I was looking for a file transfer method that supported multiple transfer protocols and that was easy to use. I ended up finding and trying zFTPServer. It was a great product and I thought life was grand. And then the requests came in. Did this person upload the file yet? Has this company downloaded the latest file? Can you give me a list of uploads by this client? My life was going through the logs. And then the glimmer of light in the dark cave of user requests. I had the logs in Splunk, why not make it so my users can search on their own. Brilliant! And so the work began. Starting with the file and client search and then security got word of the logs. From this came the failed logins, banned connections, and the connection map (aka - scare your Security Officer).
How it works
The zFTPServer application gathers the 3 log files that are generated by the zFTPServer application. Splunk then parses the data with saved searches and field extraction. At this point users can search the logs and get a graphical display of what is happening in the zFTPServer environment.
Challenges I ran into
Building this app helped me to expand my searching ability. For example, searching for something that wasn't there was a challenge. This can be found in the Who Is Logged In section. I needed to find when there was a log in without a log out.
Accomplishments that I'm proud of
I am most proud of being able to work through the challenges of building an app. This application has been able to cut down the amount of tickets and increase our ability to respond to client needs quicker. The front end person doesn't need to get a call from a client and put in a ticket, but can right away check if the file was uploaded/downloaded. Also, my front end people has more knowledge when they do put in that ticket.