Using Log Parser to find users accounts used to log into an FTP site
The following Log Parser query can be used on FTP log files in order to determine what user names were used to login, or attempt to login, to an FTP site.
logparser "select cs-uri-stem, count(cs-method) from ex*.log where cs-method like '%USER' group by cs-uri-stem order by count(cs-method),cs-uri-stem"
This assumes that you've added Log Parser to your path, and that you're running this from your log file directory.
This query will tell you what ip addresses successfully logged into your FTP site.
logparser "select c-ip, count(sc-status) from ex*.log where sc-status = '230' group by c-ip order by count(sc-status),c-ip"
Finally, this query will show you what ip addresses attempted to log into your FTP site, and will give a count of how many times.
logparser "select c-ip, count(*) from ex*.log group by c-ip order by count(*),c-ip"
You can find other Log Parser articles on my site by viewing other items tagged with log parser (link below).
- Review: Empires of EVE: A History of the Great Wars of EVE Online
- Review: Ghost in the Shell README: 1995-2017
- Review: Fitbit Charge 2 Bands,Fitbit Bands Milanese Loop Stainless Steel Metal Replacement Bracelet Strap, Wristbands Accessories for Charge 2 with Stronger Magnetic Clasp
- Review: Wickedly Prime Organic Roasted Seaweed Snacks, Korean Kalbi
- Review: 5-Minute Dungeon
Support This Site
If my blog was helpful to you, then please consider visiting my Amazon Wishlist.