The Auditing and Reporting module comes with a number of preconfigured reports that allow you to start analyzing data right away. The report templates are .xml files and are installed in C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\EFT Server Enterprise\Reports or \EFT Server\Reports. If you plan to edit the default templates, it is a good idea to save a backup of them first.
The preconfigured reports fall into the following categories:
Billing: ARM allows EFT Server administrators to more effectively bill their clients. Many of our EFT Server customers bill their customers for file transfer services and need to supply accurate reports to their customers and for their own invoicing purposes. These customers want to query and produce reports based on multiple criteria such as a specific client, a group of clients or all clients, a particular date range, and a specific file or all files transferred for that user.
Non-repudiation: Many EFT Server customers need to audit transactions throughout their life cycle and need to determine whether a particular event occurred and when it occurred. This would include searching for all activity for a specific user for a specific date or to locate a transaction within a date range for auditing purposes. Customers must be able to show conclusively whether something happened, when it happened, and who was responsible for making it happen.
Statistics: The need to gather statistical data that would allow the customer to take preventive measures (such as scale to meet increasing demand), to establish trends, create general usage reports for stakeholders, and to query and analyze trends and server usage (peak usage times, most active customers, etc.).
Technical troubleshooting: Granular auditing of all socket, protocol, authentication, and transaction information allows the administrator to quickly locate and solve problem scenarios.
The preconfigured reports described below are provided with the Auditing and Reporting module. You can run the reports as is or edit them to suit your specific needs.
EFT Server activities:
Activity - All Groups (Detailed) - This report displays the various actions performed by all the groups, such as Administrator, All users, and Guests, and it displays Date/Time, Remote IP address, protocol, action, filename, folder, bytes transferred, and the result.
Activity - All Users (Summary) - This report displays the transfer activity (total number of uploads and downloads) for all users who logged on to EFT Server during the date range specified, grouped by username, subgrouped by date, sorted by username, then transfer direction, and date, in ascending order.
Activity - All Users (Detailed) - This report displays all folder and file create and delete activity for all users who logged on to EFT Server during a particular period, grouped by username, and sorted in reverse chronological order. The report includes the time stamp, remote IP address of the user, protocol action, file name, folder, KB transferred, and the result.
Activity - By File - This report displays all the activities related to a specified file, based on wildcard masks, grouped by Site name, subgrouped by matching filename, sorted in chronological order. The report displays the time stamp, user name, remote IP address, and protocol. To generate this report, you have to specify the report parameters, such as .txt to view only txt files or *.* to view all files.
Activity - By Group (Detailed) - This report displays the folder and file create and delete activity during a specified period for a specific group, grouped by group name, and sorted by date in reverse chronological order. The report displays the remote IP address, protocol action, time stamp, file name, folder, bytes transferred, and result. When you click Show Report, the Report Parameters dialog box appears asking for the group name.
Activity - By User (Detailed) - This report displays the folder and file create and delete activity during a specified period for a specific user, grouped by username, and sorted by date in reverse chronological order. When you click Show Report, the Report Parameters dialog box appears asking for the name of the user.
Activity - By User (Detailed) - Group by Username/Action - This report displays the folder and file create and delete activity during a specified period for specific users, grouped by username, subgrouped by action, and sorted by date in reverse chronological order. That is, the report displays all files created under the Created Action and all files that are sent are displayed under the Sent Action. When you click Show Report, the Report Parameters dialog box appears asking for the name of the user.
Activity - By User (Summary) - This report displays the transfer activity for specifics users, grouped by username, subgrouped by date, sorted by username, transfer direction, and date, in descending order.
Admin Actions - This report displays all EFT Server administrator activity for the specified range. Columns displayed in the report and available report filters include Date/Time (Timestamp), Function (e.g., User Account, Site, Database Refresh, SMTP Settings), Action (e.g., Created, Enabled, Disconnected, Modified, Started), Affected Area (e.g., User Account, Site, Server, Administration), Affected Name (username), ChangeOriginator (administrator username), SiteName (e.g., MySite).
Web Service - Invoke Event Rules (Detailed) - This report is used to view detailed activity for invoking event rules through Web Service, grouped by username, and sorted by date in reverse chronological order.
Security - DoS - Hammering Report - This report displays socket connections that did not have a corresponding authentication attempt.
Security - Failed Logins - This report displays the number of users who could not connect to EFT Server. It displays the user name, remote IP address, protocol used, date, time, remote IP address, port number, and result.
Secure Ad Hoc Transfer (SAT) Module-related reports:
Activity-SAT by File (Detailed) - This report displays all Secure Ad Hoc Transfer module activity for a specified file name, and sorted by date in reverse chronological order.
Activity-SAT By Recipient (Detailed) - This report displays all Secure Ad Hoc Transfer module activity for a specified recipient's e-mail address, and sorted by date in reverse chronological order. When you click Show Report, the Enter Report Parameters dialog box appears. Provide the entire e-mail address.
