0% found this document useful (0 votes)

456 views

GlobalSCAPE Logs

The document provides an overview of different types of logs generated by EFT, including incoming logs in various formats (W3C extended, IIS, NCSA), CL.log, Ted6 logs, PGP log, and EFT.log. The incoming logs record FTP/SFTP/HTTPS activity and are the primary logs for auditing file transfers and commands. Details like file names, sizes, times, commands and response codes are captured depending on the specific log format.

Uploaded by

Mallikarjuna Kallagunta

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

456 views

GlobalSCAPE Logs

Uploaded by

Mallikarjuna Kallagunta

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 32

GlobalSCAPE-Logs.

docx

EFT Logging
This document provides a general overview of logging available in EFT.
Incoming Log (3 forms: ex.log, in.log, or nc.log) .................................................................................................. 1
W3C Extended (default and preferred logging format—ex.log) ................................................................... 2
Microsoft IIS (in.log) ......................................................................................................................................... 3
NCSA Common Log (nc.log) .......................................................................................................................... 5
CL.log ....................................................................................................................................................................... 7
Ted6 logs ................................................................................................................................................................. 9
PGP log ................................................................................................................................................................. 10
EFT.log ................................................................................................................................................................... 17

Incoming Log (3 forms: ex.log, in.log, or nc.log)

• Location: C:\ProgramData\Globalscape\EFT Server Enterprise\Logs\ (default) this can be configured on the
EFT Server > Logs tab.

• Log Formats: W3C Extended (default), Microsoft IIS, and NCSA common.

• Logging Levels: Standard (default) or Verbose

• Log rotation: Never, Daily (default), Weekly, or Monthly.

• Encoding: UTF-8 encoding (default) allows non-ASCII characters to be written to log.

• For HA environments, it is NOT recommended to use a shared path. Each HA node should be writing its own
log file or access issues will occur (missing information).

1
GlobalSCAPE-Logs.docx

W3C Extended (default and preferred logging format—ex.log)

• Naming: u_exYYMMDD.log

• Time Format: 24hr, GMT/UTC time

• What it logs: Inbound file transfer activity initiated through clients connecting to EFT via FTP/S, SFTP,
HTTP/S.

• Log format: Date, Time, Client Port (PORT command), Username, Session ID, request/command, command
parameter, Server response code, bytes transferred, Server IP (PASV command), server port#

• Activity logged:

o Standard: USER (Username), PASS (Password), Created (Client Upload Complete), Sent (file
downloaded), ABOR (Abort File Transfer) Dele (delete file), RNFO (Rename From), RNTO
(Rename To), MKD (Make Directory, RMD (Remove Directory)

• Example Output:
2016-12-01 03:12:05 127.0.0.1 - - [1]user a - 331 - - - 21
2016-12-01 03:12:05 127.0.0.1 - a [1]pass ****** - 230 - - - 21
2016-12-01 03:12:16 127.0.0.1 - a [1]sent 1.TXT - 226 - - - 21
2016-12-01 03:12:38 127.0.0.1 - a [1]created 22.TXT - 226 - - - 21
2016-12-01 03:12:45 127.0.0.1 - a [1]dele 2.TXT - 250 - - - 21
2016-12-01 03:12:58 127.0.0.1 - a [1]rnfr /1111.txt - 350 - - - 21
2016-12-01 03:12:58 127.0.0.1 - a [1]rnto /2222.txt - 250 - - - 21
2016-12-01 03:13:19 127.0.0.1 - a [1]mkd NewFolder - 257 - - - 21
2016-12-01 03:13:29 127.0.0.1 - a [1]rnfr /NewFolder - 350 - - - 21
2016-12-01 03:13:29 127.0.0.1 - a [1]rnto /RenamedFolder - 250 - - - 21
2016-12-01 03:15:11 127.0.0.1 - a [1]rmd RenamedFolder - 250 - - - 21

• Verbose:
USER (Username), PASS (Password), HELP, ALLO, APPE, REST (Resume Transfer), Stor
(begin client upload), Created (Client Upload Complete), Sent (file downloaded)
MDTM (return last modified date/time), MFMT (Modify Fact: modify date/timestamp),
Download, ABOR (Abort File Transfer), Dele (delete file), Rename From, Rename To,
MKD (Make Directory, RMD (Remove Directory), List, NLST (abbreviated List), PWD
(Print Working Directory), CWD (Change Working Directory), CLNT (Client), SYST
(System Type), FEAT (Features), OPTS (Options), Size, Type I (Binary data
transfer), Type A (ASCII data transfer), PASV (no ip/port), PORT ip/port, EPSV
(extended Passive), EPRT (Extended Port), Mode Z (compression) , Mode S (Stream),
Quit, NOOP (No Operation)

• Example Output:
2016-12-01 03:12:05 127.0.0.1 - - [1]user a - 331 - - - 21
2016-12-01 03:12:05 127.0.0.1 - a [1]pass ****** - 230 - - - 21
2016-12-01 03:12:05 127.0.0.1 - a [1]syst - - 215 - - - 21
2016-12-01 03:12:05 127.0.0.1 - a [1]feat - - 211 - - - 21
2016-12-01 03:12:05 127.0.0.1 - a [1]lang - - 200 - - - 21
2016-12-01 03:12:05 127.0.0.1 - a [1]clnt CuteFTP - 200 - - - 21
2016-12-01 03:12:05 127.0.0.1 - a [1]opts UTF8+on - 200 - - - 21
2016-12-01 03:12:05 127.0.0.1 - a [1]help - - 214 - - - 21
2016-12-01 03:12:05 127.0.0.1 - a [1]noop - - 200 - - - 21
2016-12-01 03:12:16 127.0.0.1 - a [1]retr 1.TXT - 150 - - - 21
2016-12-01 03:12:16 127.0.0.1 - a [1]sent 1.TXT - 226 - - - 21
2016-12-01 03:12:38 127.0.0.1 - a [1]size 22.TXT - 550 - - - 21
2016-12-01 03:12:38 127.0.0.1 - a [1]stor 22.TXT - 150 - - - 21
2016-12-01 03:12:38 127.0.0.1 - a [1]created 22.TXT - 226 - - - 21
2016-12-01 03:12:38 127.0.0.1 - a [1]mfmt 20161128221417.732+22.TXT - 213 - - - 21

2
GlobalSCAPE-Logs.docx

2016-12-01 03:12:45 127.0.0.1 - a [1]dele 2.TXT - 250 - - - 21

2016-12-01 03:12:58 127.0.0.1 - a [1]rnfr /1111.txt - 350 - - - 21
2016-12-01 03:12:58 127.0.0.1 - a [1]rnto /2222.txt - 250 - - - 21
2016-12-01 03:13:19 127.0.0.1 - a [1]mkd NewFolder - 257 - - - 21
2016-12-01 03:13:19 127.0.0.1 - a [1]cwd /NewFolder - 250 - - - 21
2016-12-01 03:13:29 127.0.0.1 - a [1]rnfr /NewFolder - 350 - - - 21
2016-12-01 03:13:29 127.0.0.1 - a [1]rnto /RenamedFolder - 250 - - - 21
2016-12-01 03:15:11 127.0.0.1 - a [1]rmd RenamedFolder - 250 - - - 21
2016-12-01 03:15:23 127.0.0.1 - a [1]stat - - 211 - - - 21
2016-12-01 03:15:33 127.0.0.1 - a [1]mdtm 1.txt - 213 - - - 21
2016-12-01 03:15:49 127.0.0.1 - a [1]nlst / - 150 - - - 21
2016-12-01 03:15:49 127.0.0.1 - a [1]list / - 226 45 - - 21
2016-12-01 03:16:08 127.0.0.1 - a [1]pwd - - 257 - - - 21
2016-12-01 03:16:38 127.0.0.1 - a [1]type I - 200 - - - 21
2016-12-01 03:16:47 127.0.0.1 - a [1]type a - 200 - - - 21
2016-12-01 03:16:55 127.0.0.1 - a [1]pasv - - 227 - - 127.0.0.1 20394
2016-12-01 03:17:03 127.0.0.1 - a [1]epsv - - 229 - - 127.0.0.1 63749
2016-12-01 03:17:13 127.0.0.1 - a [1]abor - - 226 - - - 21
2016-12-01 03:17:13 127.0.0.1 - a [1]none - - 552 - - - 21
2016-12-01 03:17:21 127.0.0.1 - a [1]allo 1 - 200 - - - 21
2016-12-01 03:17:29 127.0.0.1 - a [1]rest 0 - 350 - - - 21
2016-12-01 03:17:37 127.0.0.1 - a [1]mode z - 200 - - - 21
2016-12-01 03:17:43 127.0.0.1 - a [1]mode s - 200 - - - 21
2016-12-01 03:18:29 127.0.0.1 - a [1]type I - 200 - - - 21
2016-12-01 03:18:37 127.0.0.1 - a [1]type A - 200 - - - 21
2016-12-01 03:18:37 127.0.0.1 49893 a [1]port 127,0,0,1,194,229 - 200 - - - 21
2016-12-01 03:18:43 127.0.0.1 49868 a [1]eprt |1|127.0.0.1|49868| - 200 - - - 21
2016-12-01 03:18:53 127.0.0.1 - a [1]quit - - - - - - -

Microsoft IIS (in.log)

• Naming: u_inYYMMDD.log

• Time Format: 24hr, local server time

• What it logs: Inbound file transfer activity initiated through clients connecting to EFT via FTP/S, SFTP,
HTTP/S.

• Log format: Remote IP, User Name, Date, Time, Internal server identifier, Local Server name, Local Server IP,
Byte Size (in), Status code, Session ID, Command/activity, parameter

• Activity logged:

o Standard: USER (Username), PASS (Password), Created (Client Upload Complete), Sent (file
downloaded), ABOR (Abort File Transfer) Dele (delete file), Rename From, Rename To, MKD (Make
Directory, RMD (Remove Directory)

• Example Output:
172.31.4.64, -, 11/28/16, 12:49:08, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
331, 0, [152]user, a, -,
172.31.4.64, a, 11/28/16, 12:49:08, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
230, 0, [152]pass, ******, -,
172.31.4.64, a, 11/28/16, 12:49:40, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
257, 0, [152]mkd, NewDirectory, -,
172.31.4.64, a, 11/28/16, 12:49:46, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
350, 0, [152]rnfr, /NewDirectory, -,
172.31.4.64, a, 11/28/16, 12:49:46, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
250, 0, [152]rnto, /RenamedDirectory, -,
172.31.4.64, a, 11/28/16, 12:49:50, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
250, 0, [152]rmd, RenamedDirectory, -,

3
GlobalSCAPE-Logs.docx

172.31.4.64, a, 11/28/16, 12:49:55, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,

226, 0, [153]sent, 1.TXT, -,
172.31.4.64, a, 11/28/16, 12:50:01, MSFTPSVC1, GS0110, 192.168.102.22, 0, 133, 0,
226, 0, [152]created, 2222222222.txt, -,
172.31.4.64, a, 11/28/16, 12:50:09, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
350, 0, [152]rnfr, /asdasd/2222222222.txt, -,
172.31.4.64, a, 11/28/16, 12:50:09, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
250, 0, [152]rnto, /asdasd/11111.txt, -,
172.31.4.64, a, 11/28/16, 12:50:16, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
250, 0, [152]dele, 11111.txt, -,

• Example Output:
172.31.4.64, -, 11/28/16, 13:19:59, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
331, 0, [1]user, a, -,
172.31.4.64, a, 11/28/16, 13:19:59, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
230, 0, [1]pass, ******, -,
172.31.4.64, a, 11/28/16, 13:19:59, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
215, 0, [1]syst, -, -,
172.31.4.64, a, 11/28/16, 13:19:59, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
211, 0, [1]feat, -, -,
172.31.4.64, a, 11/28/16, 13:19:59, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
200, 0, [1]lang, -, -,
172.31.4.64, a, 11/28/16, 13:19:59, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
200, 0, [1]clnt, CuteFTP, -,
172.31.4.64, a, 11/28/16, 13:19:59, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
200, 0, [1]opts, UTF8 on, -,
172.31.4.64, a, 11/28/16, 13:19:59, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
214, 0, [1]help, -, -,
172.31.4.64, a, 11/28/16, 13:19:59, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
200, 0, [1]noop, -, -,
172.31.4.64, a, 11/28/16, 13:20:20, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
550, 0, [1]size, 1.TXT, -,
172.31.4.64, a, 11/28/16, 13:20:20, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
150, 0, [1]stor, 1.TXT, -,
172.31.4.64, a, 11/28/16, 13:20:20, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
226, 0, [1]created, 1.TXT, -,
172.31.4.64, a, 11/28/16, 13:20:20, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
213, 0, [1]mfmt, 2016112818533.772 1.TXT, -,
172.31.4.64, a, 11/28/16, 13:20:26, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
350, 0, [1]rnfr, /1.TXT, -,
172.31.4.64, a, 11/28/16, 13:20:26, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
250, 0, [1]rnto, /2.TXT, -,
172.31.4.64, a, 11/28/16, 13:20:30, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
150, 0, [1]retr, 2.TXT, -,
172.31.4.64, a, 11/28/16, 13:20:30, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
226, 0, [1]sent, 2.TXT, -,
172.31.4.64, a, 11/28/16, 13:20:37, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
250, 0, [1]dele, 2.TXT, -,
172.31.4.64, a, 11/28/16, 13:20:44, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
257, 0, [1]mkd, NewFolder, -,

4
GlobalSCAPE-Logs.docx

172.31.4.64, a, 11/28/16, 13:20:44, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,

250, 0, [1]cwd, /NewFolder, -,
172.31.4.64, a, 11/28/16, 13:20:52, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
350, 0, [1]rnfr, /NewFolder, -,
172.31.4.64, a, 11/28/16, 13:20:53, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
250, 0, [1]rnto, /RenamedFolder, -,
172.31.4.64, a, 11/28/16, 13:20:55, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
150, 0, [1]list, /RenamedFolder, -,
172.31.4.64, a, 11/28/16, 13:20:55, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
226, 0, [1]list, /RenamedFolder, -,
172.31.4.64, a, 11/28/16, 13:20:55, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
250, 0, [1]rmd, RenamedFolder, -,
172.31.4.64, a, 11/28/16, 13:21:44, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
213, 0, [1]mdtm, 222222.txt, -,
172.31.4.64, a, 11/28/16, 13:22:51, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
150, 0, [1]nlst, /, -,
172.31.4.64, a, 11/28/16, 13:23:18, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
200, 0, [1]type, I, -,
172.31.4.64, a, 11/28/16, 13:23:24, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
200, 0, [1]type, A, -,
172.31.4.64, a, 11/28/16, 13:23:34, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
226, 0, [1]abor, -, -,
172.31.4.64, a, 11/28/16, 13:24:23, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
200, 0, [1]allo, 1, -,
172.31.4.64, a, 11/28/16, 13:24:30, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
350, 0, [1]rest, 0, -,
172.31.4.64, a, 11/28/16, 13:24:58, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
200, 0, [1]mode, s, -,
172.31.4.64, a, 11/28/16, 13:25:00, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
200, 0, [1]mode, Z, -,
172.31.4.64, a, 11/28/16, 13:25:05, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
227, 0, [1]pasv, -, -,
172.31.4.64, a, 11/28/16, 13:25:07, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
229, 0, [2]epsv, -, -,
172.31.4.64, a, 11/28/16, 13:25:35, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
200, 0, [1]port, 172,31,4,64,194,5, -,
172.31.4.64, a, 11/28/16, 13:25:56, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,
200, 0, [1]eprt, |1|172.31.4.64|49671|, -,
172.31.4.64, a, 11/28/16, 13:26:05, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0, -,
0, [1]quit, -, -,

NCSA Common Log (nc.log)

• Naming: u_ncYYMMDD.log

• Time Format: 24hr, local server time

• What it logs: Inbound file transfer activity initiated through clients connecting to EFT via FTP/S, SFTP,
HTTP/S.

