vsftp输出日志设置


先介绍下默认LOG的各字段的含义

Thu Mar 4 08:12:30 2004                 current-time  
1                                       transfer-time
202.114.40.242                          remote-host  
37                                      byte-count
/incoming/index.html                  filename
a                                       transfer-type
_                                       special-action-flag
o                                       direction
a                                       access-mode
                                   username
ftp                                     service-name
0                                       authentication-method
*                                       authenticated-user-id
c                                       completion-status

current-time   The current local time in the form "DDD MMM dd hh:mm:ss
                    YYYY", where DDD is the day of the week, MMM is the month,
                    dd is the day of the month, hh is the hour, mm is the min-
                    utes, ss is the seconds, and YYYY is the year.

transfer-time  The total time of the transfer in seconds.

remote-host    The remote host name.

byte-count     The amount of transferred bytes.

filename            The canonicalized (all symbolic links are resolved) abso-
                    lute pathname of the transferred file.

                    In case of the chrooted FTP session this field can be
                    interpreted as the pathname in the chrooted environment
                    (the default interpretation) or as the one in the real
                    file system. The second type of interpretation can be
                    enabled by the command-line options of the ftpd(8).

transfer-type  The single character that indicates the type of the trans-
                    fer. The set of possible values is:

                    a         An ascii transfer.

                    b         A binary transfer.

special-action-flag
                    One or more single character flags indicating any special
                    action taken. The set of possible values is:

                    _         No action was taken

                    C         The file was compressed (not in use).

                    U         The file was uncompressed (not in use).

                    T         The file was tar'ed (not in use).

direction            The direction of the transfer. The set of possible values
                    is:

                    o         The outgoing transfer.

                    i         The incoming transfer.

access-mode    The method by which the user is logged in. The set of pos-
                    sible values is:

                    a (anonymous)  The anonymous guest user.

                    g (guest)           The real but chrooted user (this capability
                                   is guided by ftpchroot(5) file).

                    r (real)           The real user.

username            The user's login name in case of the real user, or the
                    user's identification string in case of the anonymous user
                    (by convention it is an email address of the user).

service-name   The name of the service being invoked. The ftpd(8) utility
                    uses the ``ftp'' keyword.

authentication-method
                    The used method of the authentication. The set of possible
                    values is:

                    0         None.

                    1         RFC931 Authentication (not in use).

authenticated-user-id
                    The user id returned by the authentication method. The `*'
                    symbol is used if an authenticated user id is not avail-
                    able.

completion-status
                    The single character that indicates the status of the
                    transfer. The set of possible values is:

                    c         A complete transfer.

                    i         An incomplete transfer.
vsftpd与log有关的选项:
vsftpd_log_file
xferlog_enable
xferlog_std_format
xferlog_file
dual_log_enable
syslog_enable
log_ftp_protocol
no_log_lock

参考:http://bsdftpd-ssl.sc.ru/doc/unix/xferlog.5.txt
http://vsftpd.beasts.org/vsftpd_conf.html
这里主要要到下面几个参数控制
log_ftp_protocol
如果启用, 假若选项 xferlog_std_format 没有启用, 所有的 FTP 请求和应答都会被记录. 此选项将对调试很有用.
默认: YES
dual_log_enable
如果启用, 将生成两个相似的日志文件, 默认在/var/log/xferlog 和/var/log/vsftpd.log 目录下. 前者是 wu-ftpd 类型的传输日志, 可以用于 标准工具分析. 后者是 vsftpd 自己类型的日志.
xferlog_enable
如果启用, 将会维护一个日志文件, 用于详细记录上载和下载. 默认情况下, 这个日志文件是 /var/log/vsftpd.log. 但是也可以通过配置文件中的 vsftpd_log_file 选项来指定.
默认: NO(但是在示例设置中启用了这个选项)
xferlog_std_format
如 果启用, 传输日志文件将以标准xferlog 的格式书写, 如同 wu-ftpd 一样. 这可以用于重新使用传输统计生成器. 然而, 默认格式更注重可读性. 此格式的日志文件默认为/var/log/xferlog, 但是您也可以通过xferlog_file 选项来设定.
默认: NO
解决方法
这里只给出日志这块的参数设置
##################log settings###################
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/xferlog
#
#log in two files /var/log/xferlog and /var/log/vsftpd.log
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
#log time setting
use_localtime=YES
#
###################end of log####################
结果
Xferlog内容如下
---------------------------------------------------------------------------------------------------------------------
Wed Apr 18 06:41:29 2007 1 202.116.130.248 0 /pub/upload/kernel.rpm b _ i a root ftp 0 * i
Wed Apr 18 06:43:27 2007 1 202.116.130.248 0 /pub/sun b _ o a root ftp 0 * c
Tue May 1 15:03:37 2007 1 202.116.130.242 45662 /mnt/d/movie/linux partition.JPG b _ i r movie ftp 0 * c
Vsftpd.log内容如下
----------------------------------------------------------------------------------------------------------------------
Tue May 1 15:03:21 2007 [pid 23969] CONNECT: Client "202.116.130.242"
Tue May 1 15:03:21 2007 [pid 23968] [movie] OK LOGIN: Client "202.116.130.242"
Tue May 1 15:03:37 2007 [pid 23970] [movie] OK UPLOAD: Client "202.116.130.242", "/mnt/d/movie/linux partition.JPG", 45662 bytes, 824.60Kbyte/sec
Tue May 1 15:05:12 2007 [pid 23970] [movie] OK DELETE: Client "202.116.130.242", "/mnt/d/movie/linux partition.JPG"

这样xferlog则专门记录上下传信息,对ftp而言,这些信息是有绝对统计意义的。而系统管理员,有时为了满足不同用户的需求,可能会开发一些特殊的账号,怎么以ftp登录从系统的角度来管理监控,vsftpd.log就可以详细供证了。 不过,我还是建议服务的专一性,这样才能减轻管理负担。