FTP Analysis

Software Assist offers an FTP Analysis service to enable a company to assess the volume and nature of FTP activity taking place on their network FTP servers. The nominal cost of this service is applicable to the licensing fees for FTP/WatchDog if licensed within 90 days of the FTP Analysis.

FTP Analysis Overview

The FTP Analysis process consists of the following steps:

  1. Locate one or more FTP Server log file(s) that you would like to analyze.
  2. Download the FTP Server log file(s) to your PC.
  3. Zip and Attach the FTP Server log file(s) to an email and send it to Software Assist.
  4. Schedule a Web-based walk-through of the FTP usage data with FTP/WatchDog PC.

Step 1: Locate the FTP Server Log File

There are many different distributed systems FTP servers on the market today. Most, but not all, support the industry standard XFERLOG format for logging FTP activity. Different FTP servers store their logs in different folders. It is also possible with most FTP servers to override the location and file name of the log file. The table below shows the default location and file name for the log file for some of the more popular distributed system FTP servers.

FTP Server

Default Log File

Comments

Solaris FTP Server

/var/log/xferlog

 

BSD ftpd

/var/log/ftpd

 

The location of the FTP log can be modified by changing the following line in /etc/syslog.conf:

ftp.info /var/log/xferlog

HPUX FTP Server

/var/adm/syslog/xferlog

 

wu-FTP

/var/adm/xferlog

The location of the log file is specified by the _PATH_XFERLOG setting in the file pathnames.h.

Pro FTPD

The file name for the log file is specified using the SystemLog directive.

If no SystemLog directive is specified, logging is performed in Syslog and is not in the XFERLOG format.

Microsoft IIS FTP Server

IIS Log Format:
  inyymmddhh.log
  inyymmdd.log
  inyymmww.log
  inyymm.log

W3C log format:
  exyymmddhh.log
  exyymmdd.log
  exyymmww.log
  exyymm.log

The Microsoft IIS Server has the ability to log FTP activity in two different formats; IIS log format and W3C log format.

The log file names are determined by the log format chosen. Log files are created to contain data by hour, day, week and month.

VsFTPD

/opt/var/log/vsftpd.log

 


If you have difficulty locating the FTP log file(s), contact the appropriate system manager.

Step 2. Download the FTP Server Log File to your PC

Once you have located the log file, download a copy to your PC in binary mode. You can use FTP or copy the file, depending on the environment.

Step 3. Email Zipped FTP Server Log File to Software Assist

Zip up the log file and email it to Software Assist at auditor@softwareassist.net.

Step 4: Schedule FTP Analysis

Once we have received your sample data, we will load it into FTP/WatchDog and prepare it for an online review. You will be contacted to schedule a time that is convenient to review the FTP activity reflected in the sample.

Step 5. Review FTP activity online

After we have scheduled the review, you will receive an email with a link to the online session. At the agreed upon time, we will review the FTP data that you sent us online using a web collaboration application to view the FTP/WatchDog reports and screens. You will get a chance to see how FTP/WatchDog works and take a close look at FTP usage activity in your environment.

What you learn in an FTP Analysis

Who is using FTP?

 What are they doing with it?

 What data is travelling in/out of the company?

 Where is data coming from and going to?

 Who is initiating transmissions of sensitive data?

What FTP activity is failing?

What are the largest FTP Transmissions?

What are the longest-running transmissions?

Is any anonymous FTP taking place?

What FTP servers see the most activity?

©2008, Software Assist Corporation. All rights Reserved
home   contact us   news