• Log format: Client IP, Username, Date dd/month/yyyy : local server time -+ GMT offset, Command,
Parameter, response code, byte size transferred

• Activity logged:

5
GlobalSCAPE-Logs.docx

• Example Output:
172.31.4.64 - -, [28/Nov/2016:16:09:19 -0600] "user a" 331 0,
172.31.4.64 - a [28/Nov/2016:16:09:19 -0600] "pass ******" 230 0,
172.31.4.64 - a [28/Nov/2016:16:09:19 -0600] "syst -, 215 0,
172.31.4.64 - a [28/Nov/2016:16:09:19 -0600] "pwd -, 257 0,
172.31.4.64 - a [28/Nov/2016:16:09:19 -0600] "feat -, 211 0,
172.31.4.64 - a [28/Nov/2016:16:09:19 -0600] "lang -, 200 0,
172.31.4.64 - a [28/Nov/2016:16:09:19 -0600] "help -, 214 0,
172.31.4.64 - a [28/Nov/2016:16:09:19 -0600] "noop -, 200 0,
172.31.4.64 - a [28/Nov/2016:16:09:19 -0600] "clnt CuteFTP" 200 0,
172.31.4.64 - a [28/Nov/2016:16:09:19 -0600] "opts UTF8 on" 200 0,
172.31.4.64 - a [28/Nov/2016:16:09:44 -0600] "retr 222222.txt" 150 0,
172.31.4.64 - a [28/Nov/2016:16:09:44 -0600] "sent 222222.txt" 226 133,
172.31.4.64 - a [28/Nov/2016:16:09:54 -0600] "size 1111.txt" 550 0,
172.31.4.64 - a [28/Nov/2016:16:09:54 -0600] "stor 1111.txt" 150 0,
172.31.4.64 - a [28/Nov/2016:16:09:54 -0600] "created 1111.txt" 226 133,
172.31.4.64 - a [28/Nov/2016:16:09:54 -0600] "mfmt 20160519201400 1111.txt" 213 0,
172.31.4.64 - a [28/Nov/2016:16:10:10 -0600] "rnfr /222222.txt" 350 0,
172.31.4.64 - a [28/Nov/2016:16:10:10 -0600] "rnto /3333.txt" 250 0,
172.31.4.64 - a [28/Nov/2016:16:10:16 -0600] "mkd NewFolder" 257 0,
172.31.4.64 - a [28/Nov/2016:16:10:16 -0600] "cwd /NewFolder" 250 0,
172.31.4.64 - a [28/Nov/2016:16:10:30 -0600] "cwd /" 250 0,
172.31.4.64 - a [28/Nov/2016:16:10:30 -0600] "rnfr /NewFolder" 350 0,
172.31.4.64 - a [28/Nov/2016:16:10:31 -0600] "rnto /RenamedFolder" 250 0,
172.31.4.64 - a [28/Nov/2016:16:10:34 -0600] "list /RenamedFolder" 150 0,
172.31.4.64 - a [28/Nov/2016:16:10:34 -0600] "list /RenamedFolder" 226 0,
172.31.4.64 - a [28/Nov/2016:16:10:34 -0600] "rmd RenamedFolder" 250 0,
172.31.4.64 - a [28/Nov/2016:16:11:21 -0600] "mode s" 200 0,
172.31.4.64 - a [28/Nov/2016:16:11:29 -0600] "mode z" 200 0,
172.31.4.64 - a [28/Nov/2016:16:11:34 -0600] "rest 0" 350 0,
172.31.4.64 - a [28/Nov/2016:16:11:41 -0600] "allo 1" 200 0,
172.31.4.64 - a [28/Nov/2016:16:11:48 -0600] "pwd -, 257 0,
172.31.4.64 - a [28/Nov/2016:16:11:53 -0600] "type a" 200 0,
172.31.4.64 - a [28/Nov/2016:16:11:59 -0600] "type I" 200 0,
172.31.4.64 - a [28/Nov/2016:16:12:05 -0600] "nlst /" 150 0,
172.31.4.64 - a [28/Nov/2016:16:12:21 -0600] "pasv -, 227 0,
172.31.4.64 - a [28/Nov/2016:16:13:11 -0600] "epsv -, 229 0,
172.31.4.64 - a [28/Nov/2016:16:13:18 -0600] "abor -, 226 0,

6
GlobalSCAPE-Logs.docx

172.31.4.64 - a [28/Nov/2016:16:14:02 -0600] "port 172,31,4,64,230,200" 200 0,

172.31.4.64 - a [28/Nov/2016:16:14:17 -0600] "eprt |1|172.31.4.64|59081|" 200 0,
172.31.4.64 - a [28/Nov/2016:16:14:26 -0600] "quit -, -, 0,
CL.log
• Location: C:\ProgramData\Globalscape\EFT Server Enterprise\Logs\ (default) this can be configured in EFT
on the Server > Logs tab.

• Naming: clYYMMDD.log

• Time Format: 24hr, local server time

• What it logs: Outbound file transfer activity initiated through event rules; COPY/MOVE and Download
events using FTP/S, SFTP, HTTP/S, and LAN.

• Logging format: Date, Time, Protocol, Remote Address, Port#, Username, Local path, Remote path, action,
status code.

o Status codes will be different depending on the response from the remote server and depending on
what protocol is being used. Sample log entries can be seen below (sftp, ftp/s, http/s)

• Bad Address (unrouteable/unresolvable)

2016-10-08 09:29:13; sftp; localhost34534534; 22; a; C\temp\2filesNotRenamed.jpg;
/2filesNotRenamed.jpg; download; 122;
2016-10-08 09:29:16; ftp; localhost343545; 21; a; C:\temp2\numberRenamed.txt;
/numberRenamed.txt; download; 122;
2016-10-08 09:29:16; https; localhost34534534; 443; a; C:\Temp3\ExlogSegment.log;
/ExlogSegment.log; download; 122;

• Bad Address (resolvable)

2016-10-08 09:31:33; sftp; www.youtube.com; 22; a; C\temp\2filesNotRenamed.jpg;
/2filesNotRenamed.jpg; download; 2000;
2016-10-08 09:31:39; ftp; www.youtube.com; 21; a; C:\temp2\numberRenamed.txt;
/numberRenamed.txt; download; 2000;
2016-10-08 09:31:39; https; www.youtube.com; 443; a; C:\Temp3\ExlogSegment.log;
/ExlogSegment.log; download; 404;

• IP Banned:
2016-10-08 09:37:03; sftp; localhost; 22; a; C\temp\2filesNotRenamed.jpg;
/2filesNotRenamed.jpg; download; -1;
2016-10-08 09:37:04; ftp; localhost; 21; a; C:\temp2\numberRenamed.txt;
/numberRenamed.txt; download; 10054;
2016-10-08 09:37:04; https; localhost; 443; a; C:\Temp3\ExlogSegment.log;
/ExlogSegment.log; download; 122;

• Connecting with wrong protocol:

2016-10-08 09:39:49; sftp; localhost; 21; a; C\temp\2filesNotRenamed.jpg;
/2filesNotRenamed.jpg; download; -1;
2016-10-08 09:39:52; ftp; localhost; 80; a; C:\temp2\numberRenamed.txt;
/numberRenamed.txt; download; 10061;
2016-10-08 09:39:52; https; localhost; 22; a; C:\Temp3\ExlogSegment.log;
/ExlogSegment.log; download; 122;

• Bad Username:
2016-10-08 09:35:38; sftp; localhost; 22; h; C\temp\2filesNotRenamed.jpg;
/2filesNotRenamed.jpg; download; -1;

7
GlobalSCAPE-Logs.docx

2016-10-08 09:35:39; ftp; localhost; 21; h; C:\temp2\numberRenamed.txt;

/numberRenamed.txt; download; 530;
2016-10-08 09:35:39; https; localhost; 443; h; C:\Temp3\ExlogSegment.log;
/ExlogSegment.log; download; 122;

• Bad Password:
2016-10-08 09:37:42; sftp; localhost; 22; a; C\temp\2filesNotRenamed.jpg;
/2filesNotRenamed.jpg; download; -1;
2016-10-08 09:37:43; ftp; localhost; 21; a; C:\temp2\numberRenamed.txt;
/numberRenamed.txt; download; 530;
2016-10-08 09:37:43; https; localhost; 443; a; C:\Temp3\ExlogSegment.log;
/ExlogSegment.log; download; 552;

• List + Download a file (wildcard used):

2016-10-08 08:57:39; sftp; localhost; 22; a; C\temp\*.*; /; list; 0;
2016-10-08 08:57:39; sftp; localhost; 22; a; C\temp\2filesNotRenamed.jpg;
/2filesNotRenamed.jpg; download; 0;

2016-10-08 08:58:42; ftp; localhost; 21; a; C:\temp2\.; /; list; 226;

2016-10-08 08:58:43; ftp; localhost; 21; a; C:\temp2\2filesNotRenamed.jpg;
/2filesNotRenamed.jpg; download; 226;

2016-10-08 08:59:17; https; localhost; 443; a; C:\Temp3\.; /; list; 0;

2016-10-08 08:59:17; https; localhost; 443; a; C:\Temp3\2filesNotRenamed.jpg;
/2filesNotRenamed.jpg; download; 0;

• Download non-existent File:

2016-10-08 09:03:33; sftp; localhost; 22; a; C\temp\badfile.txt; /badfile.txt;
download; 0;
2016-10-08 09:03:33; ftp; localhost; 21; a; C:\temp2\badfile.txt; /badfile.txt;
download; 501;
2016-10-08 09:03:34; https; localhost; 443; a; C:\Temp3\badfile.txt; /badfile.txt;
download; 404;

• Download + Delete from Source:

2016-10-08 09:06:13; sftp; localhost; 22; a; C\temp\2filesNotRenamed.jpg;
/2filesNotRenamed.jpg; download; 0;
2016-10-08 09:06:13; ftp; localhost; 21; a; C:\temp2\numberRenamed.txt;
/numberRenamed.txt; download; 250;
2016-10-08 09:06:14; https; localhost; 443; a; C:\Temp3\ExlogSegment.log;
/ExlogSegment.log; download; 0;

• Upload:
2016-10-08 09:12:16; ftp; localhost; 21; a; C:\temp\ADcantPullfromDomain.jpg;
/ADcantPullfromDomain.jpg; upload; 226;
2016-10-08 09:12:16; sftp; localhost; 22; a; C:\temp\ConnectedUserStats.vbs.txt;
/ConnectedUserStats.vbs.txt; upload; 0;
2016-10-08 09:12:17; https; localhost; 443; a;
C:\temp\UserHomeFolderandQuota.vbs.txt; /UserHomeFolderandQuota.vbs.txt; upload;
201;

• Upload and Remote Server terminated half way through/lost connection:

2016-10-08 09:52:30; ftp; 192.168.102.36; 21; test; C:\temp2\FTPTransfer.zip;
/FTPTransfer.zip; upload; 500;
2016-10-08 09:52:33; sftp; 192.168.102.36; 22; test; C:\temp2\SFTPTransfer.zip;
/SFTPTransfer.zip; upload; -1;
2016-10-08 09:52:36; https; 192.168.102.36; 443; test; C:\temp2\HTTPSTransfer.zip;
/HTTPSTransfer.zip; upload; 10061;

8
GlobalSCAPE-Logs.docx

• Upload + Overwrite + MFMT:

2016-10-08 09:14:04; ftp; localhost; 21; a; C:\temp\ADcantPullfromDomain.jpg;
/ADcantPullfromDomain.jpg; upload; 213;
2016-10-08 09:14:04; sftp; localhost; 22; a; C:\temp\ConnectedUserStats.vbs.txt;
/ConnectedUserStats.vbs.txt; upload; 0;
2016-10-08 09:14:05; https; localhost; 443; a;
C:\temp\UserHomeFolderandQuota.vbs.txt; /UserHomeFolderandQuota.vbs.txt; upload;
201;

• Upload, Failed Permission:

2016-10-08 09:16:17; ftp; localhost; 21; a; C:\temp\ADcantPullfromDomain.jpg;
/ADcantPullfromDomain.jpg; upload; 213;
2016-10-08 09:16:17; sftp; localhost; 22; a; C:\temp\ConnectedUserStats.vbs.txt;
/ConnectedUserStats.vbs.txt; upload; 2;
2016-10-08 09:16:17; https; localhost; 443; a;
C:\temp\UserHomeFolderandQuota.vbs.txt; /UserHomeFolderandQuota.vbs.txt; upload;
403;

• Upload to non-existent folder (no permissions to create):

2016-10-08 09:18:31; ftp; localhost; 21; a; C:\temp\ADcantPullfromDomain.jpg;
/ftp/ADcantPullfromDomain.jpg; upload; 550;
2016-10-08 09:18:31; sftp; localhost; 22; a; C:\temp\ConnectedUserStats.vbs.txt;
/SFTP/ConnectedUserStats.vbs.txt; upload; 2;
2016-10-08 09:18:32; https; localhost; 443; a;
C:\temp\UserHomeFolderandQuota.vbs.txt; /HTTPS/UserHomeFolderandQuota.vbs.txt;
upload; 403;
Ted6 logs
• Location: By default the logs are created in the default Logs folder: C:\ProgramData\Globalscape\EFT
Server Enterprise\Logs\

• Naming: [YY.MM.DD_HH.mm]-#_u.log

• Time Format: Local client time

• What it logs: Client connection information (event rules and outbound transfers), client commands/requests,
remote server responses, status messages.

