO

In that case the debug logs are written to /var/log/vsftpd.log by default.
If you suspect the files were deleted from cli (or an ssh session), you can check the user's history, if he/she was not clever enough to clear it.

Regards

rjo98 11-06-2009 05:23 PM

I have the xferlog_std_format set to YES right now. I read the description in the file for that one and don't understand what that's for.

I don't even have the log_ftp_protocol in my current file. is that bad?

bathory 11-06-2009 05:32 PM

Quote:

Originally Posted by rjo98 (Post 3747635)
I have the xferlog_std_format set to YES right now. I read the description in the file for that one and don't understand what that's for.
I don't even have the log_ftp_protocol in my current file. is that bad?

No, these 2 options are used for debugging reasons, if they set to NO and YES respectively. In normal operation you need only to see the file transfers and not all the stuff that is logged for debugging, so you have to disable the log_ftp_protocol.
Of course this way you cannot tell if someone deleted any files using ftp.

rjo98 11-06-2009 05:52 PM

OK, thanks for the info. I guess for now i'll keep it as is, but at least I know how to change it for the future. Thanks for all the help!


All times are GMT -5. The time now is 07:32 AM.