FTP Server Logging Support

Auditing

Cerberus FTP Server provides comprehensive logging of all file and user operations, and provides both on-screen logging, file logging, and Syslog support.

Administrators can quickly view the current log output from the Cerberus UI, or through web administration, by looking at the Log page. The onscreen log will display the most recent log output from Cerberus FTP Server in near real-time.

The server also stores a longer history of logs on the file system. File-based logging can be managed through an XML configuration file that can control nearly all aspects of how log data is written to a file.

Log File Location

Cerberus FTP Server logging is implemented through the Apache Log4cxx framework, a robust logging package modelled after the popular log4j Java logging package. The default configuration logs up to 5000KB of data to a single file and then rolls over to a new log file. The past 10 log files are kept by default but log file size, naming, and history are all completely configurable through the log4j.xml file.

The log is located under:

C:\ProgramData\Cerberus LLC\Cerberus FTP Server\log
on Windows Vista, Windows 2008 and above.

or

C:\Documents and Settings\All Users\Application Data\Cerberus LLC\Cerberus FTP Server\log
on Windows 2003, XP, and 2000.

You can also open the log file by simply clicking on the Open Log File link on the Log tab of the main user interface console as demonstrated below:

How to open the log file

The Open Log File link on the main user interface

Configuring File Logging

File logging is controlled by an XML configuration file named log4j.xml. On Windows Vista and higher you can find this file at C:\ProgramData\Cerberus LLC\Cerberus FTP Server\log4j.xml

Using the log4j.xml file you can:

  • Add loggers that rollover every day
  • Change the default size of log files for size-based logging
  • Change the number of log files kept for size-based logging
  • Add a Syslog logger
  • Change the formatting of log output

You can also have a combination of these different logging methods. The basic component of the logging package is the log appender. You can have a size-based log appender, a daily rolling log appender, or a Syslog appender.

The following example log4j.xml file contains a size-based log appender which rolls over after the log file reaches a certain maximum size, and that limits the number of log files that are kept.  These types of loggers are limited to at most 13 saved log files. There is also a separate log file for logging only errors.

 <?xml version="1.0" encoding="UTF-8" ?>
 <log4j:configuration xmlns:log4j='http://logging.apache.org/' debug="false">
  
	<!-- A Size-based log file that rolls over to a new file after 5000KB and keeps 
			at most 5 log files -->
	<appender name="FILE" class="org.apache.log4j.rolling.RollingFileAppender">
		<rollingPolicy class="org.apache.log4j.rolling.FixedWindowRollingPolicy" >
			<param name="activeFileName" value="log/server.log" />
			<param name="fileNamePattern" value="log/server.%i.log" />
			<param name="minIndex" value="1" />
			<param name="maxIndex" value="5" />
		</rollingPolicy>
		<triggeringPolicy class="org.apache.log4j.rolling.SizeBasedTriggeringPolicy">
			<param name="maxFileSize" value="5000KB" />
		</triggeringPolicy>
		<layout class="org.apache.log4j.PatternLayout">
			<param name="ConversionPattern" 
				value="[%d{yyyy-MM-dd HH:mm:ss}]:%7.7p [%6.6x] - %m%n" />
		</layout>
	</appender>  


	<!-- Add an appender that logs all errors to a separate log file -->
	<appender name="ERROR_FILE" class="org.apache.log4j.rolling.RollingFileAppender">          
		<rollingPolicy class="org.apache.log4j.rolling.FixedWindowRollingPolicy">
			<param name="activeFileName" value="log/server_error.log"/>
			<param name="fileNamePattern" value="log/server_error.%i.log"/>
		</rollingPolicy>
		<triggeringPolicy class="org.apache.log4j.rolling.SizeBasedTriggeringPolicy">
			<param name="maxFileSize" value="5000KB"/>
		</triggeringPolicy>
		<layout class="org.apache.log4j.PatternLayout">
			<param name="ConversionPattern" 
				value="[%d{yyyy-MM-dd HH:mm:ss}]:%7.7p [%6.6x] - %m%n"/>
		</layout>
		<filter class="org.apache.log4j.varia.LevelRangeFilter">
			<param name="LevelMin" value="ERROR" />
		</filter>
	</appender>


		 
	<root>
		<level value="INFO" class="org.apache.log4j.xml.XLevel" />
		<appender-ref ref="FILE"/>
		<appender-ref ref="ERROR_FILE"/>
	</root>
 </log4j:configuration>

Possible values for the <level value=”level” class=”org.apache.log4j.xml.XLevel” /> tag’s level parameter are:

  • TRACE
  • DEBUG
  • INFO
  • WARN
  • ERROR

Example Syslog log4j.xml Configuration File

The below log file example shows a Syslog logger.