• In version 7.2.9 and later, the default location is C:\ProgramData\Globalscape\EFT Server Enterprise\Logs\
and can be configured on EFT on the Server > Logs tab.

• In versions prior to 7.2, to change the location of this log and/or to configure various aspects, you must modify
the registry keys located in the following directory:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Globalscape\TED 6\Settings\LogWindow

9
GlobalSCAPE-Logs.docx

• The key in red controls the location. The keys in green are supplemental or control whether logs are retained.
Further information on the options available can be found here:
https://kb.globalscape.com/KnowledgebaseArticle10492.aspx

PGP log
• Location: C:\ProgramData\Globalscape\EFT Server Enterprise\ (default)

• Naming PGPlog.txt (default), PGPlog_MM_DD_YYYY.txt (default – If dynamic file name enabled)

• Log Levels: Level 1 (Standard Logging) and Level 2 (Verbose Logging)

• Log Rotation: “Dynamic log file name” option allows the log file to rollover on daily basis.

• The location, name, rotation setting, and logging levels are configured from within EFT administration
interface. They can be found in Site > Security > OpenPGP security configuration.

10
GlobalSCAPE-Logs.docx

• Time Format 24hr, local time

• What it logs: YYYY/MM/DD HH:mm:ss (24hr local time) <processID> Status

• Level 1 (Standard Logging):

o Encrypt:
2016/11/3 17:30:59 <17744> Starting to read data from "C:\temp\ADcantPull.jpg"
2016/11/3 17:30:59 <17744> Starting to write data to "C:\temp\ADcantPull.jpg.pgp"
2016/11/3 17:30:59 <17744> Starting PGP message encoding
2016/11/3 17:30:59 <17744> Automatically selected encryption algorithm: "TripleDES"
2016/11/3 17:30:59 <17744> Automatically selected compression method: "ZIP"
2016/11/3 17:30:59 <17744> Starting to encrypt, encryption algorithm is TripleDES
2016/11/3 17:30:59 <17744> Starting to compress, compression algorithm is ZIP
2016/11/3 17:30:59 <17744> Starting to write PGPLiteralDataPacket
2016/11/3 17:30:59 <17744> Finished writing PGPLiteralDataPacket
2016/11/3 17:30:59 <17744> Finished compressing data
2016/11/3 17:30:59 <17744> Finished encrypting data
2016/11/3 17:30:59 <17744> Finished PGP message encoding
2016/11/3 17:30:59 <17744> Finished reading data from file "C:\temp\ADcantPull.jpg"
2016/11/3 17:30:59 <17744> Finished writing data to file
"C:\temp\ADcantPull.jpg.pgp"

o Encrypt+Sign:
2016/11/3 17:53:57 <20092> Starting to read data from "C:\temp\TestImage.jpg"
2016/11/3 17:53:57 <20092> Starting to write data to "C:\temp\TestImage.jpg.pgp"
2016/11/3 17:53:57 <20092> Starting PGP message encoding
2016/11/3 17:53:57 <20092> Automatically selected signature hash algorithm:
"SHA512"
2016/11/3 17:53:57 <20092> Automatically selected encryption algorithm: "TripleDES"
2016/11/3 17:53:57 <20092> Automatically selected compression method: "ZIP"
2016/11/3 17:53:57 <20092> Starting to encrypt, encryption algorithm is TripleDES
2016/11/3 17:53:57 <20092> Starting to compress, compression algorithm is ZIP
2016/11/3 17:53:57 <20092> Starting one pass signature, signing algorithm is SHA512

11
GlobalSCAPE-Logs.docx

2016/11/3 17:53:57 <20092> Starting to write PGPLiteralDataPacket

2016/11/3 17:53:57 <20092> Finished writing PGPLiteralDataPacket
2016/11/3 17:53:57 <20092> Starting signing, signing algorithm is SHA512
2016/11/3 17:53:57 <20092> Finished signing
2016/11/3 17:53:57 <20092> Finished compressing data
2016/11/3 17:53:57 <20092> Finished encrypting data
2016/11/3 17:53:57 <20092> Finished PGP message encoding
2016/11/3 17:53:57 <20092> Finished reading data from file "C:\temp\TestImage.jpg"
2016/11/3 17:53:57 <20092> Finished writing data to file
"C:\temp\TestImage.jpg.pgp"

o Decrypt:
2016/11/3 18:8:49 <17556> Starting to read data from
"C:\temp\ADcantPullfromDomain.jpg.pgp"
2016/11/3 18:8:49 <17556> Starting to write data to "C:\temp\ADcantPull.jpg"
2016/11/3 18:8:49 <17556> Starting PGP message decoding
2016/11/3 18:8:49 <17556> Starting to read packets
2016/11/3 18:8:49 <17556> Found encrypted packet
2016/11/3 18:8:49 <17556> Symmetric algorithm is: TripleDES
2016/11/3 18:8:49 <17556> Found compressed packet
2016/11/3 18:8:49 <17556> Starting to decompress message
2016/11/3 18:8:49 <17556> Found literal packet
2016/11/3 18:8:49 <17556> Starting to output message
2016/11/3 18:8:49 <17556> Finished outputting message
2016/11/3 18:8:49 <17556> Finished decompressing message
2016/11/3 18:8:49 <17556> Finished reading packets
2016/11/3 18:8:49 <17556> Finished PGP message decoding
2016/11/3 18:8:49 <17556> Finished reading data from file
"C:\temp\ADcantPulln.jpg.pgp"
2016/11/3 18:8:49 <17556> Finished writing data to file "C:\temp\ADcantPull.jpg"

o Decrypt+Verify:
2016/11/3 18:6:21 <22892> Starting to read data from "C:\temp\TestImage.jpg.pgp"
2016/11/3 18:6:21 <22892> Starting to write data to "C:\temp\TestImage.jpg"
2016/11/3 18:6:21 <22892> Starting PGP message decoding
2016/11/3 18:6:21 <22892> Starting to read packets
2016/11/3 18:6:21 <22892> Found encrypted packet
2016/11/3 18:6:21 <22892> Symmetric algorithm is: TripleDES
2016/11/3 18:6:21 <22892> Found compressed packet
2016/11/3 18:6:21 <22892> Starting to decompress message
2016/11/3 18:6:21 <22892> Found signed packet
2016/11/3 18:6:21 <22892> Found One-pass signature, starting to compute hash
2016/11/3 18:6:21 <22892> Starting to output message
2016/11/3 18:6:21 <22892> Finished outputting message
2016/11/3 18:6:21 <22892> Starting to verify message
2016/11/3 18:6:21 <22892> Finished verifying message
2016/11/3 18:6:21 <22892> Finished decompressing message
2016/11/3 18:6:21 <22892> Finished reading packets
2016/11/3 18:6:21 <22892> Finished PGP message decoding
2016/11/3 18:6:21 <22892> Finished reading data from file
"C:\temp\TestImage.jpg.pgp"
2016/11/3 18:6:21 <22892> Finished writing data to file "C:\temp\TestImage.jpg"

o Failed Decrypt (Wrong Key)

2016/11/30 21:1:48 <3256> Starting to read data from
"C:\Users\xxxxxxxx\Documents\New folder\wrongkey.txt.pgp"
2016/11/30 21:1:48 <3256> Starting to write data to
"C:\Users\xxxxxxxx\Documents\New folder\wrongkey.txt"
2016/11/30 21:1:48 <3256> Starting PGP message decoding
2016/11/30 21:1:48 <3256> Starting to read packets
2016/11/30 21:1:48 <3256> Found encrypted packet

12
GlobalSCAPE-Logs.docx

2016/11/30 21:1:48 <3256> Symmetric algorithm is: Plaintext

2016/11/30 21:1:48 <3256> Error[130]: The required decryption key was not
specified.
2016/11/30 21:1:48 <3256> Finished reading data from file
"C:\Users\xxxxxxxx\Documents\New folder\wrongkey.txt.pgp"
2016/11/30 21:1:48 <3256> Finished writing data to file
"C:\Users\xxxxxxxx\Documents\New folder\wrongkey.txt"

o Self Decrypting Archive (SDA):

2016/11/3 18:10:39 <15436> Starting to create SDA
2016/11/3 18:10:39 <15436> Archive file name is "C:\EFT-Downloaded.log.exe"
2016/11/3 18:10:39 <15436> Source directory is ""
2016/11/3 18:10:39 <15436> Source file is "C:\EFT-Downloaded.log"
2016/11/3 18:10:39 <15436> Writing Extractor to file "C:\EFT-Downloaded.log.exe"
2016/11/3 18:10:39 <15436> Updating resource of Extractor
2016/11/3 18:10:39 <15436> Resource is updated
2016/11/3 18:10:39 <15436> Starting to process source files
2016/11/3 18:10:39 <15436> Finished source files processing
2016/11/3 18:10:39 <15436> The SDA is created

• Level 2 (Verbose Logging)

o Encrypt:
2016/11/30 20:38:25 <21040> Starting to read data from
"C:\Users\xxxxxxxx\Documents\New folder\Test1.txt"
2016/11/30 20:38:25 <21040> Starting to write data to
"C:\Users\xxxxxxxx\Documents\New folder\Test1.txt.pgp"
2016/11/30 20:38:25 <21040> Starting PGP message encoding
2016/11/30 20:38:25 <21040> Automatically selected encryption algorithm:
"TripleDES"
2016/11/30 20:38:25 <21040> Starting to encrypt, encryption algorithm is TripleDES
2016/11/30 20:38:25 <21040> packet tag: 1, Public-Key Encrypted Session Key
Packet, len: 526
2016/11/30 20:38:25 <21040> Starting to compress, compression algorithm is zlib
2016/11/30 20:38:25 <21040> packet tag: 8, Compressed Data Packet, len: 1
2016/11/30 20:38:25 <21040> Starting to write PGPLiteralDataPacket
2016/11/30 20:38:25 <21040> packet tag: 11, Literal Data Packet, len:
15
2016/11/30 20:38:25 <21040> Finished writing PGPLiteralDataPacket
2016/11/30 20:38:25 <21040> Finished compressing data
2016/11/30 20:38:25 <21040> Finished encrypting data
2016/11/30 20:38:25 <21040> Finished PGP message encoding
2016/11/30 20:38:25 <21040> Finished reading data from file
"C:\Users\xxxxxxxx\Documents\New folder\Test1.txt"
2016/11/30 20:38:25 <21040> Finished writing data to file
"C:\Users\xxxxxxxx\Documents\New folder\Test1.txt.pgp"

o Encrypt+Sign:
2016/11/30 20:38:12 <17940> Starting to read data from
"C:\Users\xxxxxxxx\Documents\New folder\Test2.txt"
2016/11/30 20:38:12 <17940> Starting to write data to
"C:\Users\xxxxxxxx\Documents\New folder\Test2.txt.pgp"
2016/11/30 20:38:12 <17940> Starting PGP message encoding
2016/11/30 20:38:12 <17940> Automatically selected signature hash algorithm:
"SHA512"
2016/11/30 20:38:12 <17940> Automatically selected encryption algorithm:
"TripleDES"
2016/11/30 20:38:12 <17940> Starting to encrypt, encryption algorithm is TripleDES
2016/11/30 20:38:12 <17940> packet tag: 1, Public-Key Encrypted Session Key
Packet, len: 526
2016/11/30 20:38:12 <17940> Starting to compress, compression algorithm is zlib
2016/11/30 20:38:12 <17940> packet tag: 8, Compressed Data Packet, len: 1

13
GlobalSCAPE-Logs.docx

2016/11/30 20:38:12 <17940> Starting one pass signature, signing algorithm is

SHA512
2016/11/30 20:38:12 <17940> packet tag: 4, One-Pass Signature Packet, len:
13
2016/11/30 20:38:12 <17940> Starting to write PGPLiteralDataPacket
2016/11/30 20:38:12 <17940> packet tag: 11, Literal Data Packet, len:
15
2016/11/30 20:38:12 <17940> Finished writing PGPLiteralDataPacket
2016/11/30 20:38:12 <17940> Starting signing, signing algorithm is SHA512
2016/11/30 20:38:12 <17940> Trying passphrase for key(xxxxxxxx
<[email protected]>, id=D636F96A)
2016/11/30 20:38:12 <17940> packet tag: 2, Signature Packet, len: 86
2016/11/30 20:38:12 <17940> Finished signing
2016/11/30 20:38:12 <17940> Finished compressing data
2016/11/30 20:38:12 <17940> Finished encrypting data
2016/11/30 20:38:12 <17940> Finished PGP message encoding
2016/11/30 20:38:12 <17940> Finished reading data from file
"C:\Users\xxxxxxxx\Documents\New folder\Test2.txt"
2016/11/30 20:38:12 <17940> Finished writing data to file
"C:\Users\xxxxxxxx\Documents\New folder\Test2.txt.pgp"

o Decrypt:
2016/11/30 20:41:33 <10796> Starting to read data from
"C:\Users\xxxxxxxx\Documents\New folder\Test1.txt.pgp"
2016/11/30 20:41:33 <10796> Starting to write data to
"C:\Users\xxxxxxxx\Documents\New folder\Test1.txt"
2016/11/30 20:41:33 <10796> Starting PGP message decoding
2016/11/30 20:41:33 <10796> Starting to read packets
2016/11/30 20:41:33 <10796> Reading next packet
2016/11/30 20:41:33 <10796> packet tag: 1, Public-Key Encrypted Session Key
Packet, len: 526
2016/11/30 20:41:33 <10796> Found encrypted packet
2016/11/30 20:41:33 <10796> Found recipient info. Key id is "A334C7C89CE1D588",
public key algorithm is "ElGamal"
2016/11/30 20:41:33 <10796> Reading next packet
2016/11/30 20:41:33 <10796> packet tag: 18, Symmetrically Encrypted Integrity
Protected Data Packet, len: 1
2016/11/30 20:41:33 <10796> Trying passphrase for key(xxxxxxxx
<[email protected]>, id=D636F96A)
2016/11/30 20:41:33 <10796> Symmetric algorithm is: TripleDES
2016/11/30 20:41:33 <10796> Decrypted packets:
2016/11/30 20:41:33 <10796> Reading next packet
2016/11/30 20:41:33 <10796> packet tag: 8, Compressed Data Packet, len: 1
2016/11/30 20:41:33 <10796> Found compressed packet
2016/11/30 20:41:33 <10796> Starting to decompress message
2016/11/30 20:41:33 <10796> Reading next packet
2016/11/30 20:41:33 <10796> packet tag: 11, Literal Data Packet, len:
15
2016/11/30 20:41:33 <10796> Found literal packet
2016/11/30 20:41:33 <10796> Starting to output message
2016/11/30 20:41:33 <10796> Finished outputting message
2016/11/30 20:41:33 <10796> Reading next packet
2016/11/30 20:41:33 <10796> No more packets
2016/11/30 20:41:33 <10796> Finished decompressing message
2016/11/30 20:41:33 <10796> Reading next packet
2016/11/30 20:41:33 <10796> No more packets
2016/11/30 20:41:33 <10796> Reading next packet
2016/11/30 20:41:33 <10796> No more packets
2016/11/30 20:41:33 <10796> Finished reading packets
2016/11/30 20:41:33 <10796> Finished PGP message decoding
2016/11/30 20:41:33 <10796> Finished reading data from file
"C:\Users\xxxxxxxx\Documents\New folder\Test1.txt.pgp"

