Hello,
My organization has an FTP application (EFT Server Enterprise) that writes it's authentication related logs to a SQL database which is stored on a separate server. The logs are W3C format. The FTP server itself has 30+ IP addresses all assigned to different FTP sites housed in the EFT Server Enterprise application.
I'm curious if there is a way to intercept these logs midstream and direct them to Nagios Log Server as well as the SQL database? I guess no one thought to check whether Log Server was collecting that information or not and now there is a need for it.
Do you have any experience collecting logs from enterprise FTP applications?
Thank you.
Intercept logs from FTP app sent to SQL database?
Re: Intercept logs from FTP app sent to SQL database?
Setting up a man in the middle is bit beyond our scope 
but you could always use the shipper.py script or nxlog to send the log over if it's a simple text file or you could use the jdbc input to query a sql database:
https://www.elastic.co/guide/en/logstas ... -jdbc.html
but you could always use the shipper.py script or nxlog to send the log over if it's a simple text file or you could use the jdbc input to query a sql database:https://www.elastic.co/guide/en/logstas ... -jdbc.html
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Intercept logs from FTP app sent to SQL database?
I would like to use nxlog since we're already deploying the client, but I don't know how to modify the config file to make it look for logs somewhere besides where the Windows logs are stored.use the shipper.py script or nxlog to send the log over if it's a simple text file
Re: Intercept logs from FTP app sent to SQL database?
A new input, route, and output similar to the IIS input, route, and output in the configuration attached to https://support.nagios.com/forum/viewto ... 38&t=52799 should do the trick or at least get you on the way:
The input on the NLS side would look something like:
Code: Select all
<Extension w3c>
Module xm_csv
Fields $date, $time, $sitename, $computername, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $cs-version, $csUser-Agent, $cs-cookie, $cs-Referer, $cs_host, $sc-status, $sc-substatus, $sc-win32-status, $sc-bytes, $cs-bytes, $time-taken
FieldTypes string, string, string, string, string, string, string, string, integer, string, string, string, string, string, string, string, integer, integer, integer, integer, integer, integer
Delimiter ' '
QuoteChar '"'
EscapeControl FALSE
UndefValue -
</Extension>Code: Select all
<Input ftplogs>
Module im_file
File "C:\location of ftp logs"
SavePos TRUE
Recursive TRUE
Exec if $raw_event =~ /^#/ drop(); \
else \
{ \
w3c->parse_csv(); \
$EventTime = parsedate($date + " " + $time); \
$SourceName = "FTP"; \
$Message = to_json(); \
}
</Input>Code: Select all
<Output ftpout>
Module om_tcp
Host XXXXXXX
Port 3334 #Make sure to setup a new JSON input on the NLS side of things.
Exec $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
# Uncomment for debug output
#Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>Code: Select all
<Route 2>
Path ftp=> ftpout
</Route>Code: Select all
tcp {
type => 'ftp_json'
tags => 'ftp_json'
port => 3334
codec => json
}As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.