KUMA allows monitoring Vsftpd events on Linux devices. Events are collected and audited by Vsftpd, after which the events are sent to KUMA via the rsyslog Syslog server.
Configuring the receipt of Vsftpd events involves the following steps:
When creating a collector in the KUMA web interface, at the Transport step, you need to specify the port and protocol configured for the Syslog server to send events. To receive audit events from Vsftpd, select the [OOTB] Vsftpd syslog normalizer at the Event parsing step.
You can verify that the receipt of events from Vsftpd is configured correctly by searching for related events in the KUMA web interface.