VanDyke Software Forums

VanDyke Software Forums (https://forums.vandyke.com/index.php)
-   General (https://forums.vandyke.com/forumdisplay.php?f=11)
-   -   Log file format (https://forums.vandyke.com/showthread.php?t=12616)

jrw 02-20-2017 12:25 PM

Log file format
 
Is there any documentation that speaks the log file format (key/value, fields headers, etc)?

We are starting to ingest logs into Splunk and I'd like to see how the log if formatted so I know what field names to assign to specific variables.

Thx

bgagnon 02-20-2017 12:50 PM

Hi jrw,

What product is your inquiry regarding?

If VShell/Windows, what is the version that is installed?

What edition are you using (FTPS or non-FTPS)? (If FTPS, are you trying to analyze SFTP or FTPS logs? Or both?)

Is Use W3C log file format enabled in the Common / Logging category of VShell's control panel?

jrw 02-20-2017 01:32 PM

Brenda,

Thx for the reply.

We are using VShell and 'Use W3C log file format' is enabled

dargiro 02-20-2017 02:21 PM

Log File Format
 
Hello jrw,

Some general information can be found here regarding the W3C fields:

http://www.w3.org/TR/WD-logfile.html

Here is a quick description of how they are used by VShell and VShell FTPS:

x-source:
Name of the service that is generating the log (VSHELLSSH2 or VSHELLFTPS)

x-topic:
Type of message being logged: Error (err), Warning (warn), Informational (info), Connection (conn), Authentication (auth), SFTP (sftp), Port Forward (fwd), Debug (dbg), LSA (lsa), FTPS (ftps)

x-session:
Session ID of the connection that the message applies to

c-ip:
IP address of the client

c-port:
port of the client

cs-username:
Username sent from the client

cs-method:
Used by VShell FTPS only. Specifies the command sent by the client

uri-stem:
File or folder path of the current file transfer operation

sc-status:
Status code sent to the client for the last operation

cs-bytes:
Total bytes sent from the client to the server (uploads)

sc-bytes:
Total bytes sent from the server to the client (typically downloads, but
could also be an FTP directory listing)

bytes:
Total bytes sent

s-ip:
IP address of the server

s-port:
Port of the server

x-message:
Specific log message


All times are GMT -6. The time now is 05:22 PM.