Log file format

[jrw]

Is there any documentation that speaks the log file format (key/value, fields headers, etc)?

We are starting to ingest logs into Splunk and I'd like to see how the log if formatted so I know what field names to assign to specific variables.

Thx

[bgagnon]

Hi jrw,

What product is your inquiry regarding?

If VShell/Windows, what is the version that is installed?

What edition are you using (FTPS or non-FTPS)? (If FTPS, are you trying to analyze SFTP or FTPS logs? Or both?)

Is Use W3C log file format enabled in the Common / Logging category of VShell's control panel?

[jrw]

Brenda,

Thx for the reply.

We are using VShell and 'Use W3C log file format' is enabled

[dargiro]

Hello jrw,

Some general information can be found here regarding the W3C fields:

http://www.w3.org/TR/WD-logfile.html

Here is a quick description of how they are used by VShell and VShell FTPS:

x-source:
Name of the service that is generating the log (VSHELLSSH2 or VSHELLFTPS)

x-topic:
Type of message being logged: Error (err), Warning (warn), Informational (info), Connection (conn), Authentication (auth), SFTP (sftp), Port Forward (fwd), Debug (dbg), LSA (lsa), FTPS (ftps)

x-session:
Session ID of the connection that the message applies to

c-ip:
IP address of the client

c-port:
port of the client

cs-username:
Username sent from the client

cs-method:
Used by VShell FTPS only. Specifies the command sent by the client

uri-stem:
File or folder path of the current file transfer operation

sc-status:
Status code sent to the client for the last operation

cs-bytes:
Total bytes sent from the client to the server (uploads)

sc-bytes:
Total bytes sent from the server to the client (typically downloads, but
could also be an FTP directory listing)

bytes:
Total bytes sent

s-ip:
IP address of the server

s-port:
Port of the server

x-message:
Specific log message