Privacy

Details of Allowing / Disallowing Collection of Personal data on a License Level

Collection of Personal Data

I want to disable the collection of personal data at the FileWave license level. This will ensure that the FileWave client can never collect this data, as the option to do so will not be present in the Client Preferences.

Environment

FileWave Server and Client

Changing Data Collection

By default, FileWave collects personally identifiable data and stores that in inventory. 
The collection of this data can be disabled globally via your FileWave license. To make this change, and if you are a customer located in North America, please email the FileWave Business Office, usadmin@filewave.com  or call 1-888-345-3928, Option 3. If you are located in Europe, please email admin@filewave.com  or call  +41 (0) 71-914-30-80.

When data collection is disabled, the following data is not captured, processed, sent to, or stored inside FileWave inventory:

When disabling personal data collection, the last submitted geolocation data set is preserved. To remove it, please contact FileWave support. All other data types (login data and application usage data) are erased from the database as soon as the clients become aware of the new configuration and check in with the inventory server.

FileWave Server Analytics Reporting

With FileWave 13.1, server utilization aggregated analytics are sent to FileWave automatically to collect information on Licensing/Version of FileWave, Location Information (of the server), Numbers and Types of enrolled devices, Server Configuration information, and information on the Types and number of Filesets.  This information is being gathered in an effort to help FileWave prioritize our future feature development and to better support our customers' working environments.

Here are some frequently asked questions about this Analytics collection:

Q. Is there any personally identifiable information being collected?
A. No, there is no personal information of any kind gathered

Q. How frequently does the server report this information?
A.  The server reports the information only once per day, or on server restart.

Q. How big is the data transfer?
A.  The data transfer is very small as it is primarily summary information and will be 1k (JSON) and under.

Q. What address and port are used for communication?
A. FileWave Analytics reporting travels outbound on port 443 to logstash.filewave.com.

Q. Can I see an example of the data and data definitions?
A. Yes, please see below:

Example

This is an example of the data reported by analytics:

{
    "license_info": {
        "activation_code": "34876786629e4276bf484a2dc8501ad3",
        "company_name": "FileWave (Europe) GmbH",
        "desktop_clients": {
            "existing": 342,
            "licenses": 1000,
            "license_usage_percentage": 34.2
        },
        "mobile_clients": {
            "existing": 1645,
            "licenses": 5000,
            "license_usage_percentage": 32.9
        },
        "chromebook_clients": {
            "existing": 3,
            "licenses": 20,
            "license_usage_percentage": 15.0
        }
    },
    "hostname": "victorf.filewave.ch",
    "machine_fingerprint": "39ce7228a04f94eab57efbab042554cc66eded68",
    "enrolled_devices": {
        "OSX": 300,
        "WIN": 42,
        "IOS": 1645,
        "LIN": 0,
        "AND": 0,
        "CHR": 3,
        "TOS": 0
    },
    "active_devices": {
        "OSX": 296,
        "WIN": 41,
        "IOS": 1476,
        "LIN": 0,
        "AND": 0,
        "CHR": 0,
        "TOS": 0
    },
    "placeholders": {
        "OSX": 26,
        "WIN": 0,
        "IOS": 0,
        "LIN": 0,
        "AND": 0,
        "CHR": 0,
        "TOS": 0,
        "unknown": 15
    },
    "mdm_enrolled_macs": 258,
    "filesets": {
        "app": 75,
        "profile": 35,
        "legacy_policy": 0,
        "itunes_app": 21,
        "ios_enterprise_app": 3,
        "android_package": 0,
        "ios_hosted_media": 1,
        "osx_image": 0,
        "win_image": 0,
        "win_driver_image": 0,
        "win_master_image": 0,
        "ios_update": 6,
        "policy": 0,
        "google_policy_fragment": 0,
        "play_store_fileset": 0
    },
    "server_version": "13.1.0",
    "server_build": "0d367c15f2",
    "server_os_type": "OSX",
    "server_os_version": "10.14.4",
    "is_ucs_installation": false,
    "disk_space_in_megabytes": {
        "total": 1000346,
        "used": 868800,
        "free": 125402
    },
    "boosters": [
        {
            "version": "13.1.0",
            "build": "0d367c15f2",
            "os_platform": "LIN",
            "os_version": "3.10.0",
            "active": true
        },
        {
            "version": "13.1.0",
            "build": "0d367c15f2",
            "os_platform": "LIN",
            "os_version": "3.10.0",
            "active": true
        }
    ],
    "engage_configured": false,
    "classroom": {
        "enabled": false,
        "image_service_enabled": null
    },
    "sis_source": null,
    "imaging_ivs_count": 0,
    "imaging_associations": 0,
    "fileset_groups": 28,
    "fileset_associations": 12,
    "fileset_groups_associations": 81,
    "clone_groups": 0,
    "clone_groups_associations": 0,
    "model_updates": 2,
    "server_restarts": 1,
    "server_ssl_certificate_type": "root_trusted",
    "client_versions": {
        "13.1.0": 312,
        "13.0.2": 20,
        "12.9.0": 7,
        "12.8.0": 3
    },
    "logging_level": {
        "fwxserver": 10,
        "filewave_in_debug": false,
        "fwone_in_debug": false
    },
    "webui_api_usage": {
        "requests": 6,
        "fileset_reinstalls": 0
    },
    "engage_api_usage": {
        "requests": 4,
        "/engage/gcm_project_number": 3,
        "/engage/profiles": 1
    }
}

