KUMA allows monitoring ProFTPD events on Linux devices. Events are collected and audited by ProFTPD, after which the events are sent to KUMA via the rsyslog Syslog server.
Configuring the receipt of ProFTPD events involves the following steps:
When creating a collector in the KUMA web interface, at the Transport step, you need to specify the port and protocol configured for the Syslog server to send events. To receive audit events from ProFTPD, select the [OOTB] Proftpd syslog normalizer at the Event parsing step.
You can verify that the receipt of events from ProFTPD is configured correctly by searching for related events in the KUMA web interface.