Analyzing log files is the most important technique for troubleshooting all kinds of problems or improving services on Linux. In this recipe, you will learn how to configure and enable vsftpd's extensive logging features in order to help system administrators when problems arise, or simply to monitor usage with this service.
To complete this recipe, you will require a working installation of the CentOS 7 operating system with root privileges and a console-based text editor of your choice. It is expected that your server will be using a static IP address and that vsftpd
is already installed with a chroot jail and is currently running.
vi /etc/vsftpd/vsftpd.conf
dual_log_enable=YES log_ftp_protocol=YES
vsftpd
daemon to apply the changes:systemctl restart vsftpd
In this recipe, we have shown how to enable two separate logging mechanism: first, the xferlog
log file that will log detailed information about user uploads and downloads, then the vsftpd
log file that contains every FTP protocol transaction between the client and the server outputting the most detailed logging information possible for vsftpd
.
So what did we learn from this experience?
In this recipe, we opened the main vsftpd
configuration file and added two directives to the end of the file. First, dual_log_enable
will make sure both the xferlog
and vsftpd
log files will be used for logging. Afterwards, we increased the verbosity of the vsftpd
log file by enabling log_ftp_protocol
.
After restarting the service, the two log files, /var/log/xferlog
and /var/log/vsftdp.log,
will be created and filled with useful FTP activity information. Now, before we open the files, let's create some FTP user activity. Log in with any FTP user on the server using the ftp
command-line tool and issue the following FTP command at the ftp>
prompt to upload a random file from the client to the server:
put ~/.bash_profile bash_profile_test
Now, back on the server, inspect the /var/log/xferlog
file to see detailed information about the uploaded file and open /var/log/vsftpd.log
for all other user activities (such as login time or other FTP commands that users issued).
Please note that both the log files only keep track of user and FTP activity and are not meant to debug problems with the vsftpd
service such as configuration file errors. Use the systemctl status vsftpd -l
or journalctl -xn
, to debug general problems with the service.