When you configure ProFTPD to send log data to USM Appliance, you can use the ProFTPD plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:
|Device Type||FTP Server|
|Data Source Name||Proftpd|
|Data Source ID||1888|
Before you configure the ProFTPD integration, you must have the IP Address of the USM Appliance Sensor.
To configure ProFTPD to send Syslog messages to USM Appliance
proftpd will capture FTP server log messages via
syslog(3), using the
daemon facility (and
auth is also used for some logging). Log levels include:
debug. The location of the FTP server's log files is determined by your
Note: You can fine-tune
proftpd syslog-based logging via the
SyslogLevel directives. See the vendor log level documentation for more details on these settings.
Transfer logs (xferlogs) are not automatically sent to
syslog, but you can include an
ExtendedSyslog directive to include those messages. For example:
LogFormat xfer "%h %l %u %t\"%r\" %s %b"
ExtendedLog syslog:notice xfer
You also need to tell your syslog server to send log output to USM Appliance; to write log output to a log file.
The normal Linux
syslog command uses the
/etc/syslog.conf file (or similar) to configure how syslog streams operate. Since the Apache error log uses syslog-standard severity ratings, you can specify standard syslog configuration file settings to split
syslog output into separate files based on severity.
To send log entries to the USM ApplianceSensor, include the following configuration file statements:
if $programname == 'proftpd' then @<USM Appliance_IP_address>
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
For troubleshooting, refer to the vendor documentation: