DOCUMENT:Q115285 08-AUG-2001 [winnt] TITLE :New Auditing Feature for FTP Server PRODUCT :Microsoft Windows NT PROD/VER:3.5 OPER/SYS: KEYWORDS:kbnetwork ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Workstation version 3.5 - Microsoft Windows NT Server version 3.5 ------------------------------------------------------------------------------- SUMMARY ======= There is a new registry value "LogFileAccess" in Windows NT Workstation and Windows NT Server version 3.5 that enables the FTP server's creation of a LOG file. When this setting is enabled the FTP server will create a text file called FTPSVC.LOG located in the services current directory (usually %SystemRoot%\System32). The LOG file will contain three types of entries: ************** FTP SERVER SERVICE STARTING <date/time> ************** FTP SERVER SERVICE STOPPING <date/time> <IP_Address> <User> <Action> <Path> <date/time> where: <date/time> is the current date/time, such as "Fri Feb 13 17:49:21 1995" <ip_address> is the user's host IP address, such as "22.101.3.212" <user> is the name of the user (or anonymous ID), such as "janedoe" <action> is the action taken, either "opened", "created", or "appended" <path> is the full path and filename, such as "e:\users\default\file.txt" Following is an example of what a FTPSVC.LOG file's contents might look like: ************** FTP SERVER SERVICE STARTING Fri Feb 13 15:50:25 1995 22.101.3.212 janedoe opened e:\nt.555\mstools\api32wh.ind Fri Feb 13 15:50:40 1995 22.101.34.22 johndoe created c:\users\johndoe\report.txt Sat Feb 14 12:20:05 1995 ************** FTP SERVER SERVICE STOPPING Sun Feb 15 15:54:31 1995 MORE INFORMATION ================ In order to enable the logging feature follow the steps outlined below: WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk. 1. Start REGEDT32.EXE and locate the following Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\FTPSVC\Parameters 2. From the Edit menu, choose Add Value. Enter LogFileAccess in the Value Name field. Select REG_DWORD for the Data Type. Enter 1 in the String field. Save your changes. 3. Exit REGEDT32. 4. Exit Windows NT and turn off your computer. 5. Restart your computer and Windows NT. The new FTP server logging should now be enabled. Additional query words: prodnt ====================================================================== Keywords : kbnetwork Technology : kbWinNTsearch kbWinNTWsearch kbWinNT350search kbWinNTW350 kbWinNTW350search kbWinNTSsearch kbWinNTS350 kbWinNTS350search Version : 3.5 ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.