Both FTP and SFTP keep logs of all incoming connections, recent activity, uploads, and downloads. It can be helpful to review these logs in the case of errors. This guide covers how to check those logs.
FTP logs are not available via a cPanel GUI or any other native interface. SFTP logs are not available without root access. Some knowledge of Command Line Input (Terminal) is required.
Related Articles
How to SSH into VPS or Dedicated Servers
Create FTP Account
Connect via FTP and Upload Files via FileZilla
Too Many FTP Connections Error
Check FTP Logs via cPanel
- Log into the cPanel user
- Navigate to File Manager, located in the Files section
- From the left-hand directory listing, click on logs
- Right-click on the desired log file and select Extract
NOTE: The FTP logs are named domain.com-ftp_log-Mon-YYYY.gz, where domain.com is the relevant domain and Mon-YYYY are the month and year of the log file. These are updated once every 24 hours. - Click Extract Files on the popup to complete the extract.
- Right-click on the newly extracted file and select View to see the log
EXAMPLE:
Fri Jan 13 17:53:36 2023 0 12.34.56.78 20744 /home/userna5/public_html/test.PNG b _ i r test@domain.com ftp 1 * c
NOTE: The log files are in an xferlog format.
Check FTP Logs via SSH
IMPORTANT: This solution will require root access. If this needs obtained, follow the guide on requesting root access. Root access is only available with our VPS and Dedicated Server hosting plans.
- SSH in to the server using a Terminal Client like PuTTY
- Terminal can also be accessed in Root WHM
- A direct link can be found for Root WHM in AMP
- Once in Root WHM, in the upper left, in the search bar, type in Terminal to show the Terminal item in the Root WHM menu list
- Clicking on the Terminal item in the menu will bring up a Command Line Interface with the root user already logged in
- Terminal can also be accessed in Root WHM
- Run the command
cat /var/log/messages | grep ftpd | grep <term>
REPLACE: <term> with the public IP from where the user is attempting to connect, or the FTP username.
EXAMPLE:[~]# cat /var/log/messages | grep ftpd | grep userna5
Mar 31 09:05:21 ecbiz266 pure-ftpd: (?@192.168.1.1) [INFO] userna5@domain.org is now logged in
Mar 31 09:05:21 ecbiz266 pure-ftpd: (userna5@domain.com@192.168.1.1) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
Mar 31 09:05:21 ecbiz266 pure-ftpd: (userna5@domain.com@192.168.1.1) [NOTICE] /home/userna5/domain.com/uploading_file.php uploaded (337287 bytes, 1685.74KB/sec)
Mar 31 09:05:21 ecbiz266 pure-ftpd: (userna5@domain.com@192.168.1.1) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
Mar 31 09:05:57 ecbiz266 pure-ftpd: (userna5@domain.com@192.168.1.1) [NOTICE] File successfully renamed or moved: [uploading_file.php]->[uploading_file.php]
Mar 31 09:07:50 ecbiz266 pure-ftpd: (userna5@domain.com@192.168.1.1) [INFO] Logout.
Mar 31 09:36:55 ecbiz266 pure-ftpd: (userna5@domain.com@192.168.1.1) [INFO] Timeout - try typing a little faster next time
Check SFTP Logs
- Check the
/var/log/secure
log since SFTP is FTP over SSH - The login is an SSH login
- All of the same commands above will work, just make sure you change
/var/log/messages
to/var/log/secure
ftpd
tosftp
EXAMPLE:
[~]# cat /var/log/secure | grep sftp | grep userna5
Mar 31 18:54:37 ecbiz266 sshd[1554680]: Starting session: subsystem 'sftp' for userna5 from 192.168.1.1 port 40633 id 0
Mar 31 18:55:39 ecbiz266 sshd[1566183]: Starting session: subsystem 'sftp' for userna5 from 192.168.1.1 port 34407 id 0
Mar 31 18:55:39 ecbiz266 sshd[1566197]: Starting session: subsystem 'sftp' for userna5 from 192.168.1.1 port 51439 id 0
Comments
0 comments
Article is closed for comments.