This is the log when an unpermitted FTP connection is made in the client (CT).

Only the FTP communication log of the connection target server of the FTP client with the communication port set as “21” is recorded.

Set policy in the [Terminal Initial Settings] window, the [User Policy Settings] window or the window after the Management Console is started (CT policy settings window).
Set [FTP Server Connection] as [Prohibited] in the [FTP Server Connection Prohibition] tab.

When searching in Log Viewer, input “FTP Operation Prohibition” in type of log, “Violation” in classification, “FTP Server Connection Prohibition” as a keyword in the search conditions. FTP client process name and IP address of the accessed FTP server can also be specified in keyword.
The keyword can be searched under partial match.

Logs that can be viewed are as follows:

[Name]: name of the client (CT)

[Occurrence Date and Time]: time for collecting logs at client (CT)

[User ID: logon user name of the client (CT)

[Domain Name]: it is the domain name of the client (CT) when logging on to domain while it is the computer name of the client (CT) when logging on to local computer

[Type]: [FTP Connection Prohibition] (fixed value)

[Classification]: violation

[Attachment]: (not displayed)

[Content]: the following content is displayed.

• FTP client program name (*)

• IP address of FTP server (*)

The maximum length of the string displayed in the content is 519 bytes. Because only the length within 519 bytes is displayed when the length of string displayed in the content exceeds 519 bytes, the length of the content will be adjusted.

Example of [Content]

prohibited connecting to [192.168.1.100]. Application name: [FTP.EXE]

*) When performing keyword search in Log Viewer, it can be specified as keyword.

[Note]: (not displayed)