Privacy
- Details of Allowing / Disallowing Collection of Personal data on a License Level
- FileWave Server Analytics Reporting
- Deleting Old FileWave Client or Server Log Data
Details of Allowing / Disallowing Collection of Personal data on a License Level
Collection of Personal Data
I want to disable the collection of personal data at the FileWave license level. This will ensure that the FileWave client can never collect this data, as the option to do so will not be present in the Client Preferences.
Environment
FileWave Server and Client
Changing Data Collection
By default, FileWave collects personally identifiable data and stores that in inventory.
The collection of this data can be disabled globally via your FileWave license. To make this change, and if you are a customer located in North America, please email the FileWave Business Office, usadmin@filewave.com or call 1-888-345-3928, Option 3. If you are located in Europe, please email admin@filewave.com or call +41 (0) 71-914-30-80.
When data collection is disabled, the following data is not captured, processed, sent to, or stored inside FileWave inventory:
-
geolocation data (the device's last determined location in latitude, longitude format)
-
application usage data (how long / often / when has an application been opened / used / closed)
-
login data (who logged onto a client machine and when)
When disabling personal data collection, the last submitted geolocation data set is preserved. To remove it, please contact FileWave support. All other data types (login data and application usage data) are erased from the database as soon as the clients become aware of the new configuration and check in with the inventory server.
FileWave Server Analytics Reporting
With FileWave 13.1, server utilization aggregated analytics are sent to FileWave automatically to collect information on Licensing/Version of FileWave, Location Information (of the server), Numbers and Types of enrolled devices, Server Configuration information, and information on the Types and number of Filesets. This information is being gathered in an effort to help FileWave prioritize our future feature development and to better support our customers' working environments.
Here are some frequently asked questions about this Analytics collection:
Q. Is there any personally identifiable information being collected?
A. No, there is no personal information of any kind gathered
Q. How frequently does the server report this information?
A. The server reports the information only once per day, or on server restart.
Q. How big is the data transfer?
A. The data transfer is very small as it is primarily summary information and will be 1k (JSON) and under.
Q. What address and port are used for communication?
A. FileWave Analytics reporting travels outbound on port 443 to logstash.filewave.com.
Q. Can I see an example of the data and data definitions?
A. Yes, please see below:
Example
This is an example of the data reported by analytics:
{
"license_info": {
"activation_code": "34876786629e4276bf484a2dc8501ad3",
"company_name": "FileWave (Europe) GmbH",
"desktop_clients": {
"existing": 342,
"licenses": 1000,
"license_usage_percentage": 34.2
},
"mobile_clients": {
"existing": 1645,
"licenses": 5000,
"license_usage_percentage": 32.9
},
"chromebook_clients": {
"existing": 3,
"licenses": 20,
"license_usage_percentage": 15.0
}
},
"hostname": "victorf.filewave.ch",
"machine_fingerprint": "39ce7228a04f94eab57efbab042554cc66eded68",
"enrolled_devices": {
"OSX": 300,
"WIN": 42,
"IOS": 1645,
"LIN": 0,
"AND": 0,
"CHR": 3,
"TOS": 0
},
"active_devices": {
"OSX": 296,
"WIN": 41,
"IOS": 1476,
"LIN": 0,
"AND": 0,
"CHR": 0,
"TOS": 0
},
"placeholders": {
"OSX": 26,
"WIN": 0,
"IOS": 0,
"LIN": 0,
"AND": 0,
"CHR": 0,
"TOS": 0,
"unknown": 15
},
"mdm_enrolled_macs": 258,
"filesets": {
"app": 75,
"profile": 35,
"legacy_policy": 0,
"itunes_app": 21,
"ios_enterprise_app": 3,
"android_package": 0,
"ios_hosted_media": 1,
"osx_image": 0,
"win_image": 0,
"win_driver_image": 0,
"win_master_image": 0,
"ios_update": 6,
"policy": 0,
"google_policy_fragment": 0,
"play_store_fileset": 0
},
"server_version": "13.1.0",
"server_build": "0d367c15f2",
"server_os_type": "OSX",
"server_os_version": "10.14.4",
"is_ucs_installation": false,
"disk_space_in_megabytes": {
"total": 1000346,
"used": 868800,
"free": 125402
},
"boosters": [
{
"version": "13.1.0",
"build": "0d367c15f2",
"os_platform": "LIN",
"os_version": "3.10.0",
"active": true
},
{
"version": "13.1.0",
"build": "0d367c15f2",
"os_platform": "LIN",
"os_version": "3.10.0",
"active": true
}
],
"engage_configured": false,
"classroom": {
"enabled": false,
"image_service_enabled": null
},
"sis_source": null,
"imaging_ivs_count": 0,
"imaging_associations": 0,
"fileset_groups": 28,
