I am running Pure-FTPD. Sample Log is as below : Mar 11 14:16:50 localhost pure-ftpd: ([email protected]) [INFO] New connection from example.com Mar 11 14:16:50 localhost pure-ftpd: ([email protected]) [INFO] user1 is now logged in Mar 11 14:16:56 localhost pure-ftpd: ([email protected]) [NOTICE] Deleted 2013-03-08 14.38 Content live-test.wmv
Above log is getting logged in syslog file. Another file which is storing the transfer log is "/var/log/pure-ftpd/transfer.log" example.com - user1 [11/Mar/2013:12:10:23 -0000] "PUT /ftpdrive/user1/FinalBackup.zip" 200 25268220 example.com - user1 [11/Mar/2013:12:24:57 -0000] "GET /ftpdrive/user1/FinalBackup.zip" 200 25268220 I need to get an alert for all download/upload/delete over FTP for any connection along with login alert too. On Mon, Mar 11, 2013 at 7:37 PM, dan (ddp) <[email protected]> wrote: > On Mon, Mar 11, 2013 at 3:38 AM, Pratap <[email protected]> wrote: > > Hi , > > > > I am trying to enable FTP log monitoring but my FTP logs are getting > stored > > in syslog.log file and another file for transfer log for FTP. I need to > get > > alert for any FTP user login/logout and file upload so that I can > monitor my > > FTP server actively and keep an eye on it for any activity. > > > > Any help would be help full . > > > > Thanks, > > > > What ftp daemon are you using? Is OSSEC monitoring the logfiles that > it uses to log activity? Can you provide log samples? > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- Regards, Pratap Singh -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
