From OSSEC Wiki

Jump to: navigation, search
[edit]

Log Samples from Pure-FTPD

  • Connection attempt:

pure-ftpd-wrapper[926]: connect from 192.168.20.10 (192.168.20.10)

pure-ftpd: (?@192.168.20.10) [INFO] New connection from 192.168.20.10


  • Connection closed:

pure-ftpd: (abcde@192.168.20.10) [INFO] Logout.


  • Login failed:

pure-ftpd: (?@192.168.20.10) [WARNING] Authentication failed for user [inv-user]

[edit]

Full samples

Sample 1: 

pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator]
pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator]
pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator]
pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator]
pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator]
pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator]
pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator]
Retrieved from "http://www.ossec.net/wiki/index.php/Pure-FTPD"
Views
Personal tools