Skip to content




WS_FTP secure file transfer products use industry-leading security at every level of data management, protecting data before, during, after transit, and verifying that files reach intended destinations uncompromised.

Product Details

Vendor URL: WS_FTP

Product Type: FTP Server

Product Tier: Tier III

Integration Method: Syslog

Parser Details

Log Format: Syslog

Expected Normalization Rate: ~100%

Data Label: WS_FTP

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
c_Id security_result.detection_fields
c_Window security_result.detection_fields
Client principal.ip
Client principal.port
Command network.ftp.command
connection_id additional.fields
description security_result.action_details
Filename target.file.full_path
FileSize target.file.size
Host target.hostname
Listener intermediary.ip
Listener intermediary.port
observer observer.hostname
Parameters target.file.names
protocol network.application_protocol
s_Id security_result.detection_fields
s_Window security_result.detection_fields
SessionID network.session_id
User principal.user.userid

Product Event Types

Event UDM Event Classification
Connection events NETWORK_CONNECTION
User logged in/logon success USER_LOGIN

Log Sample

<14>Jan 19 11:02:29 HOSTNAME SSH: Client closed connection: 1234567 <, SessionID=12345678, Listener=, Client=, User=principal_user>

Sample Parsing

additional.fields["Connection ID"] = "1234567"
intermediary.ip = ""
intermediary.port = 22
metadata.description = "Client closed connection: 1234567"
metadata.event_type = "NETWORK_CONNECTION"
metadata.product_event_type = "SSH"
metadata.product_name = "WS_FTP"
metadata.vendor_name = "Progress"
network.application_protocol = "SSH"
network.session_id = "12345678"
observer.hostname = "HOSTNAME"
principal.ip = ""
principal.port = 8088
principal.user.userid = "principal_user"
security_result.action_details = "Client closed connection"
security_result.action = "UNKNOWN_ACTION"
target.hostname = ""