When the Auditing and Reporting module is activated, you can configure a Server Event Rule to generate a report, then e-mail it or save it to a file. If you add the Generate Report Action to a Rule, you must also tell EFT Server what to do with the report (save it or e-mail it or both). When a report is generated by the Generate Report Action, a temporary, enumerated copy of the report is created and stored locally in EFT Server installation folder. The temporary copy is deleted once the Event Rule context is out of scope.
To facilitate compliance with PCI DSS (Multifaceted security standard that includes requirements for security
management, policies, procedures, network architecture, software design,
and other critical protective measures.)
requirement 10.6, EFT Server automatically generates a report of
PCI/High Security-related configuration and functions. The report is converted
to HTML and then e-mailed or saved to a file specified by EFT Server administrator.
|
Example of a Report Event:
To create an Event Rule with the Generate Report Action
Follow the procedure in Creating Event Rules to create a new rule, or select the rule to which you want to add the Action.
In the Actions list,
double-click Generate Report,
or click it, then click Add Action.
The Report Action dialog box appears.
In the Run the following report box, click the down arrow to select a report from the Reports directory. (Custom reports also appear in the list.)
Click Custom range to specify a custom date range in the From and To boxes or click Report date range and click the drop-down list to specify one of the following options:
Include all dates starting from your earliest transaction, and ending with your latest transaction. If the selected dates include future transactions (e.g., if the ending date for the report is today's date), the future transactions will not appear in the report.
Month to date; Quarter to date; Year to date. Starting from the first day of this month, quarter, or year, and ending today. (Quarters begin January 1, April 1, July 1, and October 1.)
Current week; Current month (default); Current quarter; Current year. Starting from the first day of this week, month, quarter, or year, and ending with the last day of this week, month, quarter, or year. (Quarters begin January 1, April 1, July 1, and October 1.)
Last week; Last month; Last quarter; Last year. Starting from the first day of last week, month, quarter, or year, and ending with the last day of last week, month, quarter, or year. (Quarters begin January 1, April 1, July 1, and October 1.)
Last 30 days. Starting from 30 days ago, and ending with today's date.
Last 12 months. Starting 12 months ago from today’s date, and ending with today's date. For example, if today is July 2, 2007 and this date range is selected, the report would run from July 2, 2006 through July 2, 2007.
In the Report output format area, specify the format of the report output: HTML, PDF, or VP (report file).
In the Advanced Options area, specify parameters (separated by semicolons) for the report, which are evaluated from left to right. You can specify Event Rule variables. For example, if the report definition chosen in the Run the following report box requires two parameters for filename and username (in that order in the report definition), then the Optional parameters box can be populated with *.txt;myname to specify a filename parameter of *.txt and a username parameter of myname.
In the Report Filters area, specify filters with AND or OR.
To run the report in real time to verify that the Action was configured correctly, click Run and display report now (test).
Next, you should create an e-mail
Action and include the %FS.REPORT_CONTENT% variable or create a Copy/Move Action and use
the %FS.REPORT_FILE% variable to place a copy of the report on a shared
drive after the report has been generated.
The variable %FS.REPORT_CONTENT% can be added to e-mail notifications.
When %FS.REPORT_CONTENT% is added to the body of e-mail notifications,
the content is displayed inline in the e-mail in HTML format, regardless
of the format chosen in the Report Action
dialog box.
The variable %FS.REPORT_FILE% can be used in copy/move, PGP, and custom command actions that are executed synchronously (i.e., custom commands that have a failure event defined), but should not be used for Actions that are executed asynchronously (e.g., custom commands that do not have a failure event defined). Instead, use %FS.REPORT_CONTENT% for e-mail notifications, because this variable represents a copy of the contents of the file rather than a link to the file, which is only good so long as the file exists. For a complete list of EFT Server variables, see Variables. Do not use %FS.REPORT_FILE% in e-mail notifications. |