The Auditing and Reporting module comes with a number of preconfigured reports that allow you to start analyzing data right away. The report templates are .xml files and are installed in C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\EFT Server Enterprise\Reports or \EFT Server\Reports. If you plan to edit the default templates, it is a good idea to save a backup of them first. (Note: On Windows 2008, Application Data files for all users are in a hidden folder named %systemroot%\ProgramData instead of under Documents and Settings\All Users\Application Data.)
The preconfigured reports fall into the following categories:
Billing: ARM allows EFT Server administrators to more effectively bill their clients. Many EFT Server customers bill their customers for file transfer services and need to supply accurate reports to their customers and for their own invoicing purposes. These customers want to query and produce reports based on multiple criteria such as a specific client, a group of clients or all clients, a particular date range, and a specific file or all files transferred for that user.
Non-repudiation: Many EFT Server customers need to audit transactions throughout their life cycle and need to determine whether a particular Event occurred and when it occurred. This would include searching for all activity for a specific user for a specific date or to locate a transaction within a date range for auditing purposes. Customers must be able to show conclusively whether something happened, when it happened, and who was responsible for making it happen.
Statistics: The need to gather statistical data that would allow the customer to take preventive measures (such as scale to meet increasing demand), to establish trends, create general usage reports for stakeholders, and to query and analyze trends and server usage (peak usage times, most active customers, etc.).
Technical troubleshooting: Granular auditing of all socket, protocol, authentication, and transaction information allows the administrator to quickly locate and solve problem scenarios.
The preconfigured reports described below are provided with the Auditing and Reporting module. You can run the reports as is or edit them to suit your specific needs.
EFT Server activities:
Activity - All Groups (Detailed) - This report displays the various Actions performed by all the groups, such as Administrator, All users, and Guests, and it displays Date/Time, Remote IP address, protocol, Action, filename, folder, bytes transferred, and the result.
Activity - All Users (Summary) - This report displays the transfer activity (total number of uploads and downloads) for all users who logged on to EFT Server during the date range specified, grouped by username, subgrouped by date, sorted by username, then transfer direction, and date, in ascending order.
Activity - All Users (Detailed) - This report displays all folder and file create and delete activity for all users who logged on to EFT Server during a particular period, grouped by username, and sorted in reverse chronological order. The report includes the time stamp, remote IP address of the user, protocol, Action, file name, folder, KB transferred, and the result.
Activity - By File - This report displays all the activities related to a specified file, based on wildcard masks, grouped by Site name, subgrouped by matching filename, sorted in chronological order. The report displays the time stamp, user name, remote IP address, and protocol. To generate this report, you have to specify the report parameters, such as .txt to view only txt files or *.* to view all files.
Activity - By Group (Detailed) - This report displays the folder and file create and delete activity during a specified period for a specific group, grouped by group name, and sorted by date in reverse chronological order. The report displays the remote IP address, protocol, Action, time stamp, file name, folder, bytes transferred, and result. When you click Show Report, the Report Parameters dialog box appears asking for the group name.
Activity - By User (Detailed) - This report displays the folder and file create and delete activity during a specified period for a specific user, grouped by username, and sorted by date in reverse chronological order. When you click Show Report, the Report Parameters dialog box appears asking for the name of the user.
Activity - By User (Detailed) - Group by Username/Action - This report displays the folder and file create and delete activity during a specified period for specific users, grouped by username, subgrouped by Action, and sorted by date in reverse chronological order. That is, the report displays all files created under the Created Action and all files that are sent are displayed under the Sent Action. When you click Show Report, the Report Parameters dialog box appears asking for the name of the user.
Activity - By User (Summary) - This report displays the transfer activity for specifics users, grouped by username, subgrouped by date, sorted by username, transfer direction, and date, in descending order.
Admin Actions - (Requires High Security Module in addition to ARM) This report displays all EFT Server administrator activity for the specified range. Columns displayed in the report and available report filters include Date/Time (Timestamp), Function (e.g., User Account, Site, Database Refresh, SMTP Settings), Action (e.g., Created, Enabled, Disconnected, Modified, Started, Renamed), Affected Area (e.g., User Account, Site, Server, Administration), Affected Name (username), ChangeOriginator (administrator username), SiteName (e.g., MySite). Click here for an example of the Administrator Actions Log.
Web Service- Invoke Event Rules (Detailed) - This report is used to view detailed activity for invoking Event Rules through Web Service, grouped by username, and sorted by date in reverse chronological order.
Security - Failed Logins - This report displays the number of users who could not connect to EFT Server. It displays the user name, remote IP address, protocol used, date, time, remote IP address, port number, and result. Click here for an example of the report.
Secure Ad Hoc Transfer (SAT) Module-related reports:
Activity-SAT by File (Detailed) - This report displays all Secure Ad Hoc Transfer module activity for a specified file name, and sorted by date in reverse chronological order. If a user sent multiple files on one e-mail via the SAT module, each of the files are listed in the report.
Activity-SAT By Recipient (Detailed) - This report displays all Secure Ad Hoc Transfer module activity for a specified recipient's e-mail address, and sorted by date in reverse chronological order. If a user sent multiple files on one e-mail via the SAT module, each of the files are listed in the report. When you click Show Report, the Enter Report Parameters dialog box appears. Provide the entire e-mail address.