Field description

The following fields are reported by each customer's server instance:

Field Description Subfields Example value
license_info Information about the license * activation_code: Activation code used by the customer

* company_name: Name of the organization

* desktop_clients: Information about desktop client licenses

* mobile_clients: Information about mobile client licenses

* chromebook_clients: Information about Chromebook client licenses


All subfields related to client licenses have the same information:

* existing: Number of clients of this type in FileWave

* licenses: Maximum number of clients allowed by the license

* license_usage_percentage: Percentage of used client licenses, e.g. if all client licenses of this type are used then the value is 100. For example, if there are 4 clients and the license allows 10 clients, then the license_usage_percentage would be 40.0 (40%).
{
    "activation_code": "34876786629e4276...",
  "company_name": "FileWave (Europe) GmbH",
  "desktop_clients": {
    "existing": 342,
    "licenses": 1000,
    "license_usage_percentage": 34.2
  },
  "mobile_clients": {
    "existing": 1645,
    "licenses": 5000,
    "license_usage_percentage": 32.9
  },
  "chromebook_clients": {
    "existing": 3,
    "licenses": 20,
    "license_usage_percentage": 15.0
  }
}

hostname Hostname of the server - "filewave.acme.com"
machine_fingerprint Unique identifier of the server - "39ce7228a04f94eab57efbab042554cc66eded68"
enrolled_devices Number of devices enrolled, grouped by operating system type.

In the example on the right side, there are 300 macOS, 42 Windows, 1645 iOS and 3 ChromeOS devices.
One subfield for each operating system type.

Consult the list of operating systems below.
{
  "OSX": 300,
  "WIN": 42,
  "IOS": 1645,
  "LIN": 0,
  "AND": 0,
  "CHR": 3,
  "TOS": 0
}

active_devices Number of devices that have checked-in at least once in the last 30 days, grouped by operating system type. (see above) (see above)
placeholders Number of placeholders, grouped by operating system type. One subfield for each operating system type.

Placeholders where the operating system is unknown are in the "unknown" field.
{
  "OSX": 26,
  "WIN": 0,
  "IOS": 0,
  "LIN": 0,
  "AND": 0,
  "CHR": 0,
  "TOS": 0,
  "unknown": 15
}

mdm_enrolled_macs Number of MDM-enrolled macOS devices. - 258
filesets Number of filesets, grouped by fileset type. One subfield for each fileset type.

