Skip to content

Bitvise sftp

Bitvise sftp

About

The SSH Server provides secure remote access to Windows servers and workstations. Security is our SSH server's key feature: in contrast with Telnet and FTP servers, Bitvise SSH Server encrypts data during transmission. Thus, no one can sniff your password or see what files you are transferring when you access your computer over SSH.

This is for the SFTP component of Bitvise SSH Server

Product Details

Vendor URL: Bitvise

Product Type: SSH server

Product Tier: Tier II

Integration Method: Syslog

Integration URL: Nxlog

Log Guide: Interpreting SSH Server Log Files

Parser Details

Log Format: JSON

Expected Normalization Rate: 99.99%

Data Label: BITVISE_SFTP

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
logGroup additional.fields[logGroup]
logStream additional.fields[logStream]
message.app metadata.product_name
message.app metadata.product_version
message.name principal.resource.name
message.sfs.desc metadata.description
message.sfs.parameters.path principal.file.full_path
seq metadata.product_log_id
time metadata.event_timeststamp

Product Event Types

Event UDM Event Classification
all GENERIC_EVENT

Log Sample

{ "messageType": "DATA_MESSAGE", "owner": "112233445566", "logGroup": "example-company-sftp-logs", "logStream": "AWS_FTP_SERVER_SAMPLE_HOST01", "subscriptionFilters": [ "sftp_logs_filter" ], "logEvents": [ { "id": "12345678901234567890123456789012345678901234567890", "timestamp": 1730790160000, "message": "{\"app\":\"BvSshServer 9.39\",\"seq\":\"1112223334\",\"name\":\"I_SFS_TRANSFER_FILE\",\"session\":{},\"channel\":{\"id\":\"1\",\"type\":\"session\"},\"error\":{},\"help\":{},\"parameters\":{},\"authentication\":{},\"sfs\":{\"moduleName\":\"FlowSfsWin\",\"parameters\":{\"entriesCount\":null,\"path\":\"C:\\\\Program Files\\\\File\\\\That\\\\Was\\\\SFTP\\\\Copied.xml\",\"length\":null,\"offset\":null,\"controlByte\":null,\"timeMs\":\"15\",\"bytesRead\":\"0\",\"bytesWritten\":\"20887\",\"readrangelength\":null,\"readrangeoffset\":null,\"writeRangeOffset\":\"0\",\"writeRangeLength\":\"20887\",\"createnewfile\":null,\"endedBy\":\"Client\",\"resizedFile\":\"false\",\"reachedEof\":null},\"mountPath\":\"/\",\"code\":\"90000\",\"desc\":\"File transfer ended.\"},\"time\":\"2024-11-04 23:51:06.068179 -0500\"}" } ] }

Sample Parsing

      metadata.product_log_id: "1112223334"
      metadata.event_type: GENERIC_EVENT
      metadata.vendor_name: "Bitvise"
      metadata.product_name: "BvSshServer"
      metadata.product_version: "9.39"
      metadata.description: "File transfer ended."
      additional.fields["logGroup"]: "example-company-sftp-logs"
      additional.fields["logStream"]: "AWS_FTP_SERVER_SAMPLE_HOST01"
      principal.user.userid: "ID:112233445566"
      principal.file.full_path: "C:\\Program Files\\File\\That\\Was\\SFTP\\Copied.xml"
      principal.resource.name: "ID:I_SFS_TRANSFER_FILE"

Rules

Coming Soon