Your browser does not allow storing cookies. We recommend enabling them.


Generating Reports from File Transfer Logs

To generate file transfer reports, go to Reports → File transfer reports. Here you can create new reports, or use predefined search models. The following figure shows the predefined report model that produces a report on all failed file transfer operations from the past 24 hours.

Generating file transfer reports

Figure 12.1. Generating file transfer reports

In Time period fields, the administrator can define the start and end time for the reporting period.

Search conditions allow the administrator to define in detail what information should be included in or excluded from the report.

The search conditions for file transfer log data

Figure 12.2. The search conditions for file transfer log data

  • In the Condition type field, define whether the selected name, IP address or operation type should be included in the searched log entry. The options are equals, excludes, and contains.

  • In the Subject field, define the searched string that should be included in or excluded from the log entries. Select which information is relevant, and enter the searched name to the field User, Server name, Server hostgroup, Client name or Filename.

  • Alternatively, you can enter one or more client IP addresses as the criteria in the Client IP field.

  • Alternatively, you can select a searched Operation class (succeeded or failed) or the actual Operation from the drop-down list.

The search conditions are combined together using the following logic:

  • Conditions that compare the same field with the equals or contains operators are grouped together into an OR relationship.

  • Conditions that compare the same field with the excludes operator are grouped together into an AND relationship.

  • Groups of different conditions are then combined into the final clause with AND relationships.

For example, the following list of conditions will be grouped so that the resulting report will show all file and directory remove operations on all other servers belonging to group SFTP Servers, except for servers and The order of the conditions in the administration interface is not significant.

Example search conditions

Figure 12.3. Example search conditions

In the Reports → File transfer reports view, the Summary selections options can be used to choose what data will be included in the summary report and how the data will be arranged (by user, by server or by client).

There are three Report types:

  • Individual operations showing all data of the file operations for the selected search criteria. This report shows the operation data on the Management Server in realtime.

  • Hourly summaries show the file transfer operations per user, server or client, or a combination of the criteria.

  • Top activity list shows the highest activity levels by the type of file operations (all transfers, uploads or downloads; all operations, successful or failed operations).

The Hourly summaries and the Top activity list operate on summary data that is generated hourly as a batch job. The summary for the hour is generated during the next hour, so for example, the summary for 14:00-15:00 is not guaranteed to be available until after 16:00.

Clicking the Run report will generate the report and output it on the screen.

By default, the reports are shown on the screen, but you can also choose to download them. The top activity reports can be downloaded as a data.tsf file. The file can be opened in a spreadsheet program of your choice for creating graphs. You can also view the report output in text format on the screen.

You can Save the search conditions that you have defined for a report. They can be saved as your own report templates, or as public ones available also to other Tectia Manager operators.

When deleting File transfer logs, the hourly summary data are not deleted along with the individual operations, so it will still be available for producing reports in summary form, even after the operations themselves have been purged. For instructions on deleting logs, see Deleting or Downloading Logs.

Examples of File Transfer Reports

Example 12.1. Report on Failed Operations in Last 24 Hours

This example shows a report that can be generated using the predefined report model named Failed ops in last 24 hours. The report can be used to track and solve failed operations, as it shows all details of the cases.

Failed operations in last 24 hours

Figure 12.4. Failed operations in last 24 hours

The report is displayed on the screen by default, and the operator can sort the reported information as necessary by clicking the column headings. It is also possible to download and save the report into a file, to send it to a spreadsheet for post-processing, or to view the report in text format in your web browser.

Example 12.2. Hourly Summary

The following example shows an Hourly summary of file operations statistics over the past week. We want to see all file transfer information sorted by server and by client.

The report shows the amount of file transfers in both directions (the up bytes and the down bytes) and the number of both successful and failed file operations, for example, denied file accesses. The information is presented for each hour of the reporting interval. The peak hours can be seen clearly in the resulting report so that the new file transfers can be rescheduled accordingly.

Hourly summary report

Figure 12.5. Hourly summary report

The report can be exported to a spreadsheet in CSV format, or downloaded or viewed as text.

Example 12.3. Top Activity List

In case you want to follow how the file transfer trends develop, for example to plan the network usage accordingly, you can generate a Top activity list. This report type helps in finding the heaviest users, and the busiest servers and clients where the highest numbers of file transfers are performed.

In this example, the administrator generates a report on the top activity servers involved in file transfers during the previous day. The previous day is defined by leaving the ending exactly at un-checked. When the following search conditions are defined:

Search criteria for a top activity report

Figure 12.6. Search criteria for a top activity report

An example of the resulting report is as follows:

Example of a top activity list

Figure 12.7. Example of a top activity list




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now