Activity-SAT by Sender (Detailed) - This report displays all Secure Ad Hoc Transfer module activity for a specified sender's e-mail address, and sorted by date in reverse chronological order. If a user sent multiple files on one e-mail via the SAT module, each of the files are listed in the report. When you click Show Report, the Enter Report Parameters dialog box appears. Provide the entire e-mail address.
Activity-SAT (Detailed) - This report displays activity for Secure Ad Hoc Transfer module activity, sorted by date in reverse chronological order. If a user sent multiple files on one e-mail via the SAT module, each of the files are listed in the report.
Activity-SAT (Summary) - This report displays all Secure Ad Hoc Transfer module activity, grouped by username, and sorted by date in reverse chronological order. If a user sent multiple files on one e-mail via the SAT module, each of the files are listed in the report.
AS2-Related reports:
AS2 Transactions Detailed - A verbose AS2 file transfer report that provides the information necessary for troubleshooting problem transactions.
AS2 Transactions Overview - A transaction report that displays the same information as shown on the Transfers - AS2 node. The report queries all AS2 transactions for the dates specified, grouped by site, sorted by date, and listed in reverse chronological order.
Event Rules - Actions (Summary) - This report summarizes all Event Rules with their corresponding Actions, grouped by Site name, subgrouped by the user-defined Event name, sorted by the unique Event ID (not shown in report) in descending order. Click here for an example of the report.
Event Rules - Activity (Detailed) - This report displays the Event Rule activity by user-defined Event name, grouped by Site name, subgrouped by the Event type, sorted by date in reverse chronological order.
Event Rules - Activity (Summary) - This report summarizes the Event Rule activity by user-defined Event name, grouped by Site name, sub-grouped by the Event type, sorted by date in reverse chronological order.
Event Rules - Inbound-Outbound By Date - This report details all offload and download Actions, grouped by Site subgrouped by Action, sorted by date in reverse chronological order.
Event Rules - Inbound-Outbound By User - This report details all offload and download Actions, grouped by Site name, then by remote host IP address, then by username, sorted in reverse chronological order.
Executive Summary Report - This report summarizes the following information for the period specified:
Average transfer speed
Total number of downloads, uploads
Total bytes transferred (inbound/outbound)
Top 5 users (by # of connections)
Top 5 users (by bytes transferred)
Most concurrent users at any given time
Traffic reports:
Traffic - Average Transfer Rates by User - This report displays the average transfer rate for specific users, grouped by username, subgrouped by date, sorted by username, transfer direction, and date, in descending order.
Traffic - Connections Summary - This report details connections to EFT Server (IP address or user connections) and bytes transferred by date, grouped by Site name, sorted by date in reverse chronological order. Click here for an example of the report.
Traffic - Datewise-Hourly Bytes Transferred - This report details the connections and bytes transferred sorted by date and hour, in chronological order. Click here for an example of the report.
Traffic - Datewise-IPwise bytes transferred - This report displays the connections established by remote IP addresses and total bytes transferred. Click here for an example of the report.
Traffic - IPwise Connections (Summary) - This report displays the connections established by remote IP addresses and total bytes transferred.
Traffic - Monthwise-IP-wise Bytes transferred - This report displays the connections established by various remote IP addresses on a monthly basis. It displays the Site name, month name, remote IP address, connections, and total bytes transferred.
Traffic - Most Active IPs - Connections - This report displays the most active IP addresses; that is, the IP addresses of the users who frequently log on to EFT Server. It displays the data transferred, Site name, remote IP address, and bytes transferred. This report can be used to determine Denial of Service (DoS) attacks against EFT Server. Click here for an example of the report.
Traffic - Most Active IPs - Data Transferred - This report displays the IP addresses of users who log on to EFT Server frequently; the number of connections established by various users. It displays the information on the total bytes transferred, number of connections, remote IP address, and Site name.
Traffic - Most Active Users - Connections - This report displays the connections established by the most active users.
Traffic - Most Active Users - Data Transferred - This report displays the usernames of users who log on to EFT Server frequently; the number of connections established by various users, and number of bytes transferred.
Traffic - Protocolwise Connections (Summary) - This report displays the connections established by various users and the protocol used by the users to transfer the data, that is, whether the users have used FTP, HTTP, or any other protocol to upload or download the files. Click here for an example of the report.
Traffic - Sitewise-Hourly by User - This report displays the total number of connection established by various users on a particular Site each hour. Click here for an example of the report.
Troubleshooting reports:
Troubleshooting - Connection Errors - This report displays the number of connection errors occurred while connecting to a site.
Troubleshooting - IP Address Activity (Detailed) - This report displays the details of the user, the date/Time on which the user logged on EFT Server; other details such as local port, socket result ID, protocol, password, physical folder name, virtual folder name, and so on are also displayed. To view this report, you must specify the IP address in the Enter Report Parameters dialog box that opens when you click Show Report. Click here for an example of the report.
Troubleshooting - Operation Errors - This report displays protocol error codes and corresponding commands, sorted in reverse chronological order. The report includes the date and time the error occurred, remote IP address, protocol used, username, command, filename, virtual folder, and result (e.g., transfer completed). Click here for an example of the report.
Troubleshooting - Event Rules Failures - This report displays failures related to the Event Rules. The report includes the following fields:
(Refer to Winsock Error Codes for a list of Socket ID error codes.)