I am trying to retrieve logs from Filezilla, FTP software running on windows operating system. The connection between the SIEM and Filezilla is successful, but the rule message shown on SIEM is unknown. Do I need to do custom parsers or is there any configuration change in the log source configuration properties ?
The string I am receiving from FTP is as follows:
#Fields: date time time-taken c-ip sc-status s-action sc-bytes cs-bytes cs-method cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-username cs-auth-group s-hierarchy s-supplier-name rs(Content-Type) cs(User-Agent) sc-filter-result cs-category x-virus-id s-ip s-sitename.
Is the SIEM capable of automatically parse the logs ?
Any advise please