Create an Audit Log of File Transfers
You can use audit logging to maintain a record of file transfer activity.
-
To audit Transfer Site activity, set up audit logging on the Reflection Secure Shell Proxy.
-
To audit Job actions that transfer files, you can use a Reflection for Secure IT Server as the SFTP server and set up audit logging on that server.
Both Reflection for Secure IT Server for Windows (one server is included with Reflection for Secure IT Gateway) and Reflection for Secure IT Server for UNIX (available separately) support audit logging. Use the procedure below to configure audit logging on a Reflection for Secure IT Server for Windows. On a Reflection for Secure IT Server for UNIX, use the AuditLog keyword to enable audit logging. See the Reflection for Secure IT Server for UNIX User Guide for details.
Note
Auditing on these servers is not enabled by default.
The audit file is a comma-delimited text file with the following data for each transfer:
User ID
Client IP address
Action (upload or download)
Server filename
Start time
End time
Server file modification time
Server file size
Bytes transferred
Result (success or failure)
Reason
Server file hash (optional, the SHA-1 hash of the file contents)
To enable file transfer auditing
Use this procedure to enable audit logging on the Reflection Secure Shell Proxy or the Reflection for Secure IT Server for Windows.
-
Log in as an administrator to the Windows system on which you want to enable auditing. Use the Windows Start menu to launch the Reflection console:
-
To set up Transfer Site auditing, start the Reflection Secure Shell Proxy.
-
To set up auditing on a Reflection for Secure IT Server for Windows that is being used in Job actions, start the Reflection for Secure IT Server.
-
-
Go to Configuration > Logging > Audit Logging.
-
Select Enable file transfer auditing.
-
Save your settings (File > Save Settings).
When audit logging is enabled, a new log is created each day in the
specified Audit log directory. Audit logs use this name format:
RSSHD-Audit-YYYYMMDD.log
, where YYYYMMDD indicates the date.
To view the audit log quickly from the console, use the audit log file toolbar button: