Skip to main content
Skip table of contents

FTP Access Log

Vendor Documentation

https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/proxysg/common/LogFieldsSubs.pdf

Classification

Rule NameRule TypeClassificationCommon Event
FTP Access LogBase RuleInformationConnection Information
EVID 1010 : Access Log FTPSub RuleInformationGeneral FTP Information
EVID 107 : Connecting To Primary ServerSub RuleNetwork TrafficConnection Built
EVID 1080 : Creating Data SocketSub RuleNetwork TrafficConnection Built
EVID 1253 : STOR CommandSub RuleInformationGeneral FTP Command
EVID 1526 : QUIT CommandSub RuleInformationGeneral FTP Command
EVID 1629 : User Logged InSub RuleAuthentication SuccessUser Logon
EVID 498 : USER CommandSub RuleInformationGeneral FTP Command
EVID 627 : PASS CommandSub RuleInformationGeneral FTP Command
EVID 703 : TYPE CommandSub RuleInformationGeneral FTP Command
EVID 782 : CWD CommandSub RuleInformationGeneral FTP Command
Invalid FilenameSub RuleErrorFTP - 553 - Cmd Not Accepted - Invalid Filename
Requested File Action AbortedSub RuleErrorFTP - 552 - Cmd Not Accepted - Allocation Exceeded
Page Type UnknownSub RuleErrorFTP - 551 - Cmd Not Accepted - Page Type Unknown
File UnavailableSub RuleErrorFTP - 550 - Cmd Not Accepted - File Unavailable
Need Account For Storing FilesSub RuleErrorFTP - 532 - Cmd Not Accepted - Need Account
User Not Logged InSub RuleAccess FailureCommand Execution Failure
Command Not Implemented For ParameterSub RuleWarningFTP - 504 - Cmd Not Accepted - Invalid Parameter
Bad Sequence Of CommandsSub RuleErrorFTP - 503 - Cmd Not Accepted - Bad Sequence
Command Not Implemented - ERRRSub RuleErrorFTP - 502 - Cmd Not Accepted - Not Implemented
Syntax Error In Parameters Or ArgumentsSub RuleReconnaissanceReconnaissance Activity
Syntax Error : Command UnrecognizedSub RuleErrorFTP - 500 - Cmd Not Accepted - Error In Command
Requested Action Not TakenSub RuleErrorFTP - 452 - Cmd Not Accepted - Insufficient Space
Requested Action AbortedSub RuleErrorFTP - 451 - Cmd Not Accepted - Action Aborted
Requested File Action Not TakenSub RuleErrorFTP - 450 - Cmd Not Accepted - Action Not Taken
Host UnavailableSub RuleErrorFTP - 434 - Cmd Not Accepted - Host Unavailable
Connection Closed : Transfer AbortedSub RuleErrorFTP - 426 - Cmd Not Accepted - Connection Closed
Cant Open Data ConnectionSub RuleErrorFTP - 425 - Cmd Not Accepted - Cant Open Conn
Service Not AvailableSub RuleErrorFTP - 421 - Cmd Not Accepted - Service Unavailable
Requested File Action PendingSub RuleInformationFTP - 350 - Cmd Ok - Action Pending
Need Account For LoginSub RuleAuthentication SuccessAuthentication Activity
User Name OkSub RuleAuthentication SuccessAuthentication Activity
Pathname CreatedSub RuleAccess SuccessObject Created
Requested File Action CompletedSub RuleAccess SuccessCommand Executed
Logout NotedSub RuleAuthentication SuccessAuthentication Activity
User Logged OutSub RuleAuthentication SuccessUser Logoff
User Logged InSub RuleAuthentication SuccessUser Logon
Extended Passive ModeSub RuleInformationFTP - 229 - Cmd Success - Extended Passive Mode
Long Passive ModeSub RuleInformationFTP - 228 - Cmd Success - Long Passive Mode
Entering Passive ModeSub RuleInformationFTP - 227 - Completed Successfully - Passive Mode
Closing Data ConnectionSub RuleNetwork TrafficConnection Closed
Data Connection OpenSub RuleNetwork TrafficConnection Built
Service Closing Control ConnectionSub RuleNetwork TrafficConnection Closed
Service Ready For New UserSub RuleInformationFTP - 220 - Completed Successfully - Service Ready
Name System TypeSub RuleInformationFTP - 215 - Completed Successfully - System Type
Help MessageSub RuleInformationFTP - 214 - Completed Succesfully - Help Message
File StatusSub RuleInformationFTP - 213 - Completed Successfully - File Status
Directory StatusSub RuleInformationFTP - 212 - Completed Successfully - Dir Status
System StatusSub RuleInformationFTP - 211 - Completed Successfully - System Status
Command Not Implemented - INFOSub RuleInformationFTP - 202 - Completed Successfully - No Command
Command OkaySub RuleInformationFTP - 200 - Completed Successfully - Command Ok
Open Data ConnectionSub RuleNetwork TrafficConnection Built
Transfer StartingSub RuleNetwork TrafficTransfer Started
Service ReadySub RuleInformationFTP - 120 - Cmd Initiated - Service Ready
Restart Marker ReplySub RuleInformationFTP - 100 - Command Initiated - Action Initiated
Transfer StartingSub RuleNetwork TrafficTransfer Started

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

N/A

<vmid>Text/String/Number
N/A<tag3>Text/String/Number
N/A<responsecode>Number
N/A<domainorigin>Text/String
N/A<dname>Text/String
N/A<dport>Number
N/A<login>Text/String
N/A<subject>Text/String
N/A<tag1>Text/String
N/A<command>Text/String
N/A<tag2>Text/String
N/A<dip>Ip Address
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close