Consult the list of filesettypes below.
{
  "app": 75,
  "profile": 35,
  "legacy_policy": 0,
  "itunes_app": 21,
  "ios_enterprise_app": 3,
  "android_package": 0,
  "ios_hosted_media": 1,
  "osx_image": 0,
  "win_image": 0,
  "win_driver_image": 0,
  "win_master_image": 0,
  "ios_update": 6,
  "policy": 0,
  "google_policy_fragment": 0,
  "play_store_fileset": 0
}

server_version FileWave server version - "13.1.0"
server_build FileWave server build number (corresponds to the git commit hash) - "0d367c15f2"
server_os_type Operating system under which the server is running (see list of operating systems below) - "OSX"
server_os_version Version of the operating system - "10.14.4"
is_ucs_installation Whether FileWave is installed under UCS or not (boolean) - false
disk_space_in_megabytes Disk space in the server, measured in megabytes * total: Total disk space on the main partition

* used: Used disk space on the main partition

* free: Free disk space on the main partition
{
  "total": 1000346,
  "used": 868800,
  "free": 125402
}

boosters List of all Boosters associated to this server, with one JSON object for each booster.

For example, if a customer has 7 Boosters, the list will contain 7 items.
For each Booster, the following subfields are reported:

* version: Booster version

* build: Booster build

* os_platform: Operating system where the Booster is running (see the list of operating systems below)

* os_version: Version of the operating system

* active: Whether the booster has checked-in at least once in the last 10 minutes.
{
  "version": "13.1.0",
  "build": "0d367c15f2",
  "os_platform": "LIN",
  "os_version": "3.10.0",
  "active": true
}

engage_configured Whether an Engage appliance is configured on the server (boolean) - false
classroom Information about Apple Classroom settings * enabled: Whether Apple Classroom is enabled or not (boolean)

* image_service_enabled: Whether a custom image URL is being used (boolean). If Classroom is disabled, this will be null.
{
  "enabled": false,
  "image_service_enabled": null
}

sis_source Configured SIS source. Possible values are:

* null: No SIS source is configured, or a CSV is used.

* "asm": Apple School Manager

* "clever": Clever
- "asm"
imaging_ivs_count Number of configured Imaging Virtual Servers - 1
imaging_associations Number of Imaging associations - 7
fileset_groups Total number of fileset groups (regardless of hierarchy) - 28
fileset_associations Number of associations between any type of device and filesets (excluding fileset groups) - 12
fileset_groups_associations Number of associations between any type of device and fileset groups - 81
clone_groups Number of group clones - 0
clone_groups_associations Number of associations between group clones and filesets/fileset groups - 0
model_updates Number of model updates performed within the last 24 hours - 2
server_restarts Number of times the server was restarted within the last 24 hours - 1
server_ssl_certificate_trusted Status of the MDM server certificate.

Possible values:

* "root_trusted": The certificate is signed by a trusted CA.

* "self_signed": the certificate is self-signed.

* null: Certificate not found/error
- "root_trusted"
client_versions Number of desktop clients grouped by the version of fwcld they are running One subfield for each FileWave version.
{
  "13.1.0": 312,
  "13.0.2": 20,
  "12.9.0": 7,
  "12.8.0": 3
}
logging_level Configured log level.

This field was requested by support to find out whether they forgot to disable debug log level on some customer.
* fwxserver: Log level configured for fwxserver in server.lvl

* filewave_in_debug: Whether DEBUG = True is defined for MDM

* fwone_in_debug: Whether DEBUG = True is defined for the web backend. Note: This will disappear in 13.2.
{
  "fwxserver": 10,
  "filewave_in_debug": false,
  "fwone_in_debug": false
}
webui_api_usage Information about API usage of the web UI in the last 24 hours.

This information is extracted from the Apache access.log.
* requests: Total number of requests to the web backend

* fileset_reinstalled: Number of times a fileset reinstallation was triggered from the web UI.
{
  "requests": 6,
  "fileset_reinstalls": 0
}
engage_api_usage Information about Engage API usage in the last 24 hours.

