Hi, I'm running a proftpd server. I don't see any reason to monitor the activity via OSSEC but here are the rule IDs that are relevant for proftpd. For the other servers you may want to check the rules file.
11205 - succesfull authentication of a user (happens very often!) 11201 - FTP session opened 11202 - FTP session closed Those are all lvl 3 alerts and sometimes a lot of them for just one file upload. In order to get an alert on uploads you might monitor the xferlog file and write a custom rule to detect uploads. This however will also result in a lot of alerts you get. I don't know the traffic you expect but it better not much or you will get a lot of mails. Regards Christian Am 11.03.2013 08:38, schrieb Pratap: > Hi , > > I am trying to enable FTP log monitoring but my FTP logs are getting > stored in syslog.log file and another file for transfer log for FTP. I > need to get alert for any FTP user login/logout and file upload so > that I can monitor my FTP server actively and keep an eye on it for > any activity. > > Any help would be help full . > > Thanks, > -- > > --- > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
