SSH

Auditing and Monitoring Secure File Transfers

Tectia Manager can be configured to gather all data on SFTP file transfers performed by managed Tectia Server or OpenSSH servers, and on file operations that are logged by Tectia MFT Events. Tectia MFT Events is a separate product designed for managed file transfers and automated command events.

Tectia Manager provides statistics and predefined file transfer reports for analyzing the performance of the secure file transfers. The advanced diagnostics speed up daily operations and processes, and reduce the costs of monitoring and troubleshooting the file transfer environment.

Tectia Manager shows the gathered log data as two separate report sets:

MFT Events Reports

Report data are collected from Tectia MFT Events logs and the reports show a detailed view of all managed file transfer events created on and performed by Tectia MFT Events.

The information can be searched based on the event status, period or host. The reports show the transferred files and their sizes.

Secure File Transfer Reports

These reports are composed of the logged SFTP operations collected from the SFTP servers. The reports help in tracking file transfers, troubleshooting failed file transfers, and in detecting unauthorised file operations.

Tectia Manager offers customizable search filters that make it easy to view different aspects of the information stored in the database. Administrators can easily create and save their own file transfer report templates by saving the search conditions as private or as public reports. Saved report templates can also be scheduled to run automatically.

Generating file transfer reports

Figure 2.7. Generating file transfer reports

The following predefined report types are available:

  • Individual operations can be viewed in a detailed list that shows all logged information on the file operations. The administrators can search the data per user, client, server, remote IP or network, or by file name or file operation. For example, a search can retrieve data on how many megabytes of files were transferred yesterday, when the peak hour was, and if there were any unauthorized file access attempts.

  • Tectia Manager helps in detecting and tracking failed and possibly unauthorized actitivies though reports which give details about who accessed or transferred which file and when.

  • Hourly summaries present the file transfer volumes per hour for the selected report period. The hourly report helps in analyzing the usage trends and in planning the timing of the file transfers.

  • Top activity lists present the high-volume servers and users. The lists help in analyzing the network usage and planning the network arrangements.

[Note]Note

When a monitored Tectia MFT Events performs file transfers with a managed SSH Server, Tectia Manager will get the logs of the events from both sides and the data will be available in both the MFT Reports, and in the File Transfer Reports.