"fileset_associations": 12,
"fileset_groups_associations": 81,
"clone_groups": 0,
"clone_groups_associations": 0,
"model_updates": 2,
"server_restarts": 1,
"server_ssl_certificate_type": "root_trusted",
"client_versions": {
"13.1.0": 312,
"13.0.2": 20,
"12.9.0": 7,
"12.8.0": 3
},
"logging_level": {
"fwxserver": 10,
"filewave_in_debug": false,
"fwone_in_debug": false
},
"webui_api_usage": {
"requests": 6,
"fileset_reinstalls": 0
},
"engage_api_usage": {
"requests": 4,
"/engage/gcm_project_number": 3,
"/engage/profiles": 1
}
}
Field description
The following fields are reported by each customer's server instance:
Field | Description | Subfields | Example value |
license_info | Information about the license | * activation_code: Activation code used by the customer * company_name: Name of the organization * desktop_clients: Information about desktop client licenses * mobile_clients: Information about mobile client licenses * chromebook_clients: Information about Chromebook client licenses All subfields related to client licenses have the same information: * existing: Number of clients of this type in FileWave * licenses: Maximum number of clients allowed by the license * license_usage_percentage: Percentage of used client licenses, e.g. if all client licenses of this type are used then the value is 100. For example, if there are 4 clients and the license allows 10 clients, then the license_usage_percentage would be 40.0 (40%). |
|
hostname | Hostname of the server | - | "filewave.acme.com" |
machine_fingerprint | Unique identifier of the server | - | "39ce7228a04f94eab57efbab042554cc66eded68" |
enrolled_devices | Number of devices enrolled, grouped by operating system type. In the example on the right side, there are 300 macOS, 42 Windows, 1645 iOS and 3 ChromeOS devices. |
One subfield for each operating system type. Consult the list of operating systems below. |
|
active_devices | Number of devices that have checked-in at least once in the last 30 days, grouped by operating system type. | (see above) | (see above) |
placeholders | Number of placeholders, grouped by operating system type. | One subfield for each operating system type. Placeholders where the operating system is unknown are in the "unknown" field. |
|
mdm_enrolled_macs | Number of MDM-enrolled macOS devices. | - | 258 |
filesets | Number of filesets, grouped by fileset type. | One subfield for each fileset type. Consult the list of filesettypes below. |
|
server_version | FileWave server version | - | "13.1.0" |
server_build | FileWave server build number (corresponds to the git commit hash) | - | "0d367c15f2" |
server_os_type | Operating system under which the server is running (see list of operating systems below) | - | "OSX" |
server_os_version | Version of the operating system | - | "10.14.4" |
is_ucs_installation | Whether FileWave is installed under UCS or not (boolean) | - | false |
disk_space_in_megabytes | Disk space in the server, measured in megabytes | * total: Total disk space on the main partition * used: Used disk space on the main partition * free: Free disk space on the main partition |
|
boosters | List of all Boosters associated to this server, with one JSON object for each booster. For example, if a customer has 7 Boosters, the list will contain 7 items. |
For each Booster, the following subfields are reported: * version: Booster version * build: Booster build * os_platform: Operating system where the Booster is running (see the list of operating systems below) * os_version: Version of the operating system * active: Whether the booster has checked-in at least once in the last 10 minutes. |
|
engage_configured | Whether an Engage appliance is configured on the server (boolean) | - | false |
classroom | Information about Apple Classroom settings | * enabled: Whether Apple Classroom is enabled or not (boolean) * image_service_enabled: Whether a custom image URL is being used (boolean). If Classroom is disabled, this will be null. |
|
sis_source | Configured SIS source. Possible values are: * null: No SIS source is configured, or a CSV is used. * "asm": Apple School Manager * "clever": Clever |
- | "asm" |
imaging_ivs_count | Number of configured Imaging Virtual Servers | - | 1 |
imaging_associations | Number of Imaging associations | - | 7 |
fileset_groups | Total number of fileset groups (regardless of hierarchy) | - | 28 |
fileset_associations | Number of associations between any type of device and filesets (excluding fileset groups) | - | 12 |
fileset_groups_associations | Number of associations between any type of device and fileset groups | - | 81 |
clone_groups | Number of group clones | - | 0 |
clone_groups_associations | Number of associations between group clones and filesets/fileset groups | - | 0 |
