Skip to main content
Skip table of contents

Pattern 5 : FTP Syslog

Vendor Documentation


Rule NameRule TypeClassificationCommon Event
Pattern 5: FTP SyslogBase RuleOps/InformationGeneral FTP Information
FTP Anonymous LoginSub RuleSecurity/SuspiciousSuspicious User Activity
FTP Administrator LoginSub RuleAudit/Authentication Success
User Logon
FTP Successful LoginSub RuleAudit/Authentication SuccessUser Logon
FTP Failed LoginSub RuleAudit/Authentication Failure
User Logon Failure
FTP Incorrect LoginSub RuleAudit/Authentication Failure
Authentication Failure Activity
FTP Transfer CompleteSub RuleAudit/Other Audit SuccessFile Transfer Complete
FTP User LogoutSub RuleAudit/Authentication SuccessUser Logoff
FTP Directory ListingSub RuleAudit/Access SuccessObject Read
FTP ConnectionSub RuleOps/Network TrafficConnection Established
FTP File Transfer RequestedSub RuleOps/InformationTransfer Request
FTP User LoginSub RuleAudit/Authentication SuccessUser Logon

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description

<dip>IP Address

<sip>IP Address





JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.