14
GlobalSCAPE-Logs.docx

2016/11/30 20:41:33 <10796> Finished writing data to file

"C:\Users\xxxxxxxx\Documents\New folder\Test1.txt"

o Decrypt+Verify:
2016/11/30 20:42:14 <14792> Starting to read data from
"C:\Users\xxxxxxxx\Documents\New folder\Test2.txt.pgp"
2016/11/30 20:42:14 <14792> Starting to write data to
"C:\Users\xxxxxxxx\Documents\New folder\Test2.txt"
2016/11/30 20:42:14 <14792> Starting PGP message decoding
2016/11/30 20:42:14 <14792> Starting to read packets
2016/11/30 20:42:14 <14792> Reading next packet
2016/11/30 20:42:14 <14792> packet tag: 1, Public-Key Encrypted Session Key
Packet, len: 526
2016/11/30 20:42:14 <14792> Found encrypted packet
2016/11/30 20:42:14 <14792> Found recipient info. Key id is "A334C7C89CE1D588",
public key algorithm is "ElGamal"
2016/11/30 20:42:14 <14792> Reading next packet
2016/11/30 20:42:14 <14792> packet tag: 18, Symmetrically Encrypted Integrity
Protected Data Packet, len: 1
2016/11/30 20:42:14 <14792> Trying passphrase for key(xxxxxxxx
<[email protected]>, id=D636F96A)
2016/11/30 20:42:14 <14792> Symmetric algorithm is: TripleDES
2016/11/30 20:42:14 <14792> Decrypted packets:
2016/11/30 20:42:14 <14792> Reading next packet
2016/11/30 20:42:14 <14792> packet tag: 8, Compressed Data Packet, len: 1
2016/11/30 20:42:14 <14792> Found compressed packet
2016/11/30 20:42:14 <14792> Starting to decompress message
2016/11/30 20:42:14 <14792> Reading next packet
2016/11/30 20:42:14 <14792> packet tag: 4, One-Pass Signature Packet, len:
13
2016/11/30 20:42:14 <14792> Found one-pass signature packet
2016/11/30 20:42:14 <14792> Found One-pass signature, starting to compute hash
2016/11/30 20:42:14 <14792> Reading next packet
2016/11/30 20:42:14 <14792> packet tag: 11, Literal Data Packet, len:
15
2016/11/30 20:42:14 <14792> Found literal packet
2016/11/30 20:42:14 <14792> Starting to output message
2016/11/30 20:42:14 <14792> Finished outputting message
2016/11/30 20:42:14 <14792> Reading next packet
2016/11/30 20:42:14 <14792> packet tag: 2, Signature Packet, len: 86
2016/11/30 20:42:14 <14792> Starting to verify message
2016/11/30 20:42:14 <14792> Found signature info. Key id is "A6DA4A59D636F96A",
signing algorithm is "SHA512", public key algorithm is "DSA"
2016/11/30 20:42:14 <14792> The signature of key(id=A6DA4A59D636F96A) verification
succeeded
2016/11/30 20:42:14 <14792> Finished verifying message
2016/11/30 20:42:14 <14792> Reading next packet
2016/11/30 20:42:14 <14792> No more packets
2016/11/30 20:42:14 <14792> Finished decompressing message
2016/11/30 20:42:14 <14792> Reading next packet
2016/11/30 20:42:14 <14792> No more packets
2016/11/30 20:42:14 <14792> Reading next packet
2016/11/30 20:42:14 <14792> No more packets
2016/11/30 20:42:14 <14792> Finished reading packets
2016/11/30 20:42:14 <14792> Finished PGP message decoding
2016/11/30 20:42:14 <14792> Finished reading data from file
"C:\Users\xxxxxxxx\Documents\New folder\Test2.txt.pgp"
2016/11/30 20:42:14 <14792> Finished writing data to file
"C:\Users\xxxxxxxx\Documents\New folder\Test2.txt"

15
GlobalSCAPE-Logs.docx

o Failed Decrypt (Wrong Key)

2016/11/30 20:52:47 <4020> Starting to read data from
"C:\Users\xxxxxxxx\Documents\New folder\wrongkey.txt.pgp"
2016/11/30 20:52:47 <4020> Starting to write data to
"C:\Users\xxxxxxxx\Documents\New folder\wrongkey.txt"
2016/11/30 20:52:47 <4020> Starting PGP message decoding
2016/11/30 20:52:47 <4020> Starting to read packets
2016/11/30 20:52:47 <4020> Reading next packet
2016/11/30 20:52:47 <4020> packet tag: 1, Public-Key Encrypted Session Key
Packet, len: 526
2016/11/30 20:52:47 <4020> Found encrypted packet
2016/11/30 20:52:47 <4020> Found recipient info. Key id is "3BD93748E53865D3",
public key algorithm is "ElGamal"
2016/11/30 20:52:47 <4020> Reading next packet
2016/11/30 20:52:47 <4020> packet tag: 18, Symmetrically Encrypted Integrity
Protected Data Packet, len: 1
2016/11/30 20:52:47 <4020> Symmetric algorithm is: Plaintext
2016/11/30 20:52:47 <4020> Error[130]: The required decryption key was not
specified.
2016/11/30 20:52:47 <4020> Finished reading data from file
"C:\Users\xxxxxxxx\Documents\New folder\wrongkey.txt.pgp"
2016/11/30 20:52:47 <4020> Finished writing data to file
"C:\Users\xxxxxxxx\Documents\New folder\wrongkey.txt"

o Self-Decrypting Archive (SDA):

2016/11/30 20:45:42 <21232> Starting to create SDA
2016/11/30 20:45:42 <21232> Archive file name is "C:\Users\xxxxxxxx\Documents\New
folder\Test3.txt.exe"
2016/11/30 20:45:42 <21232> Source directory is ""
2016/11/30 20:45:42 <21232> Source file is "C:\Users\xxxxxxxx\Documents\New
folder\Test3.txt"
2016/11/30 20:45:42 <21232> Reading Extractor from resource
2016/11/30 20:45:42 <21232> Extractor is written
2016/11/30 20:45:42 <21232> Updating resource of Extractor
2016/11/30 20:45:42 <21232> Banner is ""
2016/11/30 20:45:42 <21232> Caption is "IP*Works! OpenPGP Self Extractor -
www.nsoftware.com"
2016/11/30 20:45:42 <21232> Target directory is ""
2016/11/30 20:45:42 <21232> File to execute is "."
2016/11/30 20:45:42 <21232> Complete message is "Extraction Complete."
2016/11/30 20:45:42 <21232> Not using installation mode
2016/11/30 20:45:42 <21232> Resource is updated
2016/11/30 20:45:42 <21232> Starting to process source files
2016/11/30 20:45:42 <21232> Finished source files processing
2016/11/30 20:45:42 <21232> The SDA is created

16
GlobalSCAPE-Logs.docx

EFT.log
• Location: C:\ProgramData\Globalscape\EFT Server Enterprise (Default)

• Naming: EFT.log, EFT.log.1, EFT.log.2…EFT.log.5 (Default)

• Size: 20MB (Default)

• Time Format: MM-DD-YY 24HH:MM:SS,MS Local Time

• Controlling/modifying: Logging is controlled by the logging.cfg file.

• To increase/decrease logging or configure logging aspects, modify and save the logging.cfg file to commit
changes.

• Takes effect immediately. No service or site restart required.

• You may encounter “access denied” when saving. Either open notepad as admin or save to alternate location
(desktop) and copy/paste back into folder.

• There are 7 log levels for each item: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, and OFF

• rootLogger controls the overall default log level for all logging items

o log4cplus.rootLogger=WARN, RootFileAppender

• Individual loggers can be enabled and increased in verbosity as needed. Some loggers contain sub appenders to
log specific aspects. Enabling DEBUG/TRACE logging for the main logger will also enable all of the sub
appenders associated with it. Example: Events=TRACE will also enable Events.FolderMonitor to TRACE.
Specifying Events.FolderMonitor=TRACE separately would effectively cause Events.FolderMonitor to be
logged at TRACE level twice since Events.FolderMonitor=TRACE is already contained within Events=TRACE.

• Primary EFT log location is controlled via the following line:

o log4cplus.appender.RootFileAppender.File=${AppDataPath}\EFT.log

• The AppDataPath is an item found in the registry:

• Max Size of the file can be controlled by the following line

o log4cplus.appender.RootFileAppender.MaxFileSize=20MB

• The number of log files created via the rollover process is controlled by the following line:

o log4cplus.appender.RootFileAppender.MaxBackupIndex=5

17
GlobalSCAPE-Logs.docx

Logging Items and Examples:

• Administrator Logs General Administrator info

o Creating a new admin account:

INFO Administrator <> - Create Admin Account "NewAdmin": Success

o Login:
DEBUG Administrator <> - Logged out: "asdf": IP: 127.0.0.1
DEBUG Administrator <> - Login Successful: "test": IP: 127.0.0.1
TRACE Administrator <> - "test": [Permissions]: aManageCOM aManageReporting
aManageEventRules (MySite)

o Administrator.Permissions Displays changes to the permissions on user folders in VFS.

INFO Administrator.Permissions <> - Permissions changed by Admin "xxxxxxxx": Path:
"/Usr/a/", new permissions: 0x3F001F

o AdminSupport
DEBUG AdminSupport <> - Saving FTP.CFG...

o AdvancedProperties Logs registry overrides or settings in place.

DEBUG level shows whether or not a value was detected.
INFO shows what value is going to be used.
DEBUG AdvancedProperties <> - No value in: HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE
Inc.\EFT Server 7.1\SFTPOutQueueBytesLimit, using default: 1048576
INFO AdvancedProperties <> - HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT
Server 7.1\SFTPOutQueueBytesLimit=1048576

• ARM

o Starting the database:

INFO Common <> - ARM enabled by asdf from IP 127.0.0.1
DEBUG ARM <> - connection string set to
[provider=SQLNCLI10;server=192.168.102.145;database=EFTDB;UID=sa;Pwd=********;]
DEBUG ARM <> - Test connection succeeded
DEBUG ARM <> - Validating the database.
DEBUG ARM <> - DBUtilityWrapper::ValidateDatabase(): Result: 1, Exception Occurred:
0, Message: The database version "11.1.0.0" is up to date.
DEBUG ARM <> - Database validation passed.
DEBUG ARM <> - Auto reconnect attempt in 7 seconds
INFO ARM <File Importer> - Running automatic SQL log import.

Searching for SQL files to import in directory "C:\ProgramData\Globalscape\EFT Server Enterprise\" using file
pattern "EFT_ARM_11.1.0.0_*.sql"
DEBUG ARM <File Importer> - Found 0 files to import

o Writing to the database:

TRACE ARM <SQL Queue Reader> - Executing 1 SQL command(s)
TRACE ARM <SQL Queue Reader> - Executing SQL: EXEC SP_INSERT_TBL_ADMINACTIONS
'20170612 09:40:35:255',N'Auditing
Settings',N'Disabled',N'Server',N'N/A',N'asdf',N'Server','D43DD4E5-4F7B-11e7-80D6-
000C29469ABD',N'A272012'

o ARM.Queue Displays information about SQL queries that are awaiting execution.
DEBUG ARM.Queue <> - Queue stats over the last 300 seconds:
2 items enqueued
2 is the largest recorded queue size

18
GlobalSCAPE-Logs.docx

0 threads waited over 1000 milliseconds

average queue size 2.00
DEBUG ARM.Queue <> - Queue size set to 1000
DEBUG ARM.Queue <> - Stalled thread minimum duration set to 1000
DEBUG ARM.Queue <> - Minimum number of stalled threads to log set to 0

o AS2 Logs additional information for AS2 connections. Most information is stored in the ARM
database.
DEBUG AS2 <> - AS2 connection string set to
[provider=SQLNCLI10;server=192.168.102.145;database=EFTDB;UID=sa;Pwd=********;]

o AUD Information about read/write operations on the AUD file. This file is not used after 7.3.3.21
INFO AUD.Read <> - Loading LocalAuthManager settings from: MySite.aud
DEBUG AUD.Read <> - CLocalAuthManager::LoadSettings - full AUD file path is
C:\ProgramData\Globalscape\EFT Server Enterprise\MySite.aud
DEBUG AUD.Read <> - Found Groups: 2
DEBUG AUD.Read <> - Group: Administrative
DEBUG AUD.Read <> - Group: Guests
DEBUG AUD.Read <> - Found Clients: 2
DEBUG AUD.Read <> - Client: a
DEBUG AUD.Read <> - Client: NewUser
DEBUG AUD.Read <> - successfully loaded AUD file with 2 entries

o AuthManager Shows information about a user’s authentication.

