Scripting lesson: using scripting and session info Server! version: 4.0.13+

This articles shows how to use scripting, event-handling and session information from within Server! For the sake of this example we will only log such information in the log file, but in real-life production scenarios you can use these info as you wish (for example you may want to send them via email to someone, or even make decisions based upon them).

Let’s start by preparing the script that – as we said – will log some info in your Server!’s log file:

We save the above script with the following name/description: “Log several client and connection info”.

Then we add an event-handler to trigger the execution of the script. Since the script contain references to file-transfer-related variables (VirtualObjectName and ObjectName) it seems obvious to trigger its execution upon occurrence of a file-transfer-related event. For the sake of this example we have chosen the AfterFileUpload event, which occurs every time a file is successfully uploaded by a client onto the server. Continue reading

PCI and HIPAA compliant administrative logs Server! version: 4.0.0+

Another requirement found in the latest versions of both PCI-DSS and HIPAA regulations is the necessity to keep an “untamperable” log of all configuration operations performed by any administrator.

Digitally signing every single log line is not enough, as the disloyal employee could simply delete some log lines entirely. Therefore each line should have a numeric incremental ID (to make it easier to spot “holes”) and each line’s digital signature should “roll over” and be calculated including the previous line’s digital signature in the signed data. This way an administrator cannot delete one (or several) log lines without being spotted.

Furthermore, to make log analysis even easier, each log line is not actually just a “line of plain text”, rather it’s a JSON object that can be easily queried. Here below you can see a typical “log line” showing a call to a configuration REST API and the relative response and signature:


Clarification: W3C log file format and UTC timestamps Server! version: 1.0.0+

Every once in a while we receive a support request from some customer asking us how to “fix” the timestamp in the log files, because it’s few hours ahead/behind.

The thing is that such timestamp is not ahead nor behind: it’s always in UTC (Coordinated Universal Time), and that is not our arbitrary choice; in fact, the W3C Extended Log File Format official working document clearly states that the timestamp must refer to the GMT time zone without daylight savings bias, which is – indeed – called UTC for brevity.

For such reason, all existing log analysis software products are designed to take that into account and adapt the generated reports to the current time zone of the machine that runs the analysis.

Continue reading

Maintenance release: Server! v3.1.1.41

We have just released a maintenance version of Server! This new version fixes a tiny glitch that prevented the software from saving the log files in the correct folder under certain operating system locale configurations.

If your log files are saved in the right place, you don’t need this update.

As usual, you can download the latest version from our web site. Server! v3 features W3C Log Files

Our development team is in the final stages of wrapping up the Log Server for the upcoming new major version of Server! (v3).

In the past two days we have been conducting a series of tests, and these are the very first images that we can make available. Here below you can see the free edition of SmarterStats (the famous log analyzer by SmarterTools) producing a report based upon the analysis of our new Server! v3 log files, which are in W3C standard format.

sstats1 Continue reading