xferlog

Analyzing proftpd xferlog file

Tue, 01/29/2008 - 10:59 — wizap

Recently I've had to research on some missing files of a website.

When looking through the proftpd xferlog files, it was clear that the files were deleted by a user having ftp access.

The xferlog file is usually located at "/var/log/xferlog". However, since this was a plesk server, it was located at:
"/var/www/vhosts/{DOMAIN}/statistics/logs/xferlog_regular*"

A quick grep produced the files that were deleted out and could easily be recovered from a previous backup. Also, discovered the time and offending IP address of the person that did the deletes.

Full listing:

$ grep "_ d" /path/to/xferlog

Listing of just the deleted files:

$ awk '/_ d/ {print $9}' /path/to/xferlog

Below are some additional notes on xferlog anlysis:

Navigation

Home | Forum | Recent Posts | News | Archives | Contact
This site houses a collection of Tips, Tricks, Resources and Guides of Individuals, put together and edited for personal reference into a daily web journal...
Content may not be reproduced without permission from the Individuals.
Copyright © post 2003 L I N U X w e B l o g . C O M