INFO AuthManager <> - Synchronizing with auth manager
DEBUG AuthManager <SynchronizeWithAuthManager> - AMID: LOCAL
DEBUG AuthManager <SynchronizeWithAuthManager> - Synchronization mode: 0
DEBUG AuthManager <SynchronizeWithAuthManager> - Retrieving users list from auth
manager
DEBUG AuthManager <SynchronizeWithAuthManager> - Retrieving local users list...
DEBUG AuthManager <SynchronizeWithAuthManager> - Local User: a
DEBUG AuthManager <SynchronizeWithAuthManager> - Local User: NewUser
DEBUG AuthManager <SynchronizeWithAuthManager> - Authentication provider returned 2
users.
DEBUG AuthManager <SynchronizeWithAuthManager> - Processing client: Unique=a
Login=a
DEBUG AuthManager <SynchronizeWithAuthManager> - Updating client: a
DEBUG AuthManager <SynchronizeWithAuthManager> - Processing client: Unique=newuser
Login=NewUser
DEBUG AuthManager <SynchronizeWithAuthManager> - Updating client: newuser
DEBUG AuthManager <SynchronizeWithAuthManager> - Query users time: 0ms Update local
list time: 0ms Delete stale users time: 0ms
INFO AuthManager <SynchronizeWithAuthManager> - Synchronized successfully

o AWE Logs the queue size for pending AWE tasks as well as the start and stop times for AWE tasks.
DEBUG AWE <> - AWE task queue size = 24310
DEBUG AWE <> - AWE Task 'newblank' started. Log file:
C:\ProgramData\Globalscape\EFT Server Enterprise\AWE\Temp\AWE2016-11-12-11-07-34-
1283.csv
DEBUG AWE <> - AWE Task 'newblank' completed: success.

o Backup Logs information pertaining to the backup process

DEBUG Backup <> - Backup process started
DEBUG Backup <> - Backup file: C:\ProgramData\Globalscape\EFT Server
Enterprise\Backup\Server Configuration Backup 6-12-2017_9-57-41.bak created by:
asdf
DEBUG Backup <Backup CFG> - Adding configuration file to backup
DEBUG Backup <Backup workspaces DB> - Adding workspaces database to backup
DEBUG Backup <Backup event rules DB> - Adding event rules database to backup
DEBUG Backup <Backup file audit DB> - Adding file audit database to backup

19
GlobalSCAPE-Logs.docx

DEBUG Backup <Backup metadata DB> - Adding metadata database to backup

DEBUG Backup <Backup SiteSettings DB> - Adding SiteSettings database to backup
DEBUG Backup <Backup clients DB> - Adding clients database to backup, site:
03f964db-1a48-4e37-b374-5dd148a19bda
DEBUG Backup <Backup notification digest DB> - Adding notification digest database
to backup
DEBUG Backup <Backup Advanced Properties> - Adding Advanced Properties to backup
DEBUG Backup <Backup Files> - Adding server\sites\users files to backup
DEBUG Backup <Backup Files> - Backing up sites
DEBUG Backup <Backup Files> - Backing up site: MySite
DEBUG Backup <Backup Files> - Backed up site: MySite
DEBUG Backup <Backup Files> - Backed up sites
DEBUG Backup <Backup Files> - Processed C:\Program Files (x86)\Globalscape\EFT
Server Enterprise\web\
DEBUG Backup <Backup Files> - Processed C:\ProgramData\Globalscape\EFT Server
Enterprise\Reports\SQL Server\Custom Reports\
DEBUG Backup <Backup Files> - Processed C:\ProgramData\Globalscape\EFT Server
Enterprise\Reports\Oracle\Custom Reports\
DEBUG Backup <Backup Files> - Processed C:\Program Files (x86)\Globalscape\EFT
Server Enterprise\SATScripts
DEBUG Backup <Backup Files> - Processed C:\ProgramData\Globalscape\EFT Server
Enterprise\AWE
DEBUG Backup <Backup Files> - Processed C:\ProgramData\Globalscape\EFT Server
Enterprise\scClient
DEBUG Backup <> - Saving backup to file C:\ProgramData\Globalscape\EFT Server
Enterprise\Backup\Server Configuration Backup 6-12-2017_9-57-41.bak
DEBUG Backup <> - Backup process successfully finished

• CFG Shows read/write actions taken on FTP.cfg

o CFG.Write <> - Saving settings task started.

o CFG.Write <> - Saving settings to C:\ProgramData\Globalscape\EFT Server Enterprise\FTP.cfg

• ClientManager Very little information is logged here.

• ClientTransfers Very little information is logged here.

• CmdAccess Logs information about commands that are run from event rules
TRACE CmdAccess <Run now; Event: On Scheduler (Timer) Event Rule> -
CCommandAccess::ParseCommandParams ('')
TRACE CmdAccess <Run now; Event: On Scheduler (Timer) Event Rule> -
CCommandAccess::ParseCommandParams - there are 0 params passed in.
TRACE CmdAccess <Run now; Event: On Scheduler (Timer) Event Rule> -
CCommandAccess::ParseCommandParams returns a 1
DEBUG CmdAccess <Run now; Event: On Scheduler (Timer) Event Rule> - LaunchProcess:
sProcessIn: C:\Windows\System32\NETSTAT.EXE sParamsIn: sFolderIn:
C:\Windows\System32
DEBUG CmdAccess <Run now; Event: On Scheduler (Timer) Event Rule> - LaunchProcess:
sProcess:
QwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAE4ARQBUAFMAVABBAFQALgBFAFgARQA
= sParams: sFolder: QwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgA=
DEBUG CmdAccess <Run now; Event: On Scheduler (Timer) Event Rule> - LaunchProcess:
sTimeout: 1
DEBUG CmdAccess <Run now; Event: On Scheduler (Timer) Event Rule> - LaunchProcess:
strPipeName: cswrp1511f436
DEBUG CmdAccess <Run now; Event: On Scheduler (Timer) Event Rule> - LaunchProcess:
Pipe ok

20
GlobalSCAPE-Logs.docx

DEBUG CmdAccess <Run now; Event: On Scheduler (Timer) Event Rule> - LaunchProcess:
args:
"QwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwARwBsAG8AYgBhAGwAcwBjAGEAcABlAFwARQBGAFQAIA
BTAGUAcgB2AGUAcgAgAEUAbgB0AGUAcgBwAHIAaQBzAGUAXAA="
"QwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwARwBsAG8AYgBhAGwAcwBjAGEAcABlAFwARQBGAFQAIA
BTAGUAcgB2AGUAcgAgAEUAbgB0AGUAcgBwAHIAaQBzAGUAXAA="
"YwBzAHcAcgBwADEANQAxADEAZgA0ADMANgA="
"QwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAE4ARQBUAFMAVABBAFQALgBFAFgARQ
A=" "QwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgA=" "" "MQA="
DEBUG CmdAccess <Run now; Event: On Scheduler (Timer) Event Rule> -
WaitForClientConnection: timeout: 15000
DEBUG CmdAccess <Run now; Event: On Scheduler (Timer) Event Rule> -
WaitForClientConnection: ConnectNamedPipe: 997

• Common General log that records a number of items

o General User connection

TRACE Common <Parse FTP Command> - CSite::QueryEngineInfo(FTP) ENGINE_INFO:
0743E0C0 dwQuery: 2 Client name: TESTUSER pSocket: 03A24C90 dwAddress: 0.0.0.0
nConnectionsPerClient: 0 nConnectionsPerClientAndIp: 0 nConcurrentLogins: 0
nConnectionsPerAddress: 0

o Hitting limit of 3 logins per User (User level):

TRACE Common <Parse FTP Command> - CClient::Login: Too many connections per user:
TESTUSER m_bHasMaxUsers: 1 m_nClientCount: 3 m_nMaxUsers: 3

o Hitting limit for max number of socket connections (Site):

ERROR Common <> - Max concurrent socket connections has been reached.

o Hitting limit for max number of connections per Address (doesn’t log anything specific)(Site):
TRACE Common <> - CSite::QueryEngineInfo(FTP) ENGINE_INFO: 0B37F2D0 dwQuery: 8
Client name: pSocket: 00000000 dwAddress: 127.0.0.1 nConnectionsPerClient: 0
nConnectionsPerClientAndIp: 0 nConcurrentLogins: 0 nConnectionsPerAddress: 1

o Failure due to MaxConnections per User (Site)

10-29-16 12:06:59,948 [5296] TRACE Common <Parse FTP Command> -
CSite::CheckClientIP: Too many connections per user: TESTUSER info.dwQuery: 7
info.nConnectionsPerClient: 1 m_nMaxConnectionsPerAccount: 1

o Failure due to Max number of Logins (doesn’t log anything specific)(Site)

TRACE Common <Parse FTP Command> - CSite::QueryEngineInfo(FTP) ENGINE_INFO:
0762DC98 dwQuery: 6 Client name: TESTUSER pSocket: 0C8FEFE8 dwAddress: 0.0.0.0
nConnectionsPerClient: 0 nConnectionsPerClientAndIp: 1 nConcurrentLogins: 1
nConnectionsPerAddress: 0

• DMZSupport Logs information about DMZ server connections.

INFO DMZSupport <> - CSingleGateway::OnMessageLogin() : DMZ version 3.4.0 build 19
DEBUG DMZSupport <> - CSingleGateway::OnMessageLogin() : Unrecognized (most likely
newer) DMZ version 3.4.0 build 19
DEBUG DMZSupport <> - CSingleGateway::OnMessageLogin() : DMZ version set to
11111111
DEBUG DMZSupport <> - CSingleGateway::SetIPAccess() : Change client IP Access
settings
DEBUG DMZSupport <> - CSingleGateway::SetManualIPAccess() : Send client Manual IP
Access settings
DEBUG DMZSupport <> - CSingleGateway::SetAutoIPAccess() : Send client Autoban IP
Access settings

21
GlobalSCAPE-Logs.docx

• Events This logger is one of the primary loggers used for troubleshooting behavior and failures in event rule
processing. There are many sub categories within the primary Events logger. Among them;

o Events.AS2, Events.Client, Events.Conn, Events.FolderMonitor, Events.FS, Events.Server,

Events.Site, Events.Clustered, Events.ContentIntegrityControl, Events.Workspaces,
Events.FolderActions, Events.FileActions, Events.CompressDecompressActions,
Events.CompressDecompressServer, Events.WebServices

o File Uploaded
TRACE Events.Server.MySite <Parse FTP Command> - Dispatch file system event; event
type: 20481; PPath: C:\InetPub\EFTRoot\MySite\Usr\a\EFTMigrateCSVUsers.vbs; VPath:
/Usr/a/EFTMigrateCSVUsers.vbs
TRACE Events.Server.MySite <Parse FTP Command> - Dispatch file system event; event
type: 20491; PPath: C:\InetPub\EFTRoot\MySite\Usr\a\; VPath: /Usr/a/
TRACE Events.Server.MySite <> - Dispatch file system event; event type:
file_upload; PPath: C:\InetPub\EFTRoot\MySite\Usr\a\EFTMigrateCSVUsers.vbs; VPath:
/Usr/a/EFTMigrateCSVUsers.vbs

o File Uploaded Event Rule (no conditions) + Move Action

TRACE Events.Server.MySite <> - Dispatch file system event; event type:
file_upload; PPath: C:\InetPub\EFTRoot\MySite\Usr\a\EFTMigrateCSVUsers.vbs; VPath:
/Usr/a/EFTMigrateCSVUsers.vbs
DEBUG Events.FS.MySite.On_File_Uploaded_Rule <Event: On File Uploaded Rule> -
Conditions met. Executing event rule.
TRACE Events.FS.MySite.On_File_Uploaded_Rule <Event: On File Uploaded Rule> -
Context source path: C:\InetPub\EFTRoot\MySite\Usr\a\EFTMigrateCSVUsers.vbs;
Translated to ASCII source path:
C:\InetPub\EFTRoot\MySite\Usr\a\EFTMigrateCSVUsers.vbs; Destination path:
C:\temp\%SOURCE.FILE_NAME%

o On File Upload with conditions (failed)

TRACE Events <Event: On File Uploaded Rule> - Condition matched; string [foo.csv]
mask [*.txt] result [0]
DEBUG Events.FS.MySite.On_File_Uploaded_Rule <Event: On File Uploaded Rule> -
Conditions not met. Event rule execution skipped.

o On File Upload (with conditions) +Move (success)

TRACE Events <Event: On File Uploaded Rule> - Condition matched; string [New Text
Document.txt] mask [*.txt] result [1]
DEBUG Events.FS.MySite.On_File_Uploaded_Rule <Event: On File Uploaded Rule> -
Conditions met. Executing event rule.
TRACE Events <Event: On File Uploaded Rule> - Condition matched; string [New Text
Document.txt] mask [*.txt] result [1]
TRACE Events.FS.MySite.On_File_Uploaded_Rule <Event: On File Uploaded Rule> -
Context source path: C:\InetPub\EFTRoot\MySite\Usr\a\New Text Document.txt;
Translated to ASCII source path: C:\InetPub\EFTRoot\MySite\Usr\a\New Text
Document.txt; Destination path: C:\temp\%SOURCE.FILE_NAME%
DEBUG Events.FS.MySite.On_File_Uploaded_Rule <Event: On File Uploaded Rule> -
EVENT_ACTION_COPY: Files processed: 1
TRACE Events.FS.MySite.On_File_Uploaded_Rule <Event: On File Uploaded Rule> -
EVENT_ACTION_COPY (Host: ; User: ; PubKey: ; Key: ; Protocol: LOCAL Port: 0
Operation:40 ; LocalPath: C:\InetPub\EFTRoot\MySite\Usr\a\New Text Document.txt;
RemotePath: C:\temp\%SOURCE.FILE_NAME%): Transfer succeeded.
DEBUG Events.FS.MySite.On_File_Uploaded_Rule <Event: On File Uploaded Rule> -
Finished executing event rule.

o Create New Folder Monitor Rule

22
GlobalSCAPE-Logs.docx

TRACE Events.FolderMonitor <> - CEventRuleValidator::Validate: 'On Folder Monitor

Rule'
TRACE Events.Clustered.MySite.On_Folder_Monitor_Rule <Event rule: On Folder Monitor
Rule> - Running mode is [not clustered]
DEBUG Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <Event rule: On Folder
Monitor Rule> - rule is created.
DEBUG Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <Event rule: On Folder
Monitor Rule> - Starting folder monitor; relying on system notifications
DEBUG Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <Event rule: On Folder
Monitor Rule> - System notifications enabled; health check enabled, interval: 60
INFO Events.FolderMonitor <Event rule: On Folder Monitor Rule> - Starting Directory
Watcher using Sync Worker.
DEBUG Common <Event rule: On Folder Monitor Rule> - Started thread [Directory
Watcher Main Loop (Sync)].
DEBUG Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <Event rule: On Folder
Monitor Rule> - Health monitoring started. Folder:
C:\Users\xxxxxxxx\Downloads\TestFolder

o Folder Monitor (File Added) + Email Notification (doesn’t log email action)
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ValidateAndProcessChanges()
invoked.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ProcessChanges() invoked.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ProcessChanges() finished with
notification parsing; sending changes for processing by parent.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::SendChanges() is posting change
for processing in event 'On Folder Monitor Rule' to IOCP.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ValidateAndProcessChanges()
invoked.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ProcessChanges() invoked.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ProcessChanges() finished with
notification parsing; sending changes for processing by parent.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::SendChanges() is posting change
for processing in event 'On Folder Monitor Rule' to IOCP.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ValidateAndProcessChanges()
invoked.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ProcessChanges() invoked.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ProcessChanges() finished with
notification parsing; sending changes for processing by parent.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::SendChanges() is posting change
for processing in event 'On Folder Monitor Rule' to IOCP.
TRACE Events.FolderMonitor.MySite <> -
CFolderMonitorFactory::Impl::IoCompletionProc() awakened with valid Monitor Folder
object.
TRACE Events.FolderMonitor.MySite <> - Processing this folder event.
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() for path
C:\Users\xxxxxxxx\Downloads\TestFolder\2filesNotRenamed.jpg with file system event
1
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() could obtain exclusive lock on file, so
ready to process.
DEBUG Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <File:
C:\Users\xxxxxxxx\Downloads\TestFolder\2filesNotRenamed.jpg> - Processing file
found by system notifications
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() has finished processing notification
structure.
TRACE Events.FolderMonitor.MySite <> -
CFolderMonitorFactory::Impl::IoCompletionProc() awakened with valid Monitor Folder
object.
TRACE Events.FolderMonitor.MySite <> - Processing this folder event.

