Analyzing log files is the most important technique for troubleshooting all kinds of problems or improving services on Linux. In this process, you will learn how to configure and enable vsftpd’s extensive logging features in order to help system administrators when problems arise, or simply to monitor usage with this service.
To Start With: What Do You Need?
To complete this process, you will require a working installation of the CentOS 7 operating system with root privileges and a console-based text editor of your choice. It is expected that your server will be using a static IP address and that vsftpd is already installed with a chroot jail and is currently running.
The Process
- To do this, log in as root and type the following command to open the main configuration file in your favorite text editor:
vi /etc/vsftpd/vsftpd.conf - Now, add the following lines to the end of the configuration file to enable verbose logging features:
dual_log_enable=YES log_ftp_protocol=YES - Finally, restart the vsftpd daemon to apply the changes:
systemctl restart vsftpd
How Does It Work?
In this process, we have shown how to enable two separate logging mechanism: first, the xferlog log file that will log detailed information about user uploads and downloads, then the vsftpd log file that contains every FTP protocol transaction between the client and the server outputting the most detailed logging information possible for vsftpd.
So what did we learn from this experience?
In this process, we opened the main vsftpd configuration file and added two directives to the end of the file. First, dual_log_enable will make sure both the xferlog and vsftpd log files will be used for logging. Afterwards, we increased the verbosity of the vsftpd log file by enabling log_ftp_protocol.
After restarting the service, the two log files, /var/log/xferlog and /var/log/vsftdp.log, will be created and filled with useful FTP activity information. Now, before we open the files, let’s create some FTP user activity. Log in with any FTP user on the server using the ftp command-line tool and issue the following FTP command at the ftp> prompt to upload a random file from the client to the server:put ~/.bash_profile bash_profile_test
Now, back on the server, inspect the /var/log/xferlog file to see detailed information about the uploaded file and open /var/log/vsftpd.log for all other user activities (such as login time or other FTP commands that users issued).
Please note that both the log files only keep track of user and FTP activity and are not meant to debug problems with the vsftpd service such as configuration file errors. Use the systemctl status vsftpd -l or journalctl -xn, to debug general problems with the service.
