FTP audit logging is managed individually for each EVS. When enabled, it maintains an audit log that tracks user activity performed through the FTP protocol for all file systems within the EVS. The audit log is generated to monitor user activity and record events whenever a user performs the following actions:
- Logging in or out.
- Renaming or deleting a file.
- Retrieving, appending, or storing a file.
- Creating or removing a directory.
Additionally, it logs occurrences of session timeouts.
Upon accessing the FTP Audit Logs page for this first time, you will encounter a list of EVS instances with a disabled status. This status indicates that the configuration has not yet been set up. To initiate FTP audit logging, configure the settings for each EVS. For more information, see Enabling and configuring FTP audit logging.
If you have previously configured FTP audit logging, the FTP Audit Logs page will display the current settings and status for each EVS. From this page, you can disable audit logging or modify the settings.
FTP events are logged in a text file, where each event is represented by a tab-delimited line. Each line includes the date, time, username, client IP address, and command description. The most recent file is named ftp.log, while older files follow the naming convention ftp<n>.log, with n increasing as additional files are created.
To view FTP audit logs, use a text editor. If the logging directory is within an NFS export or SMB share, access the directory and open the log file. Alternatively, if the logging directory is accessible through FTP, download and open the file using a text editor.