23
GlobalSCAPE-Logs.docx

TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -

CFolderMonitor::ProcessFolderUpdates() for path
C:\Users\xxxxxxxx\Downloads\TestFolder\2filesNotRenamed.jpg with file system event
3
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() encountered FILE_ACTION_MODIFIED, but file
is NOT in DEFERRED list, so we do nothing.
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() has finished processing notification
structure.
TRACE Events.FolderMonitor.MySite <> -
CFolderMonitorFactory::Impl::IoCompletionProc() awakened with valid Monitor Folder
object.
TRACE Events.FolderMonitor.MySite <> - Processing this folder event.
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() for path
C:\Users\xxxxxxxx\Downloads\TestFolder\2filesNotRenamed.jpg with file system event
3
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() encountered FILE_ACTION_MODIFIED, but file
is NOT in DEFERRED list, so we do nothing.
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() has finished processing notification
structure.
DEBUG Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <File:
C:\Users\xxxxxxxx\Downloads\TestFolder\2filesNotRenamed.jpg> - Invoking event rule
for file added
DEBUG Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <File:
C:\Users\xxxxxxxx\Downloads\TestFolder\2filesNotRenamed.jpg Event: On Folder
Monitor Rule> - Conditions met. Executing event rule.
DEBUG Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <File:
C:\Users\xxxxxxxx\Downloads\TestFolder\2filesNotRenamed.jpg Event: On Folder
Monitor Rule> - Finished executing event rule.
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <File:
C:\Users\xxxxxxxx\Downloads\TestFolder\2filesNotRenamed.jpg> - Cleanup required for
rule.

o Folder Monitor (File Renamed) + Email Notification (doesn’t log email action)
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ValidateAndProcessChanges()
invoked.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ProcessChanges() invoked.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ProcessChanges() finished with
notification parsing; sending changes for processing by parent.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::SendChanges() is posting change
for processing in event 'On Folder Monitor Rule' to IOCP.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ValidateAndProcessChanges()
invoked.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ProcessChanges() invoked.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::ProcessChanges() finished with
notification parsing; sending changes for processing by parent.
TRACE Events.FolderMonitor <> - CDirectoryWatcher::SendChanges() is posting change
for processing in event 'On Folder Monitor Rule' to IOCP.
TRACE Events.FolderMonitor.MySite <> -
CFolderMonitorFactory::Impl::IoCompletionProc() awakened with valid Monitor Folder
object.
TRACE Events.FolderMonitor.MySite <> - Processing this folder event.
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() for path
C:\Users\xxxxxxxx\Downloads\TestFolder\2filesNotRenamed.jpg with file system event
4

24
GlobalSCAPE-Logs.docx

TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -

CFolderMonitor::ProcessFolderUpdates() encountered FILE_ACTION_RENAMED_OLD_NAME;
processing file event.
DEBUG Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <File:
C:\Users\xxxxxxxx\Downloads\TestFolder\2Files1Folder.jpg> - Processing file found
by system notifications
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() has finished processing notification
structure.
TRACE Events.FolderMonitor.MySite <> -
CFolderMonitorFactory::Impl::IoCompletionProc() awakened with valid Monitor Folder
object.
TRACE Events.FolderMonitor.MySite <> - Processing this folder event.
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() for path
C:\Users\xxxxxxxx\Downloads\TestFolder\2Files1Folder.jpg with file system event 3
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() encountered FILE_ACTION_MODIFIED, but file
is NOT in DEFERRED list, so we do nothing.
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <> -
CFolderMonitor::ProcessFolderUpdates() has finished processing notification
structure.
DEBUG Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <File:
C:\Users\xxxxxxxx\Downloads\TestFolder\2Files1Folder.jpg> - File renamed from
C:\Users\xxxxxxxx\Downloads\TestFolder\2filesNotRenamed.jpg to
C:\Users\xxxxxxxx\Downloads\TestFolder\2Files1Folder.jpg
DEBUG Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <File:
C:\Users\xxxxxxxx\Downloads\TestFolder\2Files1Folder.jpg Event: On Folder Monitor
Rule> - Conditions not met. Event rule execution skipped.
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <File:
C:\Users\xxxxxxxx\Downloads\TestFolder\2Files1Folder.jpg> - No cleanup required
since execution skipped.
TRACE Events.FolderMonitor.MySite.On_Folder_Monitor_Rule <File:
C:\Users\xxxxxxxx\Downloads\TestFolder\2Files1Folder.jpg> - Because we delegated
the invocation of this rule to another node, I will NOT remove from InProgress.
????

o Folder Monitor (File Deleted) + Email Notification (doesn’t log email action)

o Timer Event (Run Now)

DEBUG Events.Server.MySite.On_Scheduler_(Timer)_Event_Rule <Run now Event: On
Scheduler (Timer) Event Rule> - Conditions met. Executing event rule.
DEBUG Events.Server.MySite.On_Scheduler_(Timer)_Event_Rule <Run now Event: On
Scheduler (Timer) Event Rule> - Finished executing event rule.

• FileSystem Logs file system activity.

o Deleting user account and home folder:

TRACE FileSystem <> - CVFManager::RemoveVirtualFolder: /Usr/a/

o Trying to delete /Pub folder (cannot)

DEBUG FileSystem <> - CFileSystem::RemoveFolder: tried to delete protected folder

o Navigating to folder in VFS:

DEBUG FileSystem <GetFolderListing> - Making listing: /Usr/. Mask: * .Client:
DEBUG FileSystem <GetFolderListing> - Added 15 items to listing

o Deleting folder in VFS:

TRACE FileSystem <> - CVFManager::RemoveVirtualFolder: /Usr/c/

25
GlobalSCAPE-Logs.docx

• FTP Logs FTP activity

o Logging in and using PUT to transfer a file with windows FTP:

TRACE FTP <Parse FTP Command> - Command: USER; Arguments: a
TRACE FTP <Parse FTP Command> - Command nID: 1;
DEBUG FTP <Parse FTP Command> - Validated login name: a
TRACE FTP <Parse FTP Command> - Command: PASS; Arguments: ****
TRACE FTP <Parse FTP Command> - Command nID: 2;
TRACE FTP <Parse FTP Command> - Command: PORT; Arguments: 127,0,0,1,201,59
TRACE FTP <Parse FTP Command> - Command nID: 9;
TRACE FTP <Parse FTP Command> - CCommandSocket::ReleaseDataSocket(0)[071A1F68]
TRACE FileSystem <Parse FTP Command> - Operation: "GetRealPath"; Folder: /Usr/a/;
TRACE FTP <Parse FTP Command> - Command: STOR; Arguments: /test.txt
TRACE FTP <Parse FTP Command> - Command nID: 17;
TRACE FTP <Parse FTP Command> - CCommandSocket::StartTransfer()[071A1F68];
DEBUG FTP <> - CDataSocket::CloseFile: m_pBuffer.reset() for [071EA4C0]
TRACE FTP <> - CCommandSocket::ReleaseDataSocket(1)[071A1F68]

• HTTP Logs information relating to HTTP/S requests to EFT.

TRACE HTTP <HTTP.ProcessRequest> - receiving
TRACE HTTP <HTTP.ProcessRequest> - received 270 bytes
DEBUG HTTP <HTTP.ProcessRequest> - Received Request:
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: localhost
Connection: Keep-Alive
Cookie: savedpath=/,http

• HTTP.Handler Information about requests sent to the HTTP/S server.

o A session cookie is received by EFT:

DEBUG HTTP.Handler <HTTP.ProcessRequest> - CHTTPSocket::AddCSRFToken: retrieved
cookie token: 597326F5-4FA6-11e7-80D6-000C29469ABD

• HTTP.SessionManager Information for HTTP/S sessions initiated by clients using the Web Transfer Client.

o Creating a new session:

DEBUG HTTP.SessionManager <HTTP.ProcessRequest> - Created WTC session
[968CBE1E696082DA36A4FF9FAB92BFD892CCC1722963813DE451A3472DA5D2B2]; num web
sessions is [2]

• IPAccess This logger logs the pre-check that is done on a user account before authentication
DEBUG IPAccess <> - Check IP address against IP Access Rules: IP: 127.0.0.1, access
allowed
DEBUG IPAccess <> - Check IP address against IP Access Rules: IP: 127.0.0.1, access
denied

• PathManager Information about mapping physical paths to virtual paths within EFT.

o Starting EFT server:

DEBUG PathManager <> - Registering default path names.
DEBUG PathManager <ParseAndRegisterTarget> - Inserting: folder C:\Program Files
(x86)\Globalscape\EFT Server Enterprise\web/public/EFTClient/wtc/lib into target
map.
DEBUG PathManager <ParseAndRegisterTarget> - Registered path:
/eftclient/wtc/lib;[Folder];C:\Program Files (x86)\Globalscape\EFT Server
Enterprise\web/public/EFTClient/wtc/lib

26
GlobalSCAPE-Logs.docx

DEBUG PathManager <ParseAndRegisterTarget> - Inserting: folder C:\Program Files

(x86)\Globalscape\EFT Server Enterprise\web/public/EFTClient into target map.
DEBUG PathManager <ParseAndRegisterTarget> - Registered path:
/eftclient;[Folder];C:\Program Files (x86)\Globalscape\EFT Server
Enterprise\web/public/EFTClient
DEBUG PathManager <ParseAndRegisterTarget> - Inserting: folder into target map.

• PGP.Adapter Information about PGP operations.

o Starting EFT server:

TRACE PGP.Adapter <> - NOpenPGPAdapterTS::ResetStore(C:\ProgramData\Globalscape\EFT
Server Enterprise\pubring.pgp,C:\ProgramData\Globalscape\EFT Server
Enterprise\secring.pgp)
TRACE PGP.Adapter <> - EFTOpenPGP::EFTOpenPGP("C:\ProgramData\Globalscape\EFT
Server Enterprise\pubring.pgp", "C:\ProgramData\Globalscape\EFT Server
Enterprise\secring.pgp", 0, 0, 0, "")
TRACE PGP.Adapter <> - EFTPGPKeyMgr::EFTPGPKeyMgr:("C:\ProgramData\Globalscape\EFT
Server Enterprise\pubring.pgp", "C:\ProgramData\Globalscape\EFT Server
Enterprise\secring.pgp")
TRACE PGP.Adapter <> - EFTSDA::EFTSDA(0, 0, 0, "")
TRACE PGP.Adapter <> - NOpenPGPAdapter::NOpenPGPAdapter(0x029EEEE0)
TRACE PGP.Adapter <> - NOpenPGPAdapter::ResetStore("C:\ProgramData\Globalscape\EFT
Server Enterprise\pubring.pgp", "C:\ProgramData\Globalscape\EFT Server
Enterprise\secring.pgp")
Creating a key:
TRACE PGP.Adapter <> - NOpenPGPAdapterTS::CreateKey
TRACE PGP.Adapter <> - EFTOpenPGP::EFTOpenPGP("C:\ProgramData\Globalscape\EFT
Server Enterprise\pubring.pgp", "C:\ProgramData\Globalscape\EFT Server
Enterprise\secring.pgp", 0, 0, 0, "")
TRACE PGP.Adapter <> - EFTPGPKeyMgr::EFTPGPKeyMgr:("C:\ProgramData\Globalscape\EFT
Server Enterprise\pubring.pgp", "C:\ProgramData\Globalscape\EFT Server
Enterprise\secring.pgp")
TRACE PGP.Adapter <> - EFTSDA::EFTSDA(0, 0, 0, "")
TRACE PGP.Adapter <> - NOpenPGPAdapter::NOpenPGPAdapter(0x0A57F074)
TRACE PGP.Adapter <> - NOpenPGPAdapter::CreateKey("asdf", "", "[email protected]",
"********", "3DES", "DSA", 2048, 0)

o Encrypting a file:
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> -
NOpenPGPAdapterTS::Encrypt
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> -
EFTOpenPGP::EFTOpenPGP("C:\ProgramData\Globalscape\EFT Server
Enterprise\pubring.pgp", "C:\ProgramData\Globalscape\EFT Server
Enterprise\secring.pgp", 0, 0, 0, "")
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> -
EFTPGPKeyMgr::EFTPGPKeyMgr:("C:\ProgramData\Globalscape\EFT Server
Enterprise\pubring.pgp", "C:\ProgramData\Globalscape\EFT Server
Enterprise\secring.pgp")
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> -
EFTSDA::EFTSDA(0, 0, 0, "")
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> -
NOpenPGPAdapter::NOpenPGPAdapter(0x02C6F360)
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> -
NOpenPGPAdapter::Encrypt("C:\Users\xxxxxxxx\Desktop\test\license.txt",
"C:\Users\xxxxxxxx\Desktop\test\license.txt", 1", 0, 0, 5)
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - Encrypt key
list: 287AB991
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - FireStatus:
Starting to read data from "C:\Users\xxxxxxxx\Desktop\test\license.txt"
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - FireStatus:
Starting to write data to "C:\Users\xxxxxxxx\Desktop\test\license.txt.pgp"
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - FireStatus:
Starting PGP message encoding

27
GlobalSCAPE-Logs.docx

TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - FireStatus:
Automatically selected encryption algorithm: "TripleDES"
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - FireStatus:
Starting to encrypt, encryption algorithm is TripleDES
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - FireStatus:
Starting to write PGPLiteralDataPacket
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - FireStatus:
Finished writing PGPLiteralDataPacket
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - FireStatus:
Finished encrypting data
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - FireStatus:
Finished PGP message encoding
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - FireStatus:
Finished reading data from file "C:\Users\username\Desktop\test\license.txt"
TRACE PGP.Adapter <Run now; Event: On Scheduler (Timer) Event Rule> - FireStatus:
Finished writing data to file "C:\Users\username\Desktop\test\license.txt.pgp"

• Registration Very little is logged here.

