Log Format, Type, and Location

To monitor EFT activity, you can reference EFT’s log files. EFT supports W3C, Microsoft IIS, and NCSA log file formats. Server events are logged to a file named [log file format]yymmdd.log, where YY, MM, and DD indicate the numeric year, month, and day respectively. Depending on the log file format selected, a 2-letter abbreviation is prepended to the filename, as described in the table below. For example, a log file in the Microsoft IIS format created on August 22, 2007 is named in070822.log.

By default, log files are saved in the EFT data directory in the Log folder (e.g., ..\Documents and Settings\All Users\Application Data\Globalscape\EFT Enterprise\Logs). On Windows 2008, Application Data files for all users are in a hidden folder named %systemroot%\ProgramData\Globalscape\EFT Server Enterprise\Logs.

Outbound connection information is audited in that same folder in a log named cl<date>.log.

To specify log settings

In the administration interface, connect to EFT and click the Server tab.
On the Server tab, click the Server node.
In the right pane, click the Logs tab.
In the Log File Settings area, in the Folder in which to save log files box, type the path to the directory in which to save this Server's log files. To browse for a path, click the folder icon .

In the Log file format list, click W3C Extended, Microsoft IIS, NCSA Common, or No Logging.

Changing the log file format disconnects all active users. It is recommended to stop all Sites or wait until all users are inactive before changing the log file format.

The W3C format records all times in GMT (Greenwich Mean Time).

The Encode logs in UTF-8 check box is selected by default. If you do not want to encode logs in UTF-8 format, clear the check box. When the check box is cleared, the ex*.log file is named u_ex*.log.

From Microsoft TechNet:

When using the UTF-8 logging feature, note the following:
- A log file logged in UTF-8 does not contain a Byte Order Mark (BOM). File editors use this mark to identify text as UTF-8 text. Therefore, if you attempt to open a log file that is logged in UTF-8 in Notepad by double-clicking the file or by using the Open With option, the file might not display correctly. To open the file in a way that displays it correctly, use the Open command on the File menu and then select UTF-8 in the Encoding box.
- UTF-8 is a double-byte character-set standard. ASCII is a single-byte character-set standard. Because of this disparity, logging UTF-8 information to an ASCII file causes a ? to be logged for the characters that cannot be converted to the code page of the server.
In the Log type list, click Standard or Verbose. (Verbose provides more details, but makes larger files.)
In the Rotate Log File area, specify Never, Daily, Weekly, or Monthly.
Click Apply to save the changes on EFT.
Stop and restart EFT.

For information about the Audit Database Settings, refer to Auditing Database Errors and Logging.

Log File Format	Abbreviation
W3C	ex
NCSA	nc
Microsoft IIS	in

Log Example

Below is an example of an ex-formatted log:

#Version: 1.0

#Software: CuteLogger

#Date: 2010-04-08 20:07:50

#Fields: date time c-ip c-port cs-username cs-method cs-uri-stem cs-uri-query sc-status sc-bytes cs-bytes s-name s-port

2010-04-08 20:07:07 192.168.241.1 - test [1]user test - 331 - - - 22

2010-04-08 20:07:07 192.168.241.1 - test [1]pass ******* - 230 - - - 22

2010-04-08 20:07:16 192.168.241.1 - test [1]created /Test+File+1.txt - 226 - 54 - 22

2010-04-08 20:08:23 192.168.241.1 - test [1]rnfr /Test+File+1.txt - 350 - - - 22

2010-04-08 20:08:23 192.168.241.1 - test [1]rnto /Test+File+2.txt - 250 - - - 22

2010-04-08 20:08:26 192.168.241.1 - test [1]sent /Test+File+2.txt - 226 - 54 - 22

2010-04-08 20:10:02 192.168.241.1 - test [1]dele /Test+File+2.txt - 250 - - - 22

2010-04-08 20:10:08 192.168.241.1 - test [1]ssh_disconnect timeout - 421 - - - 22

2010-04-08 20:10:09 192.168.241.1 - test [1]ssh_disconnect timeout - 421 - - - 22

2010-04-08 20:11:57 192.168.241.1 - test [2]user test - 331 - - - 990

2010-04-08 20:11:57 192.168.241.1 - test [2]pass ****** - 230 - - - 990

2010-04-08 20:12:04 192.168.241.1 - test [2]created /Test+File+1.txt - 226 - 54 - 990

