Proftpd - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual

67
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
P FTPd
RO
STRM can collect events from a ProFTP server through syslog. By default,
ProFTPd logs authentication related messages to the local syslog using the auth
(or authpriv) facility. All other logging is done using the daemon facility. To log
ProFTPd messages to STRM, use the SyslogFacility directive to change the
default facility.
Before you configure STRM to integrate with a ProFTPd device, you must:
Open the
/etc/proftd.conf
Below the LogFormat directives add the following:
SyslogFacility <facility>
Where is one of the following options: AUTH (or AUTHPRIV), CRON,
<facility>
DAEMON, KERN, LPR, MAIL, NEWS, USER, UUCP, LOCAL0, LOCAL1,
LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, or LOCAL7.
Save the file and exit.
Open the
/etc/syslog.conf
Add the following line at the end of the file:
<facility> @<STRM host>
Where:
matches the facility chosen in
<facility>
is the IP address of the STRM Event Collector.
<STRM host>
Restart syslog and ProFTPd:
/etc/init.d/syslog restart
/etc/init.d/proftpd restart
You are now ready to configure the sensor device within the STRM interface. To
configure STRM to receive events from an ProFTPd device, you must select the
ProFTPD server option from the Sensor Device Type drop-down list box. For
more information on configuring sensor devices, see the Managing Sensor
Devices Guide. For more information regarding ProFTPd, see your vendor
documentation.
Configuring DSMs Guide
file.
file
Step 2 (except in lower case).