This information is extracted from the Apache access.log.
* requests: Total number of requests related to Engage API endpoints


Besides the subfield above, there is one subfield for each API endpoint containing the number of requests to that endpoint.
{
  "requests": 4,
  "/engage/gcm_project_number": 3,
  "/engage/profiles": 1
}

These additional fields are added by our cloud (logstash):

Field Description Subfields Example value
@timestamp Date/time when the event was sent -
"2019-05-02T16:01:06.529Z"

geoip GeoIP information, computed based on the public IP address of the server Some of the subfield names are obvious, so please check the example value.

* longitude: Longitude in degrees. Positive values are in the eastern hemisphere. Negative values are in the western hemisphere.

* latitude: Latitude in degrees. Positive values are in the northern hemisphere. Negative values are in the southern hemisphere.

* ip: public IP address of the customer's server instance
{
  "city_name": "Wil",
  "longitude": 9.1539,
  "region_code": "SG",
  "region_name": "Saint Gallen",
  "continent_code": "EU",
  "postal_code": "9500",
  "timezone": "Europe/Zurich",
  "latitude": 47.2884,
  "country_code3": "CH",
  "country_code2": "CH",
  "location": {
    "lon": 9.1539,
    "lat": 47.2884
  },
  "country_name": "Switzerland",
  "ip": "109.205.200.12"
}

is_dev Whether the license is a developer license or a regular license.

Possible values:

* 0: regular license

* 1: developer license
- 1

List of operating systems

Key Operating system
OSX macOS
WIN Windows
IOS iOS
LIN Linux
AND Android
CHR ChromeOS
TOS tvOS (for Apple TVs)

List of fileset types

Key Fileset type
app Regular desktop fileset
profile Apple profile
legacy_policy Legacy policy (deprecated)
itunes_app iTunes app
ios_enterprise_app iOS enterprise app
android_package Android APK
ios_hosted_media iOS media
osx_image macOS image (Imaging)
win_image Windows image (Imaging)
win_driver_image Windows driver image (Imaging)
win_master_image Windows master image (Imaging)
ios_update iOS operating system update
policy FileWave policy fileset
google_policy_fragment Google Policy Fragment
play_store_fileset Google Play Store app

Deleting Old FileWave Client or Server Log Data

Description

FileWave stores many different types of logs.  Many of these logs are designed to roll over, either to new files or by removing older entries.  In the majority case, FileWave logs do not store data with GDPR concern, however it is possible that files could be populated with such information, some depending upon use.

Although many log files do roll over, it is possible that log files may become very large.  Since this can be possible and GDPR could be of concern, it may be desirable to remove older log data.

The following provision is designed to remove all log data older than a defined period in days.

Information

The scripts provided will archive the current log files into a locally stored zip file.  On completion the active log files will be emptied.  This will occur on a regular basis as defined by a variable.  On each subsequent execution, a new zip of the current logs will be created and the old zip will be removed.

Log duration should not be too short.  When the logs are archived and the active logs emptied, the archive is the only backup of those original logs.  Since only the latest zip is kept, all old log entries (as intended) will no longer be available.

The zip file could be copied to a more secure location for a greater amount of history.  Consider doing this will the same frequency as the amount of days being kept.

If the chosen amount of time is 10 days, this will provide up to a maximum of 19 to 20 days worth of logs.  10 days within the zip and the next 9 to 10 days of active logs before the script re-runs.

Directions

FileWave Server

By default, the following script will run in a 'Dry Run' mode, only showing the files that would be zipped.  No files will actually be zipped and the original files will remain untouched.  

Download: server_log_archiver.sh.zip

The script has the following flags:

Usage
Optional:
 -d Integer specifying the amount of log days to keep (default 10 days)]
 -c [Add the script to cron]
 -a [Action the script.  Dry run if this option is not specified.  Dry run will echo only]

Options

'-d'

If this option is not supplied, the amount of days to keep will be set as 10.  Use this option to specify an alternative amount of days to keep.  For example, to set this as 7 days:

sudo ./server_log_archiver.sh -a -d 7

'-a'

This option will overrule the Dry Run mode and all files will be zipped and all defined, active logs emptied.

