Can I monitor on FTP gets or retrieves?
search cancel

Can I monitor on FTP gets or retrieves?

book

Article ID: 159746

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor

Issue/Introduction

From testing I can see that data going to an FTP server is being monitored.  This is done with put or STOR commands.  But I don't seem to be able to monitor data that is coming from an FTP server with get or RETR commands.

Is there a way to monitor FTP data transfers from and FTP server?

Resolution

Data is transferred to an FTP server is done by the raw command STOR or the de-facto client alias put. 

Data transferred from an FTP server is done by the raw command RETR or the de-facto client alias put.

Details are in RFC 959.

The Data Loss Prevention (DLP) product monitors STOR transfers only by default.  RETR transfers can be monitored by making the following change:

  1. Login to the Enforce UI as an administrator.
  2. Navigate to the detection server's advanced page by going to System -> Servers and Detectors -> Select the Network Prevent for Web or Network Monitor server of interest -> Server Settings.
  3. Locate the PacketCapture.IS_FTP_RETR_ENABLED property.
  4. Change the property to "true".
  5. Save the changes by hitting the "Save" button in the Advanced settings.
  6. Recycle the Detection server.

To learn more about Advanced server settings refer to the document linked below:

Advanced server settings (broadcom.com)