Using Log Parser to find users accounts used to log into an FTP site
The following Log Parser query can be used on FTP log files in order to determine what user names were used to login, or attempt to login, to an FTP site.
logparser "select cs-uri-stem, count(cs-method) from ex*.log where cs-method like '%USER' group by cs-uri-stem order by count(cs-method),cs-uri-stem"
This assumes that you've added Log Parser to your path, and that you're running this from your log file directory.
This query will tell you what ip addresses successfully logged into your FTP site.
logparser "select c-ip, count(sc-status) from ex*.log where sc-status = '230' group by c-ip order by count(sc-status),c-ip"
Finally, this query will show you what ip addresses attempted to log into your FTP site, and will give a count of how many times.
logparser "select c-ip, count(*) from ex*.log group by c-ip order by count(*),c-ip"
You can find other Log Parser articles on my site by viewing other items tagged with log parser (link below).
- Review: JLHua Silicone Multi-Use Cartoon Cat Trivet Mat (set of 6 Pack) Insulated Flexible Durable Non Slip Hot Pads and Coasters Cup Mats
- Review: Tash-Kalar: Arena of Legends
- Review: Babymoov Dream Belt – Maternity Sleep Support & Cushion for Ultimate Comfort during Pregnancy
- Review: AmazonBasics PlayStation 4 Controller Charging Cable
- Review: Galaxy Trucker
Support This Site
If my blog was helpful to you, then please consider visiting my Amazon Wishlist.