- Solutions
-
- File Server: Ransomware Protection
- File Server: File Copy
- File Server: Audit File Access
- File Server: Storage growth reporting
- Licensing/Pricing
- Contact
How to Extract Data from PA File Sight
Data for PA File Sight is stored in a database, and some customers want to access that data for additional uses. This is fairly easy to do. Reading data is fine. We recommend NOT writing to the databases.
SQLite or MS SSQL?
Before you go much further, you need to know if you are using the embedded SQLite databases, or a MS SQL Server database. This can be seen in the Database Settings dialog. Your application will either use the same or a similar connection string to connect to the MS SQL Server database, or one of the many available connectors for the SQLite databases.
File Access Records
The File Access Records are stored in a few key tables:
| Table Name | Contains |
|---|---|
| FileSightFileTracker | The main table that lists file activity monitored by the File Sight monitor. IDs in this table will refer to the FileSightComputers (ServerCompID column), FileSightUsers, FileSightSourceComputerIPs (FileAccessorIPID column), FileSightComputers (FileHostCompSrcID and FileAccessorCompSrcID columns) and other tables.
ServerCompID will be 0 for data returned from an Endpoint. The Operation field will be one of these values:
|
| FSRCBlocked | This table lists activities that were blocked/alerted on by the Trusted Application Monitors, and any rules that were running on end-user computers that are using the File Sight Endpoint. |
| FSRCWarnings | This table lists warnings from the Trusted Application Monitors. These are mostly performance and configuration related. |
SQLite Locking: When doing reads or writes to an SQLite database, the entire database file is locked for everyone. So make sure your queries run as quickly as possible so the database locking doesn't affect the monitoring process.