model_updates | Number of model updates performed within the last 24 hours | - | 2 |
server_restarts | Number of times the server was restarted within the last 24 hours | - | 1 |
server_ssl_certificate_trusted | Status of the MDM server certificate. Possible values: * "root_trusted": The certificate is signed by a trusted CA. * "self_signed": the certificate is self-signed. * null: Certificate not found/error |
- | "root_trusted" |
client_versions | Number of desktop clients grouped by the version of fwcld they are running | One subfield for each FileWave version. |
|
logging_level | Configured log level. This field was requested by support to find out whether they forgot to disable debug log level on some customer. |
* fwxserver: Log level configured for fwxserver in server.lvl * filewave_in_debug: Whether DEBUG = True is defined for MDM * fwone_in_debug: Whether DEBUG = True is defined for the web backend. Note: This will disappear in 13.2. |
|
webui_api_usage | Information about API usage of the web UI in the last 24 hours. This information is extracted from the Apache access.log. |
* requests: Total number of requests to the web backend * fileset_reinstalled: Number of times a fileset reinstallation was triggered from the web UI. |
|
engage_api_usage | Information about Engage API usage in the last 24 hours. This information is extracted from the Apache access.log. |
* requests: Total number of requests related to Engage API endpoints Besides the subfield above, there is one subfield for each API endpoint containing the number of requests to that endpoint. |
|
These additional fields are added by our cloud (logstash):
Field | Description | Subfields | Example value |
@timestamp |
Date/time when the event was sent | - |
|
geoip | GeoIP information, computed based on the public IP address of the server | Some of the subfield names are obvious, so please check the example value. * longitude: Longitude in degrees. Positive values are in the eastern hemisphere. Negative values are in the western hemisphere. * latitude: Latitude in degrees. Positive values are in the northern hemisphere. Negative values are in the southern hemisphere. * ip: public IP address of the customer's server instance |
|
is_dev | Whether the license is a developer license or a regular license. Possible values: * 0: regular license * 1: developer license |
- | 1 |
List of operating systems
Key | Operating system |
OSX | macOS |
WIN | Windows |
IOS | iOS |
LIN | Linux |
AND | Android |
CHR | ChromeOS |
TOS | tvOS (for Apple TVs) |
List of fileset types
Key | Fileset type |
app | Regular desktop fileset |
profile | Apple profile |
legacy_policy | Legacy policy (deprecated) |
itunes_app | iTunes app |
ios_enterprise_app | iOS enterprise app |
android_package | Android APK |
ios_hosted_media | iOS media |
osx_image | macOS image (Imaging) |
win_image | Windows image (Imaging) |
win_driver_image | Windows driver image (Imaging) |
win_master_image | Windows master image (Imaging) |
ios_update | iOS operating system update |
policy | FileWave policy fileset |
google_policy_fragment | Google Policy Fragment |
play_store_fileset | Google Play Store app |
Deleting Old FileWave Client or Server Log Data
Description
FileWave stores many different types of logs. Many of these logs are designed to roll over, either to new files or by removing older entries. In the majority case, FileWave logs do not store data with GDPR concern, however it is possible that files could be populated with such information, some depending upon use.
Although many log files do roll over, it is possible that log files may become very large. Since this can be possible and GDPR could be of concern, it may be desirable to remove older log data.
The following provision is designed to remove all log data older than a defined period in days.
Information
The scripts provided will archive the current log files into a locally stored zip file. On completion the active log files will be emptied. This will occur on a regular basis as defined by a variable. On each subsequent execution, a new zip of the current logs will be created and the old zip will be removed.
Log duration should not be too short. When the logs are archived and the active logs emptied, the archive is the only backup of those original logs. Since only the latest zip is kept, all old log entries (as intended) will no longer be available.
The zip file could be copied to a more secure location for a greater amount of history. Consider doing this will the same frequency as the amount of days being kept.
If the chosen amount of time is 10 days, this will provide up to a maximum of 19 to 20 days worth of logs. 10 days within the zip and the next 9 to 10 days of active logs before the script re-runs.
