Running Very Secure Ftp (VSFTPD) needed to ensure logging for all connections, both success & failed was occurring.
Parameters
xferlog_enable=YES xferlog_file=/var/log/vsftpd.log log_ftp_protocol=YES xferlog_std_format=NO
– (full parameter list available here)
which when looking at the the connection log file gives me a sample output of
Mon Jun 10 18:27:32 2013 [pid 12652] [xxx] FTP command: Client "123.456.789", "PASV" Mon Jun 10 18:27:32 2013 [pid 12652] [xxx] FTP response: Client "123.456.789", "227 Entering Passive Mode (195,254,221,106,91,145) Mon Jun 10 18:27:32 2013 [pid 12652] [xxx] FTP command: Client "123.456.789", "LIST" Mon Jun 10 18:27:32 2013 [pid 12652] [xxx] FTP response: Client "123.456.789", "150 Here comes the directory listing." Mon Jun 10 18:27:32 2013 [pid 12652] [xxx] FTP response: Client "123.456.789", "226 Directory send OK."
example of a file upload
on Jun 10 18:31:28 2013 [pid 12790] [xxx] OK UPLOAD: Client "123.456.789", "/error.jpg", 374332 bytes, 104.94Kbyte/sec
as a side note to check if vsftpd is running and listening for connections, determine via netstat (assuming ftp is running on the default port of 21) :
netstat --proto=inet,inet6 -avpnl | grep ":21"
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 12641/vsftpd
tcp 0 0 123.254.221.106:21 134.128.72.178:56219 ESTABLISHED 2020/vsftpd
tcp 1 75 123.254.221.106:21 192.168.224.12:56345 LAST_ACK -
tcp 1 65 123.254.221.106:21 192.168.224.12:56343 LAST_ACK -
tcp 0 0 123.254.221.106:21 134.128.72.178:56220 ESTABLISHED 2018/vsftpd
tcp 0 0 123.254.221.106:21 134.128.72.28:53954 TIME_WAIT -
Big Nose Kates 