Reading FTP Logs in xferlog Format

For some reason I can never remember the xferlog format that is used by daemons such as Pure-FTP. Although xferlog is well documented, I am always fumbling to find the doc when I need it, and it's never bad to have information duplicated in many places!

Anyways, on with the description. Here is a sample log entry from my server (with access IPs and dirs changed):

Fri May 14 05:16:12 2010 0 ::ffff:1.2.3.4 11974 /home/user/public_html/index.php a _ i r user ftp 0 * c

I'll step through each item individually. The delimiter here is whitespace, so each new token represents a unique piece of data, with the exception of the date at the beginning.

Fri May 14 05:16:12 2010
Date/time stamp, nothing complicated.

0
Transfer time, in whole seconds (this transfer took less than a second, so zero).

::ffff:1.2.3.4
Remote host where the user connected from.

11974
Size of the transferred file (in bytes).

/home/user/public_html/index.php
Full path to the uploaded file.

a
Transfer type, a = ASCII (plain-text files), b = binary (everything else)

_
Action flag, C = compressed, U = uncompressed; T = tar'ed; _ = no action was taken.

i
Direction, i = incoming, o = outgoing, d = deleted.

r
Access mode, a = anonymous user, r = real (normal) user.

user
Local username authenticated with.

ftp
The service being invoked (almost always FTP).

0
Authentication method, 0 = none, 1 = RFC931 authetication.

*
User ID or * if not available (virtual user).

c
Completion status, c = completed, i = incomplete.

Fonte: http://www.gnode.net/reading-ftp-logs-in-xferlog-format