Device Details
|
Vendor |
Ipswitch |
|---|---|
|
Device Type |
Ipswitch WS_FTP |
|
Supported Model Name/Number |
WS_FTP Server |
|
Supported Software Version(s) |
N/A |
|
Collection Method |
Flat File |
|
Configurable Log Output? |
No |
|
Log Source Type |
Flat File - IPSwitch WS_FTP |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
Device Configuration Checklist
You must administer the following changes in WS_FTP Server Manager:
-
From your existing set of WS_FTP Server users, add users to the Web Access list.Log in to the WS_FTP Server Manager, and select Home, then Modules. The Modules page opens.Select Web Transfer Access.Add any users to whom you want to provide web access.
-
Roll out Web Transfer Access to your users by providing them the address (URL) to log on to the Web Transfer Client. The address is http://<local_machine>/thinclient/, where <local_machine> is the domain name of the computer on which you installed the Web Transfer Client. If you specified a port other than port 80 during installation, you need to enter it in the address.
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
SFTP Activity Message |
All |
Log severity, process, vendor info, object, source name, session id, destination IP, destination port, source IP, source port, user login, command, object name, size, duration |
|
SSH Message |
All |
Log severity, process, vendor info, source name, destination IP, destination port, source name, session id, source IP, source port, user login |
|
SFTP Subsystem Started |
All |
Log severity, process, vendor info, object, source name, session id, destination IP, destination port, source IP, source port, user login, command, object type |
|
Catch All : Level 3 |
All |
Log severity, process, vendor info, object, source name, session id, user login, command |
Parsed Metadata Fields
|
Ipswitch WS_FTP Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
Client |
<sip> |
Source IP Address/String |
|
Filename |
<objecttype> |
Text/String |
|
Host |
<sname> |
Text/String |
|
Listener |
<dip> |
Text/String |
|
N/A |
<severity> |
Text/String |
|
N/A |
<process> |
Text/String |
|
N/A |
<dport> |
Numeric /String |
|
N/A |
<sport> |
Numeric /String |
|
N/A |
<vendorinfo> |
Vendor Info/String |
|
N/A |
<object> |
Object Info/String |
|
N/A |
<objectname> |
Object Name/String |
|
N/A |
<login> |
Text/String |
|
N/A |
<command> |
Command/String |
|
N/A |
<size> |
Numeric /String |
|
N/A |
<milliseconds> |
Numeric /String |
|
SessionID |
<session> |
Session/String |