Document toolboxDocument toolbox

ftp.all.access

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Nov 10, 2023
1 min read
[ 1 Introduction ] [ 2 Source tables ] [ 3 Table structure ] [ 4 Field transformations ]

Introduction

This table collects a variety of access event logs from FTP data.

Source tables

The information displayed is extracted from the following tables:

  • ftp.iis.accessW3cAll

Table structure

This is the set of columns displayed by this union table, which is the result of the collection of columns present in all source tables:

Extra fields

Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in  Selecting unrevealed columns.

 

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

source

str

 

 

environment

str

 

 

site

str

 

 

clon

str

 

 

date

str

 

 

time

str

 

 

client_ip

str

 

 

client_ipv4

ip4

clientIp

 

client_port

str

clientPort

 

client_username

str

userName

 

server_site

str

siteName

 

server_name

str

computerName

 

server_hostname

str

host

 

server_ip

str

 

 

server_ipv4

ip4

serverIp

 

server_port

str

serverPort

 

method

str

 

 

file_requested

str

uriStem

 

status_code

str

ftpStatus

 

bytes_sent

int8

bytesSent

 

bytes_received

int8

bytesRecv

 

duration

int8

timeTaken

 

session

str

 

 

file_path

str

fullPath

 

info

str

 

 

rawMessage

str

 

✓

hostchain

str

 

✓

tag

str

 

✓

Field transformations

Even though all source tables have several features in common, they have some particularities that make it necessary to undergo a set of transformations to harmonize them for the union table. The most common transformations comprise changes in the data type or the application of rules when several columns in the source table feed a single column in the union table. You can find below the detailed list of transformations in each source table.

ftp.iis.accessW3cAll

Field in union table

Field in source table

Field transformation

Type

Extra fields

Field in union table

Field in source table

Field transformation

Type

Extra fields

eventdate

eventdate

 

timestamp

 

source

-

"accessW3cAll"

str

 

environment

environment

 

str

 

site

site

 

str

 

clon

clon

 

str

 

date

date

 

str

 

time

time

 

str

 

client_ip

c_ip

str(c_ip)

str

 

client_ipv4

client_ipv4

 

ip4

 

client_port

client_port

 

str

 

client_username

client_username

 

str

 

server_site

server_site

 

str

 

server_name

server_name

 

str

 

server_hostname

server_hostname

 

str

 

server_ip

s_ip

str(s_ip)

str

 

server_ipv4

server_ipv4

 

ip4

 

server_port

server_port

 

str

 

method

cs_method

 

str

 

file_requested

file_requested

 

str

 

status_code

status_code

 

str

 

bytes_sent

bytes_sent

 

int8

 

bytes_received

bytes_received

 

int8

 

duration

duration

 

int8

 

session

x_session

 

str

 

file_path

file_path

 

str

 

info

x_debug

 

str

 

rawMessage

rawMessage

 

str

 

hostchain

hostchain

 

str

✓

tag

tag

 

str

✓