Directions
FileWave Server
By default, the following script will run in a 'Dry Run' mode, only showing the files that would be zipped. No files will actually be zipped and the original files will remain untouched.
Download: server_log_archiver.sh.zip
The script has the following flags:
Usage
Optional:
-d Integer specifying the amount of log days to keep (default 10 days)]
-c [Add the script to cron]
-a [Action the script. Dry run if this option is not specified. Dry run will echo only]
Options
'-d'
If this option is not supplied, the amount of days to keep will be set as 10. Use this option to specify an alternative amount of days to keep. For example, to set this as 7 days:
sudo ./server_log_archiver.sh -a -d 7
'-a'
This option will overrule the Dry Run mode and all files will be zipped and all defined, active logs emptied.
'-c'
This option will add the script to the cronjobs list. There is no need to specify '-a' when using this option, this will automatically occur. However, '-d' may still be used to specify the desired amount of days to keep. Place the script at a desirable location and then run the script with this option.
For example, to add this as a cronjob, specifying 14 days and with the script located in /root/ the following would be entered.:
sudo /root/server_log_archiver.sh -d 14 -c
The zipped archive 'filewave_logs.zip' will be stored in the following directory:
/private/var/log/fwxserver_log_archive/
If this script is used on a FileWave Server and FileWave team members request logs, it may be necessary to provide the zip along with any requested log files, for completeness.
macOS Client
The macOS Script potentially handles both the FileWave Client logs and FileWave Central logs.
Download: client_log_archiver.sh.zip
By default, the following script will run in a 'Dry Run' mode, only showing the files that would be zipped. No files will actually be zipped and the original files will remain untouched. The script has the following flags:
Usage
Files included for archive will be not only zipped, but original files will be emptied.
Optional:
-a [Action the script. Action a dry run if this option is not specified. Dry run will echo only]
-d [Integer specifying the amount of log days to keep (default 10 days)]
-e [Start from the beginning. The zip will be erased and the script will run as if first ran]
-f [Archive Fileset logs from client as well as generic FileWave Client logs. -g is uneccessary when running this option]
-g [Archive generic FileWave Client logs (not including Fileset logs). Fileset logs will remain as is.]
-r [Rerun the script, but keep zip archive. Current zip will be presevered and only additional logs included from the above options will be added to the archive if not already zipped]
-s [Archive FileWave Central logs from computer]
-x [This options will zip all client logs (same as running -f) and also action the script]
Options
'-a'
This option will overrule the Dry Run mode and all files will be zipped and all defined, active logs emptied.
'-d'
If this option is not supplied, the amount of days to keep will be set as 10. Use this option to specify an alternate amount of days to keep. For example, to set this as 7 days:
sudo ./client_log_archiver.sh -a -d 7
'-e'
This option will remove the current zip and act as if this is the first time the script ran. If this option is not set, any re-running of the script will add or update the current contents of the zip.
If the script is ran again, shortly after running the script initially, the archive will only contain a minimum amount of data, since the last zip of logs.
'-r'
It may be desirable to re-run the script to add logs not previously included, whilst preserving the current zip. The '-r' option allows for just that situation.
'-x'
Running '-x' is the same as setting both '-a' and '-f' simultaneously.
The next options determine which logs are archived. '-f' and '-g' should not be used at the same time, since '-f' will overrule '-g'.
'-f'
Zip and replace all FileWave Client Logs. This will include all generated log files from Filesets, e.g. script logs.
'-g'
The '-g' option zips and replaces all FileWave Client Logs, excluding Fileset logs. Since Fileset scripts are written by the administrator of FileWave, the contents of those scripts can be controlled and contents known. As such, it may be desirable to keep these logs.
'-s'
This last option will zip and replace any logs generated by the FileWave Central application. This option need only be set on computers which run this application.
Examples
To archive only FileWave Central logs:
sudo ./client_log_archiver.sh -a -s
Zip FileWave Client, excluding Fileset logs:
sudo ./client_log_archiver.sh -a -g
If after running the above command the following were to be actioned, the zip would be updated to include Fileset logs, but the other, already zipped Client logs would be left as is:
sudo ./client_log_archiver.sh -a -r -f
Fileset Contents
The script needs to run with the client stopped. As such, the script cannot be ran through FileWave. Instead, the Fileset includes a LaunchDaemon to handle the periodic running of the script, as well as the script itself.
If this script is used on FileWave Clients and FileWave team members request logs, it may be necessary to provide the zip along with any requested log files, for completeness.