ftp status command

Thanks For Downloading!

Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:

Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into %PROGRAMFILES%\Splunk\etc\apps. Then restart Splunk using the splunk restart command or the GUI.

Unix/Linux: Decompress the downloaded file using a tool like tar -xvf and place the resulting folder into $SPLUNK_HOME/etc/apps. Then restart Splunk using the splunk restart command or the GUI.

Ever wonder if an address in your event has an anonymous ftp server running?
This could be one of your own addresses in your data center where running an
anonymous ftp site is supposed to be prohibited. This is a Splunk command
called ftpstatus that returns in realtime a status to see if anonymous ftp is
running on the address in question.

Usage:

<some search that has a ftp_address field> | ftpstatus

The distribution comes with a sample_addresses.log file that gets
indexed into your sample index. You can do things like:

index="sample" sourcetype="sample_addresses" address!=""|eval
ftp_address=address|ftpstatus|table address, ftpstatus

Read the README.txt for installation instructions