Activity-SAT by Sender (Detailed) - This report displays all Secure Ad Hoc Transfer module activity for a specified sender's e-mail address, and sorted by date in reverse chronological order. When you click Show Report, the Enter Report Parameters dialog box appears. Provide the entire e-mail address.
Activity-SAT (Detailed) - This report displays activity for Secure Ad Hoc Transfer module activity, sorted by date in reverse chronological order.
Activity-SAT (Summary) - This report displays all Secure Ad Hoc Transfer module activity, grouped by username, and sorted by date in reverse chronological order.
AS2-Related reports:
AS2 Transactions Detailed - A verbose AS2 file transfer report that provides the information necessary for troubleshooting problem transactions.
AS2 Transactions Overview - A transaction report that displays the same information as shown on the AS2 Transactions node. The report queries all AS2 transactions for the dates specified, grouped by site, sorted by date, and listed in reverse chronological order.
Event Rules - Actions (Summary) - This report summarizes all event rules with their corresponding actions, grouped by Site name, subgrouped by the user-defined event name, sorted by the unique event ID (not shown in report) in descending order.
Event Rules - Activity (Detailed) - This report displays the event rule activity by user-defined event name, grouped by Site name, subgrouped by the event type, sorted by date in reverse chronological order.
Event Rules - Activity (Summary) - This report summarizes the event rule activity by user-defined event name, grouped by Site name, sub-grouped by the event type, sorted by date in reverse chronological order.
Event Rules - Inbound-Outbound By Date - This report details all offload and download actions, grouped by Site subgrouped by action, sorted by date in reverse chronological order.
Event Rules - Inbound-Outbound By User - This report details all offload and download actions, grouped by Site name, then by remote host IP address, then by username, sorted in reverse chronological order.
Executive Summary Report - This report summarizes the following information for the period specified:
Average transfer speed
Total number of downloads, uploads
Total bytes transferred (inbound/outbound)
Top 5 users (by # of connections)
Top 5 users (by bytes transferred)
Most concurrent users at any given time
Traffic reports:
Traffic - Average Transfer Rates by User - This report displays the average transfer rate for specific users, grouped by username, subgrouped by date, sorted by username, transfer direction, and date, in descending order.
Traffic - Connections Summary - This report details connections to EFT Server (IP address or user connections) and bytes transferred by date, grouped by Site name, sorted by date in reverse chronological order.
Traffic - Datewise-Hourly Bytes Transferred - This report details the connections and bytes transferred sorted by date and hour, in chronological order.
Traffic - Datewise-IPwise bytes transferred - This report displays the connections established by remote IP addresses and total bytes transferred.
Traffic - IPwise Connections (Summary) - This report displays the connections established by remote IP addresses and total bytes transferred.
Traffic - Monthwise-IP-wise Bytes transferred - This report displays the connections established by various remote IP addresses on a monthly basis. It displays the Site name, month name, remote IP address, connections, and total bytes transferred.
Traffic - Most Active IPs - Connections - This report displays the most active IP addresses; that is, the IP addresses of the users who frequently log on to EFT Server. It displays the data transferred, Site name, remote IP address, and bytes transferred. This report can be used to determine Denial of Service (DoS) attacks against EFT Server.
Traffic - Most Active IPs - Data Transferred - This report displays the IP addresses of users who log on to EFT Server frequently; the number of connections established by various users. It displays the information on the total bytes transferred, number of connections, remote IP address, and Site name.
Traffic - Most Active Users - Connections - This report displays the connections established by the most active users.
Traffic - Most Active Users - Data Transferred - This report displays the usernames of users who log on to EFT Server frequently; the number of connections established by various users, and number of bytes transferred.
Traffic - Protocolwise Connections (Summary) - This report displays the connections established by various users and the protocol used by the users to transfer the data, that is, whether the users have used FTP protocol, HTTP, or any other protocol to upload or download the files. To view the report, you must enter the name of the protocol in the Enter Report Parameters dialog box that opens when you click Show Report.
Traffic - Sitewise-Hourly by User - This report displays the total number of connection established by various users on a particular Site on hourly basis.
Troubleshooting reports:
Troubleshooting - Connection Errors - This report displays the number of connection errors occurred while connecting to a site, the date and time of the error, remote IP address, local port number, password, type of error, and so on.
Troubleshooting - IP Address Activity (Detailed) - This report displays the details of the user, the date/Time on which the user logged on EFT Server; other details such as local port, socket result ID, protocol, password, physical folder name, virtual folder name, and so on are also displayed. To view this report, you must specify the IP address in the Enter Report Parameters dialog box that opens when you click Show Report.
Troubleshooting - Operation Errors - This report displays protocol error codes and corresponding commands, sorted in reverse chronological order. The report includes the date and time the error occurred, remote IP address, protocol used, username, command, filename, virtual folder, and result (e.g., transfer completed).
Troubleshooting - Event Rules Failures - This report displays failures related to the Event Rules.