Configuring a Syslog server to send ProFTPD events.

The rsyslog service is used to transmit events from the server to the KUMA collector.

To configure the sending of events from the server where ProFTPD is installed to the collector:

1. Make sure that the rsyslog service is installed on the event source server. For this purpose, execute the following command:

   systemctl status rsyslog.service

   If the rsyslog service is not installed on the server, install it by executing the following commands:

   yum install rsyslog

   systemctl enable rsyslog.service

   systemctl start rsyslog.service

2. In the /etc/rsyslog.d directory, create the proftpd.conf file with the following content, depending on your protocol:
   • To send events over TCP:

     $ModLoad imfile

     $InputFileName /var/log/proftpd/*.log

     $InputFileTag tag_proftpd_log:

     $InputFileStateFile proftpd_log

     $InputRunFileMonitor

     if $syslogtag contains 'tag_proftpd_log' then {

     *.* action(type="omfwd" target="@<IP address of the KUMA collector>" port="<port of the KUMA collector>" protocol="tcp")

     stop

     }

   • To send events over UDP:

     $ModLoad imfile

     $InputFileName /var/log/proftpd/*.log

     $InputFileTag tag_proftpd_log:

     $InputFileStateFile proftpd_log

     $InputRunFileMonitor

     if $syslogtag contains 'tag_proftpd_log' then {

     *.* action(type="omfwd" target="@<IP address of the KUMA collector>" port="<port of the KUMA collector>" protocol="udp")

     stop

     }

3. Save the changes to the proftpd.conf file.
4. Restart the rsyslog service by executing the following command:

   systemctl restart rsyslog.service

The event source server is configured. Data about events is transmitted from the server to the KUMA collector.

Page top