[Linux]_VSFTP 로그 파일 포맷

 [ 출처 : https://docs.oracle.com/ ]

The xferlog file contains transfer logging information from the FTP Server, in.ftpd(1M). You can use the logfile capability to change the location of the log file. See ftpaccess(4).

Each server entry is composed of a single line of the following form. All fields are separated by spaces.

current-time  transfer-time    remote-host  file-size  filename  
transfer-type  special-action-flag  direction access-mode  username
service-name  authentication-method  authenticated-user-id completion-status

The fields are defined as follows:

current-time

    The current local time in the form DDD MMM dd hh:mm:ss YYYY, where:

    DDD    :    Is the day of the week
    MMM   :    Is the month
    dd        :    Is the day of the month
    hh        :     Is the hour
    mm      :     Is the minutes
    ss        :     Is the seconds
    YYYY   :     Is the year

transfer-time
    The total time in seconds for the transfer

remote-host
    The remote host name

file-size
    The number of bytes transferred

filename
    The name of the transferred file

transfer-type
    A single character indicating the type of transfer:
    a   :     Indicates an ascii transfer
    b   :     Indicates a binary transfer

special-action-flag
    One or more single character flags that indicate any special action taken. The special-action-flag can have one of more of the following values:
    C   :    File was compressed
    U   :    File was uncompressed
    T   :    File was archived, for example, by using tar(1)

    _ (underbar)
        No action was taken.

direction
    The direction of the transfer. direction can have one of the following values:
    o   :   Outgoing
    i    :    Incoming

access-mode
    The method by which the user is logged in. access-mode can have one of the following values:
    a   :    For an anonymous user.
    g   :    For a passworded guest user. See the description of the guestgroup capability in ftpaccess(4).
    r   :     For a real, locally authenticated user

username
    The local username, or if anonymous, the ID string given

service-name
    The name of the service invoked, usually ftp

authentication-method
    The method of authentication used. authentication-method can have one of the following values:
    0   :    None
    1   :    RFC 931 authentication

authenticated-user-id
    The user ID returned by the authentication method. A * is used if an authenticated user ID is not available.

completion-status
    A single character indicating the status of the transfer. completion-status can have one of the following values:
    c   :     Indicates complete transfer
    i    :     Indicates incomplete transfer

[Linux] fail2ban에서 차단된 IP 해제

 [ 출처 : https://blog.naver.com/]

# fail2ban-client postfix

 Status for the jail: postfix
|- Filter
|  |- Currently failed: 4
|  |- Total failed:     7
|  `- File list:        /var/log/maillog
`- Actions
   |- Currently banned: 0
   |- Total banned:     1
   `- Banned IP list: 121.xxx.xxx.x

로그에서 차단된 IP를 확인

# cat /var/log/fail2ban.log* | grep "] Ban"|awk '{print $NF}' | sort | uniq -c | sort -n

차단된 IP를 해제
# fail2ban-client set postfix unbanip 121.xxx.xxx.x