• Reporting Some information about reports which are generated with the ARM module.
DEBUG Reporting <> - Report Manager connection string set to
[provider=SQLNCLI10;server=192.168.102.145;database=EFTDB;UID=sa;Pwd=********;]

• Reports Some information which is generated by the PCI DSS Compliance report.
TRACE Reports <> - bufReportPDF.GetSize() 18445
TRACE Reports <> - bufReportHTML.GetSize() 16727

• Server Information about server stop and start procedures.

o On Stop:
TRACE Server.Stop <> - Posting CLOSE event...

o On startup:
DEBUG Server.Startup <> - Server Run
DEBUG Server.Startup <> - Starting server
DEBUG Server.Startup <> - Initializing HTTP Message Provider
DEBUG Server.Startup <> - Resetting PGP Store
DEBUG Server.Startup <> - Initializing SSL

 And so on…

• Service Logging for service interactions with Windows.

o On Server Stop:
TRACE Service <> - [EFT Server Enterprise](4460): CNTService::SetStatus(13849680,
1)
TRACE Service <> - [EFT Server Enterprise](4460): CNTService::SetStatus -
m_Status.dwWin32ExitCode = 0
TRACE Service <> - [EFT Server Enterprise](4460): CNTService::SetStatus
SetServiceStatus call succeeded
TRACE Service <> - [EFT Server Enterprise](4460): Leaving CNTService::ServiceMain()

• SFTP Information about SFTP connections.

o KEX, hex encoded. This can be decoded with a hex to ascii converter – this will be changed in
later versions:
TRACE SFTP <> - [08F4F568] msg: 2024502473 Sending version (hex):
5353482D322E302D312E38325F7373686C696220476C6F62616C73636170650D0A

28
GlobalSCAPE-Logs.docx

1139361 [2088] TRACE SFTP <> - [08F4F568] msg: 2024502473 Sending SSH_MSG_KEXINIT
(488 bytes, seq nr 0) Data (hex):
144B9BE2593F7173D89E131E9172E97FB0000000596469666669652D68656C6C6D616E2D67726F75703
1342D736861312C6469666669652D68656C6C6D616E2D67726F75702D65786368616E67652D73686131
2C6469666669652D68656C6C6D616E2D67726F7570312D73686131000000077373682D7273610000007
774776F666973683235362D6362632C6165733235362D6362632C6165733235362D6374722C74776F66
6973682D6362632C336465732D6362632C74776F666973683132382D6362632C6165733132382D63626
32C6165733132382D6374722C636173743132382D6362632C626C6F77666973682D6362630000007774
776F666973683235362D6362632C6165733235362D6362632C6165733235362D6374722C74776F66697
3682D6362632C336465732D6362632C74776F666973683132382D6362632C6165733132382D6362632C
6165733132382D6374722C636173743132382D6362632C626C6F77666973682D63626300000025686D6
1632D736861322D3531322C686D61632D736861322D3235362C686D61632D7368613100000025686D61
632D736861322D3531322C686D61632D736861322D3235362C686D61632D73686131000000097A6C696
22C6E6F6E65000000097A6C69622C6E6F6E6500000000000000000000000000
1139361 [2088] TRACE SFTP <> - [08F4F568] msg: 2024502476 Received SSH_MSG_KEXINIT
(1187 bytes, seq nr 0) Data (hex):
1472DC0911995802614692E9AEF3B8BD86000000F0637572766532353531392D736861323536406C696
27373682E6F72672C656364682D736861322D6E697374703235362C656364682D736861322D6E697374
703338342C656364682D736861322D6E697374703532312C6469666669652D68656C6C6D616E2D67726
F75702D65786368616E67652D7368613235362C6469666669652D68656C6C6D616E2D67726F75702D65
786368616E67652D736861312C6469666669652D68656C6C6D616E2D67726F757031342D736861312C7
27361323034382D7368613235362C727361313032342D736861312C6469666669652D68656C6C6D616E
2D67726F7570312D73686131000000577373682D7273612C7373682D656432353531392C65636473612
D736861322D6E697374703235362C65636473612D736861322D6E697374703338342C65636473612D73
6861322D6E697374703532312C7373682D647373000000EB6165733235362D67636D406F70656E73736
82E636F6D2C6165733235362D6374722C6165733235362D6362632C72696A6E6461656C2D636263406C
797361746F722E6C69752E73652C6165733139322D6374722C6165733139322D6362632C61657331323
82D67636D406F70656E7373682E636F6D2C6165733132382D6374722C6165733132382D6362632C6368
6163686132302D706F6C7931333035406F70656E7373682E636F6D2C626C6F77666973682D6374722C6
26C6F77666973682D6362632C336465732D6374722C336465732D6362632C617263666F75723235362C
617263666F7572313238000000EB6165733235362D67636D406F70656E7373682E636F6D2C616573323
5362D6374722C6165733235362D6362632C72696A6E6461656C2D636263406C797361746F722E6C6975
2E73652C6165733139322D6374722C6165733139322D6362632C6165733132382D67636D406F70656E7
373682E636F6D2C6165733132382D6374722C6165733132382D6362632C63686163686132302D706F6C
7931333035406F70656E7373682E636F6D2C626C6F77666973682D6374722C626C6F77666973682D636
2632C336465732D6374722C336465732D6362632C617263666F75723235362C617263666F7572313238
0000009B686D61632D736861322D3235362C686D61632D736861312C686D61632D736861312D39362C6
86D61632D6D64352C686D61632D736861322D3235362D65746D406F70656E7373682E636F6D2C686D61
632D736861312D65746D406F70656E7373682E636F6D2C686D61632D736861312D39362D65746D406F7
0656E7373682E636F6D2C686D61632D6D64352D65746D406F70656E7373682E636F6D0000009B686D61
632D736861322D3235362C686D61632D736861312C686D61632D736861312D39362C686D61632D6D643
52C686D61632D736861322D3235362D65746D406F70656E7373682E636F6D2C686D61632D736861312D
65746D406F70656E7373682E636F6D2C686D61632D736861312D39362D65746D406F70656E7373682E6
36F6D2C686D61632D6D64352D65746D406F70656E7373682E636F6D000000096E6F6E652C7A6C696200
0000096E6F6E652C7A6C696200000000000000000000000000
TRACE SFTP <> - [08F4F568] msg: 2024502480 Will act on first key exchange method
packet
TRACE SFTP <> - [08F4F568] msg: 2024502476 Received SSH_MSG_KEX_34 (13 bytes, seq
nr 1)

o Sending authentication request:

TRACE SFTP <> - [08F52070] msg: 2024502482 Handling SSH_MSG_USERAUTH_REQUEST for
user 'a', service 'ssh-connection', method 'keyboard-interactive'

o Failed authentication:
TRACE SFTP <> - [08F4F568] msg: 2024502473 Sending SSH_MSG_USERAUTH_FAILURE (35
bytes, seq nr 6)

• SMTP Logs all SMTP messages which are sent from EFT.
TRACE SMTP <> - SmtpError:
TRACE SMTP <> - 220 mail8.globalscape.com ESMTP (c3d348d27d9f3d352b30a9ae72064b47)
TRACE SMTP <> - EHLO GS0110.forest.intranet.gs

29
GlobalSCAPE-Logs.docx

TRACE SMTP <> - 250-mail8.globalscape.com Hello GS0110.forest.intranet.gs

[192.168.253.206], pleased to meet you
250-SIZE 120000000
250-PIPELINING
250-8BITMIME
250 HELP
TRACE SMTP <> - MAIL FROM: <[email protected]> BODY=8BITMIME
TRACE SMTP <> - 250 Sender <[email protected]> OK
TRACE SMTP <> - RCPT TO: <[email protected]>
TRACE SMTP <> - 250 Recipient <[email protected]> OK
TRACE SMTP <> - DATA
TRACE SMTP <> - 354 Start mail input; end with <CRLF>.<CRLF>
TRACE SMTP <> - X-Priority: 3 (Normal)

o X-Mailer: Globalscape EFT Server

o X-MSMail-Priority: Normal

o To: <[email protected]>

o Subject: Globalscape EFT Server Notification: Folder Monitor

o MIME-Version: 1.0

o Importance: Normal

o From: "Globalscape EFT Server"<[email protected]>

o Date: Sat, 5 Nov 2016 10:20:03 -0500

o Cc:

o Content-Type: text/plain;

 charset="iso-8859-1"

o Content-Transfer-Encoding: 8bit

o This message was sent to you automatically by Globalscape EFT Server on the following event: Folder
Monitor.
TRACE SMTP <> - 250 Ok: queued as 3189F1B80E15

• SSL Information about the ciphers used for connecting clients when using SSL.
DEBUG SSL <> - SSL connection accepted; protocol version = TLSv1.2, cipher = ECDHE-
RSA-AES128-GCM-SHA256, key length = 128

• Timer Log for scheduled timer rules and the deferred file checker timer.
TRACE Timer <> - OnTimer for timer: Timer for rule: On Scheduler (Timer) Event Rule
TRACE Timer <> - Executing timer handler
TRACE Timer <> - Resetting timer: Timer for rule: On Scheduler (Timer) Event Rule

• Status Viewer Very little is logged here

• Cluster Information for HA clusters

TRACE Cluster <> - CMessageAccumulator: I'm empty
TRACE Cluster <> - No need to originate admin-originated change 'administrator
changed configuration (Login: xxxxxxxx, MXID: 28)': no changes.

• Cluster.SharedFiles Logs movement of files from the shared config to local store at service start.
TRACE Cluster.SharedFiles <> - ReadChanges[PGP] Lock file on read is success

30
GlobalSCAPE-Logs.docx

TRACE Cluster.SharedFiles <> - CFilesSynchronizer::DownloadFile: Try Copy file from

"\\L3101HA12012\HA\pubring.pgp" to "C:\ProgramData\Globalscape\EFT Server
Enterprise\pubring.pgp"
TRACE Cluster.SharedFiles <> - CFilesSynchronizer::DownloadFile: Copy file from
"\\L3101HA12012\HA\pubring.pgp" to "C:\ProgramData\Globalscape\EFT Server
Enterprise\pubring.pgp" OK
TRACE Cluster.SharedFiles <> - CFilesSynchronizer::DownloadFile: Try Copy file from
"\\L3101HA12012\HA\secring.pgp" to "C:\ProgramData\Globalscape\EFT Server
Enterprise\secring.pgp"
TRACE Cluster.SharedFiles <> - CFilesSynchronizer::DownloadFile: Copy file from
"\\L3101HA12012\HA\secring.pgp" to "C:\ProgramData\Globalscape\EFT Server
Enterprise\secring.pgp" OK
TRACE Cluster.SharedFiles <> - ReadRemoteData[PGP] Receive remote files is success

• Cluster.ChangeQueue MSMQ message queue size, messages sent and received

TRACE Cluster.ChangeQueue <> - MSMQ: Queue is empty.
DEBUG Cluster.ChangeQueue <> - MSMQ: Message of size 4880 is received.
TRACE Cluster.ChangeQueue <> - Message [MulticastID=14526] is sent; waiting for the
message to arrive to local queue...
ERROR Cluster.ChangeQueue <> - MSMQ: openQueue throws an HR of '0xc00e001e'
TRACE Cluster.ChangeQueue <> - Own message [MulticastID=14526] is received.

• Workspaces Shows when workspaces are created and changed.

Creating a new workspace:

TRACE Workspaces <HTTP.ProcessRequest> - POST /Workspaces/v1/Shares
{"name":"test","vpath":"/test/","expireTime":0,"participants":[{"email":"xxxxxx@glo
balscape.com","permissions":{"canUploadFile":true,"canDownloadFile":true,"canDelete
File":true,"canRenameFileFolder":true,"canCreateFolder":true,"canDeleteFolder":true
}}],"notifications":{"notifPeriod":"DAILY","onDownload":true,"onUpload":true,"onDel
ete":true,"onReplace":true,"onRename":true,"onFileComments":true},"private":false}
TRACE Workspaces <HTTP.ProcessRequest> - Creating workspace with id [be71e221-1ff1-
4628-9aaf-2179584f854c]

• Workspaces.Invite Shows registration emails that are sent out for Workspaces invites.
TRACE Workspaces.Invite <HTTP.ProcessRequest> - ResendInvitations for wid be71e221-
1ff1-4628-9aaf-2179584f854c
TRACE Workspaces.Invite <HTTP.ProcessRequest> - SendRegistrationEmail:
[email protected]

• SAMLSSO Information on SAML SSO.

• Cloud Information on AWS functionality.