'-c'

This option will add the script to the cronjobs list.  There is no need to specify '-a' when using this option, this will automatically occur.  However, '-d' may still be used to specify the desired amount of days to keep.  Place the script at a desirable location and then run the script with this option.

For example, to add this as a cronjob, specifying 14 days and with the script located in /root/ the following would be entered.:

sudo /root/server_log_archiver.sh -d 14 -c

The zipped archive 'filewave_logs.zip' will be stored in the following directory:

/private/var/log/fwxserver_log_archive/

If this script is used on a FileWave Server and FileWave team members request logs, it may be necessary to provide the zip along with any requested log files, for completeness.

macOS Client

The macOS Script potentially handles both the FileWave Client logs and FileWave Central logs.

Download: client_log_archiver.sh.zip

By default, the following script will run in a 'Dry Run' mode, only showing the files that would be zipped.  No files will actually be zipped and the original files will remain untouched.  The script has the following flags:

Usage

Files included for archive will be not only zipped, but original files will be emptied.

Optional:
  -a [Action the script.  Action a dry run if this option is not specified.  Dry run will echo only]
  -d [Integer specifying the amount of log days to keep (default 10 days)]
  -e [Start from the beginning.  The zip will be erased and the script will run as if first ran]
  -f [Archive Fileset logs from client as well as generic FileWave Client logs.  -g is uneccessary when running this option]
  -g [Archive generic FileWave Client logs (not including Fileset logs).  Fileset logs will remain as is.]
  -r [Rerun the script, but keep zip archive.  Current zip will be presevered and only additional logs included from the above options will be added to the archive if not already zipped]
  -s [Archive FileWave Central logs from computer]
  -x [This options will zip all client logs (same as running -f) and also action the script]

Options

'-a'

This option will overrule the Dry Run mode and all files will be zipped and all defined, active logs emptied.

'-d'

If this option is not supplied, the amount of days to keep will be set as 10.  Use this option to specify an alternate amount of days to keep.  For example, to set this as 7 days:

sudo ./client_log_archiver.sh -a -d 7

'-e'

This option will remove the current zip and act as if this is the first time the script ran.  If this option is not set, any re-running of the script will add or update the current contents of the zip.

If the script is ran again, shortly after running the script initially, the archive will only contain a minimum amount of data, since the last zip of logs.

'-r'

It may be desirable to re-run the script to add logs not previously included, whilst preserving the current zip.  The '-r' option allows for just that situation.

'-x'

Running '-x' is the same as setting both '-a' and '-f' simultaneously.

The next options determine which logs are archived.  '-f' and '-g' should not be used at the same time, since '-f' will overrule '-g'.

'-f'

Zip and replace all FileWave Client Logs.  This will include all generated log files from Filesets, e.g. script logs.

'-g'

The '-g' option zips and replaces all FileWave Client Logs, excluding Fileset logs.  Since Fileset scripts are written by the administrator of FileWave, the contents of those scripts can be controlled and contents known.  As such, it may be desirable to keep these logs.

'-s'

This last option will zip and replace any logs generated by the FileWave Central application.  This option need only be set on computers which run this application.

Examples

To archive only FileWave Central logs:

sudo ./client_log_archiver.sh -a -s

Zip FileWave Client, excluding Fileset logs:

sudo ./client_log_archiver.sh -a -g

If after running the above command the following were to be actioned, the zip would be updated to include Fileset logs, but the other, already zipped Client logs would be left as is:

sudo ./client_log_archiver.sh -a -r -f

Fileset Contents

The script needs to run with the client stopped.  As such, the script cannot be ran through FileWave.  Instead, the Fileset includes a LaunchDaemon to handle the periodic running of the script, as well as the script itself.

If this script is used on FileWave Clients and FileWave team members request logs, it may be necessary to provide the zip along with any requested log files, for completeness.

Windows Client (TBA)