Logging FTP access data (with NETed FTP virtual serveur)

when CLIENT_ACCEPTED {   
    set vip [IP::local_addr]:[TCP::local_port] 
    set user "unknown" 
    TCP::collect 
 } 
  
 when SERVER_CONNECTED {   
    set client "[IP::client_addr]:[TCP::client_port]" 
    set node "[IP::server_addr]:[TCP::server_port]" 
    set inside "[serverside {IP::local_addr}]:[serverside {TCP::local_port}]" 
  
    TCP::collect   
 }   
  
 when SERVER_DATA {   
  TCP::release   
  clientside { TCP::collect }   
 }   
  
 when CLIENT_DATA { 
   log local0. "[IP::client_addr]:[TCP::client_port]: collected payload ([TCP::payload length]): [TCP::payload]" 
  
    check if payload contains the string we want to replace 
   if { [TCP::payload] contains "USER" } 
     { 
       use a regular expression to save the user name 
      regexp "USER \(\[a-zA-Z0-9]+)"  [TCP::payload] all user 
   
       log connection info 
      log local0. "FTP connection from $client. Mapped to $inside -> $node, user $user" 
      TCP::release 
      return 
     } 
   else { 
    release the packet, and collect a new one 
      TCP::release 
      TCP::collect 
   } 
 }