How to deliver audit snapshots over FTP

Introduced in 8.7, Windows audit only

Overview

Starting with Alloy Audit Tools version 7.0, the Windows Inventory Analyzer is able to transfer audit snapshots over FTP. With this method, you can regularly audit offsite computers and remote networks that have no direct connection to the local network.

Although the FTP delivery method requires Alloy Discovery or Alloy Navigator Express version 8.6 or later, you can use it in Alloy Discovey Express 8 as well. This article explains how to do it.

FTP server

First of all, you need to have an FTP server installed and configured. Data and other communications from the client should reach the FTP server. So, make sure you allow the outgoing data and other communications from the client to go to the FTP server. You can use FTP protocol of your choice: FTP, FTPS, or SFTP.

Configuring Alloy Discovey Express

First, you will need to configure the Windows Inventory Analyzer to transfer audit results via e-mail, and then edit its configuration file, replacing e-mail configuration settings with FTP settings. This approach will help you easily encrypt your FTP password for the FTP server authentication so that only the Inventory Analyzer can read it.

After you have created the Inventory Analyzer package, you will need to perform the next two steps: deploying the package to the target network and automating the audit for producing snapshots on a regular basis.

Once the audit is set up, you will need to feed audit results to Alloy Discovey Express. Set up mirroring of audit snapshots from the FTP site to a network folder that Alloy Discovey Express can access, and configure Alloy Discovey Express to check that network folder for audit data.

Follow the steps below for detailed instructions.

To configure Alloy Discovey Express to transfer audit snapshots over FTP:

  1. In Alloy Discovey Express, make sure you have completed the audit settings as needed (select Audit > Audit Settings from the main menu and complete the Audit Configuration tab). The Inventory Analyzer will use those settings to run the audit.

  2. In Alloy Discovey Express, build the Inventory Analyzer package as follows:
    1. Create a new audit group using the Automated audit via e-mail method.

    2. On the Outgoing Mail Server page, select Server Requires Authentication check box.

    3. Enter the username and password that you use for the FTP server authentication.

      IMPORTANT: The encrypted password will be stored in the SmtpPassword field within the configuration file. You will need this value for specifying the FtpPassword in Step 3.

    4. Enter other settings required to create the group.

    5. Make sure to keep the Build Inventory Analyzer package(s) when finished check box selected and click Finish. The Portable Audit wizard starts.

    6. Complete the Portable Audit Wizard to create the Inventory Analyzer package for Windows audit.

      TIP: You will not be needing that audit group anymore, so you can delete it now.

  3. Go to the output folder you have specified for the Inventory Analyzer package and locate the configuration file for the Windows Inventory Analyzer. The file name is ina32.cfg.

    Open the ina32.cfg file with a text editor (for example, Microsoft Notepad), add the [FTP] section and configure the following FTP parameters:

    FtpType=[ServerType]

    The type for the server: SFTP or FTP.

    FtpServer=[ServerName]

    The FTP server name.

    FtpPort=[PortNumber]

    If this option is not specified, the default port number '22' is used for secure connection via SFTP. For non-secure connection via FTP, the default port number is 21. For secure connection via FTP, the default port number is 990.

    FtpDirectory=[Path]

    The path to the folder used for storing audit snapshots.

    FtpUser=[UserName]

    The user ID for authorization on the FTP server.

    IMPORTANT: Use the name from the SmtpUser field of the [EMail] section.

    FtpPassword=[Password]

    The password for authorization on the FTP server.

    IMPORTANT: Use the encrypted password from the SmtpPassword field of the [EMail] section.

    UseSSL=[NO|SSL]

    Enables FTP over SSL support.

    Valid values:

    • NO - This establishes an insecure (plain text) connection.
    • SSL - The server will attempt to establish a secure connection. If the FTP server does not support SSL, a connection is not established.

    PassiveMode=1

    Enables passive mode.

    For example:

    	[FTP]
    	FtpType=FTP
    	FtpServer=SERVER1
    	FtpPort=21
    	FtpDirectory=/home/user/AUDITDATA
    	FtpUser=user1
    	FtpPassword=enc300D5CC82524DBEAD1C1BED3D4FE10F426G
    	PassiveMode=1
    	UseSSL=NO

    IMPORTANT: After specifying FTP parameters, make sure to delete the [EMail] section from the ina32.cfg file.

  4. Deploy the Inventory Analyzer package to the remote network:
    1. On the remote site, create a network folder on the dedicated file server.

      This network folder will serve as an intermediary repository, and it must have both the Modify permission and the Change Permissions special permission assigned for your account. Share this folder and grant the Full Control share permission to the Everyone group for this network share.

    2. Set the minimally necessary permissions for the network folder. These minimally necessary permissions are used for the audit method to create the most secure environment for the network share and audit snapshot files stored there.

      INFO: For details, see Alloy Discovery Enterprise Administration Guide: Minimally Necessary Permissions.

    3. Deploy the Inventory Analyzer Package to the remote network, and automate the audit using domain logon scripts or scheduled tasks.

      INFO: For details, see Alloy Discovery Enterprise Administration Guide: Automating the Network Folder Audit.

  5. Set up mirroring of audit snapshots from the FTP site to a network folder that Alloy Discovey Express can access. Audit data must be copied to the AuditData subfolder under that network folder.

  6. In Alloy Discovey Express, create a Scriptable Audit Group and configure it to check that network folder for audit snapshots.

Related Information