2010-04-08 20:12:16 192.168.241.1 - test [2]rnfr /Test+File+1.txt - 350 - - - 990

2010-04-08 20:12:16 192.168.241.1 - test [2]rnto /Test+File+2.txt - 250 - - - 990

2010-04-08 20:12:28 192.168.241.1 - test [2]rnfr /Test+File+2.txt - 350 - - - 990

2010-04-08 20:12:28 192.168.241.1 - test [2]rnto /Test+File+3.txt - 250 - - - 990

2010-04-08 20:12:31 192.168.241.1 - test [2]sent /Test+File+3.txt - 226 122 - - 990

The log can be read as described below:

Field

Description

Example

(Each field in the log has either a value (e.g., date) or a dash (-) if no value was sent for that field.)

date

Date log was recorded

2010-04-08

time

Time log was recorded

20:07:16

c-ip

Client IP address

192.168.241.1

c-port

Client port

cs-username

Username

test

cs-method

Method

(Command Sent)

ABOR	Abort an active file transfer
ACCT	Account information
ALLO	Allocate sufficient disk space to receive a file
APPE	Append
AUTH	Authentication/Security Mechanism
CCC	Clear Command Channel
CDUP	Change to Parent Directory
CHANGEPASSWORD	Change the password
CLIENTCERT	Client SSL certificate was rejected (reason is provided in the log entry).
COMB	Combines file segments into a single file on EFT.
CREATED	File was created (uploaded).
CWD	Change working directory
DELE	Delete file
EPRT	Specifies an extended address and port to which the server should connect
EPSV	Enter extended passive mode
FEAT	Get the feature list implemented by the server
HELP	Display a list of all available FTP commands
KICK	Client connection was closed by administrator.
LIST	Returns information of a file or directory if specified, else information of the current working directory is returned
MDTM	Return the last-modified time of a specified file
MKD	Make directory
MLSD	Lists the contents of a directory if a directory is named
MLST	Provides data about exactly the object named on its command line, and no others
MODE	Sets the transfer mode (Stream, Block, or Compressed)
NLIST	Returns a list of file names in a specified directory
NOOP	No operation (dummy packet; used mostly on keepalives)
OPTS	Select options for a feature
PASS	Authentication password
PASV	Enter passive mode
PBSZ	Protection Buffer Size
PORT	Specifies the port to which the server should connect
PROT	Data Channel Protection Level
PWD	Print working directory Returns the current directory of the host
QUIT	Disconnect
REIN	Re initializes the connection
REST	Restart transfer from the specified point
RETR	Transfer a copy of the file
RMD	Remove a directory
RNFR	Rename from
RNTO	Rename to
SENT	File was sent (downloaded).
SITE	Sends site specific commands to remote server
SIZE	Return the size of a file
SMNT	Mount file structure
SSCN	Set secured client negotiation
SSH_DISCONNECT	SFTP (SSH) client connection was closed (reason is provided in the log entry).
STAT	Returns the status
STOR	Accept the data and to store the data as a file at the server site
STOU	Store file uniquely
STRU	Set file transfer structure
SYST	Return system type
TYPE	Sets the transfer mode
USER	Authentication username
WEBSERVICE	Web Service was invoked.
XCRC	Compute CRC32 checksum on specified file

cs-uri-stem

Stem portion of URI

/Test+File+1.txt

cs-uri-query

Query portion of URI

sc-status

Status code

226 (Closing data connection. Requested file action successful.)

sc-bytes

The number of bytes that the server sent to the client.

541

cs-bytes

The number of bytes that the client sent to the server.

s-name

s-port

Server port

For information about log file formatting, refer to http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/be22e074-72f8-46da-bb7e-e27877c85bca.mspx?mfr=true.

This help file is for EFT v6.5. For other versions, please refer to http://help.globalscape.com/help/index.html.

(If the Index and Contents are hidden, click Show in the top left corner.)

If this help topic did not help you, search the Knowledgebase or pose your question in the Globalscape User Forum.
For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.
For information about Globalscape, visit www.globalscape.com, subscribe to our newsfeed, or follow us on Twitter.

Last modified: 16 July 2018 16:25:27