 <?xml version="1.0" encoding="UTF-8" ?>
 <log4j:configuration xmlns:log4j='http://logging.apache.org/' debug="false">
  

	<!-- Add a Syslog appender -->
	<appender name="syslog" class="org.apache.log4j.net.SyslogAppender">
		<param name="SyslogHost" value="127.0.0.1"/>
		<param name="Facility" value="USER"/>
		<param name="FacilityPrinting" value="true"/>
		<layout class="org.apache.log4j.PatternLayout">
			<param name="ConversionPattern" 
			    value="%t %5r %-5p %-21d{yyyyMMdd HH:mm:ss,SSS} %c{2} [%x] %m %n"/>
		</layout>
	</appender> 

		 
	<root>
		<level value="INFO" class="org.apache.log4j.xml.XLevel" />
		<appender-ref ref="syslog"/>
	</root>
 </log4j:configuration>

Example Daily Rollover log4j.xml Configuration File

The below log file example shows a simple daily rollover logger.

 	
 <?xml version="1.0" encoding="UTF-8" ?>
 <log4j:configuration xmlns:log4j='http://logging.apache.org/' debug="false">
  

	<!-- Add a Daily log file appender that will roll over to a new log file each night -->
	<appender name="DAILY_ROLL" class="org.apache.log4j.rolling.RollingFileAppender">
	    <rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
			<param name="FileNamePattern" value="log/daily_server.%d{yyyy-MM-dd}.log"/>
	    </rollingPolicy>
	    <layout class="org.apache.log4j.PatternLayout">
			<param name="ConversionPattern" value="[%d{yyyy-MM-dd HH:mm:ss}]:%7.7p [%6.6x] - %m%n" />
	    </layout>
	</appender>

	<root>
		<level value="INFO" class="org.apache.log4j.xml.XLevel" />
		<appender-ref ref="DAILY_ROLL"/>
	</root>
 </log4j:configuration>

Log File Location and Naming

You can change the location and name of the file created under the various log appenders using the appropriate field. For the default RollingFileAppender logger with a FixedWindowRollingPolicy you will need to change both the activeFileName and fileNamePattern parameters in the log4j.xml file. For the DailyRollingFileAppender you will just need to change the File parameter associated with the logger.

If using a relative log file path, the path is relative to the C:\ProgramData\Cerberus LLC\Cerberus FTP Server folder.

Logging Settings

In addition to the file-based log, Cerberus also displays the current log output to the graphical user interface while the server is running. Options for the screen-based logging can be controlled through the Logging settings tab of the Server Manager.

Options for the screen-based logging - accessed through the Logging settings tab of the Server Manager

Logging settings page

Root Log Level

Controls the root log level for all log appenders. All log appenders inherit the root log level as their lowest threshold. The default level is INFO.

Log appenders can be set at a higher log level threshold than the root logger, but they cannot be set at a lower level. For example, if the Syslog appender is set to DEBUG, but the root log level is set to INFO, the Syslog will still only write out log information at the INFO level.

The DEBUG level is for troubleshooting, and the root log level should not be left at this level for regular production use because of the excessive logging produced.

Screen Logging Settings

Note that the options under the Logging section are only applicable to the onscreen logger.

Log messages to screen This setting enables logging messages to the screen.
Onscreen log length This many of the latest log entries will be displayed on the screen.

Syslog Support

Cerberus FTP Server 5.0 and higher supports Syslog integration. Administrators can control Syslog settings from this page.

Enable Syslog logging Enable syslog logging
Syslog Host The address of the machine hosting the syslog server.
Syslog Facility The syslog facility value that should be associated with the syslog events.
Close Cart

Shopping Cart