• Network Automation Logs

o Naming: C:\ProgramData\Network Automation\AutoMate 8\AutoMate8TaskEvents.txt

o Time Format: YYYY-MM-DD HH-mm-ss (24 hr format, GMT).

o What it logs: DateStamp Timestamp, Machine Name, AWE task, Status, Step #, Status, Process
GUID, ???, Result Code

o Can be used to track AWE task failures, timeout occurrences, successes, etc.

o Since the data is comma separated, can be opened in Excel and separated by delimiter and
sorted/graphed as needed to extract and map data.

o Task Success:
2016-11-12 16-03-54,GS0110,Anything,TASKSTART, ,Task started,,{AEA76099-2F05-4940-
8B29-5EDFFE1AC6EC},436,0

31
GlobalSCAPE-Logs.docx

2016-11-12 16-03-55,GS0110,Anything,TASKSUCCESS,25,Task ended.,,{AEA76099-2F05-

4940-8B29-5EDFFE1AC6EC},123,1

o Task Aborted due to Timeout

2016-11-12 16-33-18,GS0110,Anything,TASKSTART, ,Task started,,{5EC0DD7E-A148-4C51-
8C83-CA3F88ED9A5F},950,0
2016-11-12 16-33-21,GS0110,Anything,TASKABORTED,2,Task aborted.,,{5EC0DD7E-A148-
4C51-8C83-CA3F88ED9A5F},568,1

o Task Failed (various reasons)

2016-11-12 16-38-06,GS0110,Anything,TASKSTART, ,Task started,,{7E65309C-F545-4DD1-
ADED-4BBD9F38A97D},807,0
2016-11-12 16-38-06,GS0110,Anything,TASKFAILURE,17,A variable or function in the
expression does not exist or is misspelled ,,{7E65309C-F545-4DD1-ADED-
4BBD9F38A97D},843,1

E-October Scotia 19 Copy
No ratings yet
E-October Scotia 19 Copy
31 pages
YSi-SP Programming Manual
No ratings yet
YSi-SP Programming Manual
121 pages
LloydsBank - Uriova Feruza#MD
No ratings yet
LloydsBank - Uriova Feruza#MD
1 page
BOYINI ARAVIND Bs
No ratings yet
BOYINI ARAVIND Bs
3 pages
Business Account Statement 2022
No ratings yet
Business Account Statement 2022
5 pages
Contract
100% (1)
Contract
3 pages
Accounting - Mini Practice Set 2
No ratings yet
Accounting - Mini Practice Set 2
20 pages
Academies Australasia
No ratings yet
Academies Australasia
39 pages
Master of Business Administration (MBA) : Agreement
No ratings yet
Master of Business Administration (MBA) : Agreement
7 pages
Student Financial Statement: Enrolment and Financial Details For The Semester
No ratings yet
Student Financial Statement: Enrolment and Financial Details For The Semester
3 pages
Thomas Profiling Certification
No ratings yet
Thomas Profiling Certification
4 pages
Account Opening Form
100% (1)
Account Opening Form
2 pages
ABL Modification Form
No ratings yet
ABL Modification Form
1 page
H1093946 Mohammad Haider Ali COL PDF
No ratings yet
H1093946 Mohammad Haider Ali COL PDF
6 pages
1640938779749
No ratings yet
1640938779749
10 pages
Testmailgift
No ratings yet
Testmailgift
4 pages
Bank Statement Template
No ratings yet
Bank Statement Template
2 pages
Form A PDF
No ratings yet
Form A PDF
2 pages
Checking Summary: Customer Service Information 1-800-935-9935
No ratings yet
Checking Summary: Customer Service Information 1-800-935-9935
4 pages
723144707-Wells-Fargo-Wire-Transfer-Confirmation-and-Receipt
No ratings yet
723144707-Wells-Fargo-Wire-Transfer-Confirmation-and-Receipt
7 pages
List
No ratings yet
List
4 pages
Bank Statement Template 2 - TemplateLab
No ratings yet
Bank Statement Template 2 - TemplateLab
2 pages
TheWire Apr03
No ratings yet
TheWire Apr03
108 pages
Huma Katherine
No ratings yet
Huma Katherine
2 pages
Bank of China
No ratings yet
Bank of China
21 pages
Monthly Company Salary Slip
No ratings yet
Monthly Company Salary Slip
4 pages
Khalid Ali Arshad: Account Statement
No ratings yet
Khalid Ali Arshad: Account Statement
2 pages
NAB Connect Consolidated File Format Specification - V0.05
No ratings yet
NAB Connect Consolidated File Format Specification - V0.05
63 pages
Shift4 Payments IPO Prospectus
No ratings yet
Shift4 Payments IPO Prospectus
469 pages
CE Certificate Burnfree
No ratings yet
CE Certificate Burnfree
3 pages
BankStatement PDF
No ratings yet
BankStatement PDF
1 page
TENANCY AGREEMENT - (Real Two)
No ratings yet
TENANCY AGREEMENT - (Real Two)
3 pages
West Haven D 508857-509402
No ratings yet
West Haven D 508857-509402
73 pages
Cis Jose Elias Villalba Jaimes - 1903 - 606
No ratings yet
Cis Jose Elias Villalba Jaimes - 1903 - 606
7 pages
Statement 44873097 GBP 2022-11-13 2023-02-13
No ratings yet
Statement 44873097 GBP 2022-11-13 2023-02-13
3 pages
Payment Proof Recent Week
No ratings yet
Payment Proof Recent Week
25 pages
Document 01
No ratings yet
Document 01
5 pages
BLXWARE Articles of Incorporation
No ratings yet
BLXWARE Articles of Incorporation
2 pages
Screenshot 2022-08-04 at 12.53.07 PDF
No ratings yet
Screenshot 2022-08-04 at 12.53.07 PDF
1 page
Evolve Bank & Trust
No ratings yet
Evolve Bank & Trust
2 pages
AB CFS 1126366 Alberta Ltd.
No ratings yet
AB CFS 1126366 Alberta Ltd.
3 pages
State Street RFP PDF
No ratings yet
State Street RFP PDF
31 pages
Rezaul System Zone LLC (Ask My Accountant Query List)
No ratings yet
Rezaul System Zone LLC (Ask My Accountant Query List)
3 pages
Executive Summary: Merchant Banking
No ratings yet
Executive Summary: Merchant Banking
68 pages
Tuition Bank Wire Instructions 2016 PDF
No ratings yet
Tuition Bank Wire Instructions 2016 PDF
1 page
Holding Deposit Agreement PDF
No ratings yet
Holding Deposit Agreement PDF
1 page
02) PAX-list (Crew List) v1.4
No ratings yet
02) PAX-list (Crew List) v1.4
76 pages
TMN Tun Dr. Ismail, KL 1 30/06/20
No ratings yet
TMN Tun Dr. Ismail, KL 1 30/06/20
5 pages
Westpac Pacific Internet Banking - Fiji - Make Immediate Payment Receipt
No ratings yet
Westpac Pacific Internet Banking - Fiji - Make Immediate Payment Receipt
1 page
0 SCM-CL-52 - General Business Agreement Ver-1 1
No ratings yet
0 SCM-CL-52 - General Business Agreement Ver-1 1
17 pages
MST Farida Easmin
No ratings yet
MST Farida Easmin
1 page
9f71ccd9 Acfa 4d7d 85f1 Eda40ddd6c3a List
No ratings yet
9f71ccd9 Acfa 4d7d 85f1 Eda40ddd6c3a List
4 pages
Bank Statement
No ratings yet
Bank Statement
1 page
bank statement
No ratings yet
bank statement
10 pages
AutoRecovery Save of Annex 2 Legal Entity Questionnaire
No ratings yet
AutoRecovery Save of Annex 2 Legal Entity Questionnaire
7 pages
Instructions
No ratings yet
Instructions
2 pages
MT 17112913 21486
No ratings yet
MT 17112913 21486
1 page
721508103 509435797 Navy Federal Credit Union Statement
No ratings yet
721508103 509435797 Navy Federal Credit Union Statement
5 pages
eStmt_2025-04-07
No ratings yet
eStmt_2025-04-07
6 pages
Chapter 4 - Gathering Information
No ratings yet
Chapter 4 - Gathering Information
38 pages
FTP Commands List PDF
No ratings yet
FTP Commands List PDF
6 pages
Crocc Crew(THM)
No ratings yet
Crocc Crew(THM)
4 pages
EP For B.Karthick
No ratings yet
EP For B.Karthick
5 pages
University of Madras B.A. Degree Course in Political Science (With Effect From 2008-2009)
No ratings yet
University of Madras B.A. Degree Course in Political Science (With Effect From 2008-2009)
26 pages
ultimate-interview-prep-guide
No ratings yet
ultimate-interview-prep-guide
7 pages
MSC Chemistry AIU 2024
No ratings yet
MSC Chemistry AIU 2024
19 pages
All Idc Training Directory S v18
No ratings yet
All Idc Training Directory S v18
416 pages
BDS456B MongoDB
No ratings yet
BDS456B MongoDB
2 pages
ASTM E92 Vickers Hardness
No ratings yet
ASTM E92 Vickers Hardness
27 pages
Clinical_Practice_Guidelines_On_Endodontic_Mishaps
No ratings yet
Clinical_Practice_Guidelines_On_Endodontic_Mishaps
6 pages
Petrotech 2009 Paper1
100% (1)
Petrotech 2009 Paper1
7 pages
Ranma (Japanese
No ratings yet
Ranma (Japanese
11 pages
Passive Alarms List and Tracker
No ratings yet
Passive Alarms List and Tracker
41 pages
SPD Selection PDF
No ratings yet
SPD Selection PDF
280 pages
Safecom Go Oce Administrators Manual 60715
No ratings yet
Safecom Go Oce Administrators Manual 60715
30 pages
Node js in Practice 1st Edition Alex R. Young instant download
100% (1)
Node js in Practice 1st Edition Alex R. Young instant download
55 pages
Transorganizational Change: Presented By: Sabahat Fatima Registration No. FA18-BBA-011 Submitted To: Dr. Imran Malik
No ratings yet
Transorganizational Change: Presented By: Sabahat Fatima Registration No. FA18-BBA-011 Submitted To: Dr. Imran Malik
7 pages
Equity Carve Out
No ratings yet
Equity Carve Out
32 pages
attachment-report-muranga-course-health-records-chrit-juster
No ratings yet
attachment-report-muranga-course-health-records-chrit-juster
20 pages
Glide Form
No ratings yet
Glide Form
9 pages
Class 12 Syllabus 2019-2020 Isc
100% (1)
Class 12 Syllabus 2019-2020 Isc
4 pages
Port Uri
No ratings yet
Port Uri
41 pages
Planning A Wisp Solar Powered Tower - Ubiquiti Wiki
No ratings yet
Planning A Wisp Solar Powered Tower - Ubiquiti Wiki
5 pages
CV - Ahmad Haetami
No ratings yet
CV - Ahmad Haetami
2 pages
Pi% Status
No ratings yet
Pi% Status
18 pages
Pass
No ratings yet
Pass
193 pages
CB Insights Venture Report 2021
No ratings yet
CB Insights Venture Report 2021
273 pages
The Origins of CPM
No ratings yet
The Origins of CPM
34 pages
Field Study I 1 2
No ratings yet
Field Study I 1 2
208 pages
IMPACT OF COVID 19 ON TEXTILE AND FASHION INDUSTRY INDIA ECONOMIC PERSPECTIVE 1vikas Kumar Sanjeev Kumar Kalapna
No ratings yet
IMPACT OF COVID 19 ON TEXTILE AND FASHION INDUSTRY INDIA ECONOMIC PERSPECTIVE 1vikas Kumar Sanjeev Kumar Kalapna
17 pages

GlobalSCAPE Logs

Uploaded by

GlobalSCAPE Logs

Uploaded by

GlobalSCAPE-Logs.

Incoming Log (3 forms: ex.log, in.log, or nc.log)

• Logging Levels: Standard (default) or Verbose

• Log rotation: Never, Daily (default), Weekly, or Monthly.

• Encoding: UTF-8 encoding (default) allows non-ASCII characters to be written to log.

W3C Extended (default and preferred logging format—ex.log)

• Time Format: 24hr, GMT/UTC time

2016-12-01 03:12:45 127.0.0.1 - a [1]dele 2.TXT - 250 - - - 21

Microsoft IIS (in.log)

• Time Format: 24hr, local server time

172.31.4.64, a, 11/28/16, 12:49:55, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,

172.31.4.64, a, 11/28/16, 13:20:44, MSFTPSVC1, GS0110, 192.168.102.22, 0, 0, 0,

NCSA Common Log (nc.log)

• Time Format: 24hr, local server time

172.31.4.64 - a [28/Nov/2016:16:14:02 -0600] "port 172,31,4,64,230,200" 200 0,

• Time Format: 24hr, local server time

• Bad Address (unrouteable/unresolvable)

• Bad Address (resolvable)

• Connecting with wrong protocol:

2016-10-08 09:35:39; ftp; localhost; 21; h; C:\temp2\numberRenamed.txt;

• List + Download a file (wildcard used):

2016-10-08 08:58:42; ftp; localhost; 21; a; C:\temp2\*.*; /; list; 226;

2016-10-08 08:59:17; https; localhost; 443; a; C:\Temp3\*.*; /; list; 0;

• Download non-existent File:

• Download + Delete from Source:

• Upload and Remote Server terminated half way through/lost connection:

• Upload + Overwrite + MFMT:

• Upload, Failed Permission:

• Upload to non-existent folder (no permissions to create):

• Time Format: Local client time

• Naming PGPlog.txt (default), PGPlog_MM_DD_YYYY.txt (default – If dynamic file name enabled)

• Log Levels: Level 1 (Standard Logging) and Level 2 (Verbose Logging)

• Time Format 24hr, local time

• What it logs: YYYY/MM/DD HH:mm:ss (24hr local time) <processID> Status

• Level 1 (Standard Logging):

2016/11/3 17:53:57 <20092> Starting to write PGPLiteralDataPacket

o Failed Decrypt (Wrong Key)

2016/11/30 21:1:48 <3256> Symmetric algorithm is: Plaintext

o Self Decrypting Archive (SDA):

• Level 2 (Verbose Logging)

2016/11/30 20:38:12 <17940> Starting one pass signature, signing algorithm is

2016/11/30 20:41:33 <10796> Finished writing data to file

o Failed Decrypt (Wrong Key)

o Self-Decrypting Archive (SDA):

• Naming: EFT.log, EFT.log.1, EFT.log.2…EFT.log.5 (Default)

• Size: 20MB (Default)

• Time Format: MM-DD-YY 24HH:MM:SS,MS Local Time

• Controlling/modifying: Logging is controlled by the logging.cfg file.

• Takes effect immediately. No service or site restart required.

• Primary EFT log location is controlled via the following line:

• The AppDataPath is an item found in the registry:

• Max Size of the file can be controlled by the following line

Logging Items and Examples:

• Administrator Logs General Administrator info

o Creating a new admin account:

o Administrator.Permissions Displays changes to the permissions on user folders in VFS.

o AdvancedProperties Logs registry overrides or settings in place.

o Starting the database:

o Writing to the database:

0 threads waited over 1000 milliseconds

o AuthManager Shows information about a user’s authentication.

o Backup Logs information pertaining to the backup process

DEBUG Backup <Backup metadata DB> - Adding metadata database to backup

• CFG Shows read/write actions taken on FTP.cfg

o CFG.Write <> - Saving settings task started.

o CFG.Write <> - Saving settings to C:\ProgramData\Globalscape\EFT Server Enterprise\FTP.cfg

• ClientManager Very little information is logged here.

• ClientTransfers Very little information is logged here.

• Common General log that records a number of items

o General User connection

o Hitting limit of 3 logins per User (User level):

o Hitting limit for max number of socket connections (Site):

o Failure due to MaxConnections per User (Site)

o Failure due to Max number of Logins (doesn’t log anything specific)(Site)

• DMZSupport Logs information about DMZ server connections.

o Events.AS2, Events.Client, Events.Conn, Events.FolderMonitor, Events.FS, Events.Server,

2016-10-08 08:58:42; ftp; localhost; 21; a; C:\temp2\.; /; list; 226;

2016-10-08 08:59:17; https; localhost; 443; a; C:\Temp3\.; /; list; 0;