cancel
Showing results for 
Search instead for 
Did you mean: 
esbat80
Level 7

Retrieving Logs from Filezilla to McAfee SIEM

Hi ,

I am trying to retrieve logs from Filezilla, FTP software running on windows operating system. The connection between the SIEM and Filezilla is successful, but the rule message shown on SIEM is unknown. Do I need to do custom parsers or is there any configuration change in the log source configuration properties ?

The string I am receiving from FTP is as follows:

#Fields: date time time-taken c-ip sc-status s-action sc-bytes cs-bytes cs-method cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-username cs-auth-group s-hierarchy s-supplier-name rs(Content-Type) cs(User-Agent) sc-filter-result cs-category x-virus-id s-ip s-sitename.

Is the SIEM capable of automatically parse the logs ?

Any advise please

Thank you

0 Kudos
4 Replies
catdaddy
Level 20

Re: Retrieving Logs from Filezilla to McAfee SIEM

​,

                     Your Profile/Post is indicative you are using a (Corporate) product. I am moving your thread from

(Consumer General).  Moved from General Discussion to Security Information and Event Management (SIEM>Discussions

                      For better exposure and assistance.

By

Moderator

Cliff
McAfee Volunteer
0 Kudos
xded
Level 12

Re: Retrieving Logs from Filezilla to McAfee SIEM

You will need a custom parser for this configuration.

0 Kudos
esbat80
Level 7

Re: Retrieving Logs from Filezilla to McAfee SIEM

OK, I agree with you, how to proceed ?

0 Kudos
xded
Level 12

Re: Retrieving Logs from Filezilla to McAfee SIEM

Take a look to this kb

McAfee Corporate KB - PD24926

0 Kudos