- FTP Logs
- IIS Logs
- Apache Logs
- Windows Event Logs
- Windows Firewall Logs
1-Log Analysis – FTP Logs
- #Software: Microsoft Internet Information Services 6.0
- #Version: 1.0
- #Date: 2014-03-17 22:11:28
- #Fields: time c-ip cs-method cs-uri-stem sc-status sc-win32-status
- 22:11:28 66.38.28.183 [5]USER anonymous 331 0
- 22:11:28 66.38.28.183 [5]PASS -iss@iss.iss.iss 230 0
- 22:11:28 66.38.28.183 [5]MKD iss.test 550 5
- 22:11:28 66.38.28.183 [5]RMD iss.test 550 5
- 22:11:28 66.38.28.183 [5]QUIT - 226 0
- 22:11:28 66.38.28.183 [6]USER anonymous 331 0
- 22:11:28 66.38.28.183 [6]PASS scanner@test.net 230 0
- 22:11:28 66.38.28.183 [7]USER anonymous 331 0
- 22:11:28 66.38.28.183 [7]PASS scanner@test.net 230 0
- 22:11:28 66.38.28.183 [7]CWD - 250 0
- 22:11:28 66.38.28.183 [8]USER 3,255 331 0
- 22:11:28 66.38.28.183 [8]PASS - 530 1326
- 22:11:28 66.38.28.183 [9]USER anonymous 331 0
- 22:11:28 66.38.28.183 [9]PASS scanner@test.net 230 0
- 22:23:22 66.38.28.183 [12]USER anonymous 331 0
22:11:28 66.38.28.183 [5]MKD iss.test 550 5
- time - 22:11:28
- c-ip - 66.38.28.183
- cs-method - [5]MKD
- cs-uri-stem - iss.test
- sc-status - 550
- sc-win32-status - 5
Result Codes – First Digit
1yz – Positive Preliminary Reply
2yz – Positive Completion Reply
3yz – Positive Intermediate Reply
4yz – Transient Negative Reply
5yz – Permanent Negative Reply
