There are two possible reasons why an FTP login or command request is rejected:

1. the rejection is originated from SECTCP FTP exit routines, because the request does not complain with SECTCP security rules
2. the request is originated by the system itself, because of an object security violation, a reference to an unexisting object, etc.

SECTCP exit programs have control on an FTP request before it is approved by SECTCP security rules, but they have no feeback about the success of an operation after they have validated it.

As a consequence, everything that is reported by SECTCP as an exception deals with compliance to SECTCP security rules.

As SECTCP provides to the FTP session no feedback messages about violations to its rules, sometimes it may be not easy tyo understand which SECTCP rule was violated.

This is why SECTCP maintains a log of all the SECTCP_rejected requests in the last 24 hours.

By looking at this log, the SECTCP security officer may more easily understand the reasons why an FTP request was rejected by SECTCP.

Each log entry provides:

• The timestamp of the event
• The client IP address
• The category of the client IP address (Allowed/Privileged/Excluded/Unclassified)
• The user profile (username) used to login
• The request that was rejected (example: login or Set current dir)
• The object of this request (example: a directory name)
• The reason why the request was rejected (example: Not allowed to access this directory)
• A short tip about how to avoid such a rejection.