Can I monitor on FTP gets or retrieves?
search cancel

Can I monitor on FTP gets or retrieves?

book

Article ID: 159746

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor

Issue/Introduction

From testing I can see that data going to an FTP server is being monitored.  This is done with put or STOR commands.  But I don't seem to be able to monitor data that is coming from an FTP server with get or RETR commands.

Is there a way to monitor FTP data transfers from and FTP server?

Resolution

Data is transfered to an FTP server is done by the raw command STOR or the de-facto client alias put. 

Data transfered from an FTP server is done by the raw comamnd RETR or the de-facto client alias put.

Details are in RFC 959.

The Data Loss Prevention (DLP) product monitors STOR transfers only by default.  RETR transfers can be monitored by making the following change:

  1. Login to the Enforce UI as an administrator.
  2. Navigate to the detection server's advanced page.
  3. Locate the PacketCapture.IS_FTP_RETR_ENABLED property.
  4. Change the property to "true".
  5. "save" the Advanced settings.
  6. Recycle the detection server.

Powered by Wolken Software