Exporter for Secure File Transfer Protocol (SFTP) server

This documentation references external sources. Nexthink does not have control over the accuracy of third-party documentation, nor any external updates or changes that might create inconsistencies with the information presented on this page. Please report any errors or inconsistencies to Nexthink Support.

Data Export allows you to export Nexthink data insights to an SFTP server using comma-separated CSV files and in UTF-8 format.

Configure the SFTP server to store data and create a Data Export in the Nexthink web interface to distribute it.

Prerequisites

You must set up an SFTP server to obtain credentials. If you already configured an SFTP server, jump to the Configuring (SFTP) connector credentials section on this page.

Follow the steps below to create an SFTP server in Azure, which is only one of multiple providers:

The SFTP data exporter can be configured to work with any other SFTP server available.

Creating a storage account in the Microsoft Azure portal (Optional)

Create a file system using the general purpose v2 storage account in the Azure portal (not a data lake storage gen1):

In the Azure portal menu, select All services.
In the list of resources, type Storage Accounts.
Select Storage Accounts.
Select Add in the Storage Accounts window.
Select the subscription for which you want to create the storage account.
Select Create new under the Resource group field. Enter the name of your new resource group. If a resource group already exists, select it from the drop-down list.

Exporterfor(SFTP)server-CreateStorageSFTP.png

Enter the name of your storage account. The name must be unique across the Azure portal and between 3 and 24 characters in length. It should include numbers and lowercase letters only.
Select a location for your storage account or use the default location.
Fill in the information for the rest of the tabs, Advanced, Networking, Data Protection, Encryption and Tags.
Select Review + Create to review your storage account settings and create the account.

Creating an eAzure DL container within a storage account (Optional)

Locate your newly created storage account under Storage accounts.
Select the storage account you want to use.
You need to create a new container.
Select Containers, add a new container and enter a meaningful name for it, for example, openbridge-sftp.
Make sure access is set to Private (no anonymous access).
Click on Create.

Obtaining SFTP credentials (Optional)

Under Settings, select the SFTP option in the menu on the left.

Add a local user.
In the Username + Authentication tab, insert the username and select the password authentication method.

In the Container permissions tab, select the container defined in Step 2, then grant permissions to access the container and insert the root directory. The root directory must exist in advance.

The Home (landing) directory must be a string with the pattern container_name/folder, otherwise the system won’t configure it properly. The system cannot locate the landing directory in the container’s root, only in a folder that exists in the root.

Copy the password that the system has generated once you have created the user.
Once you configure the user, save the following values to configure the connector credentials in the Nexthink web interface:
- Username
- Connection string
- SSH password

Configuring SFTP connector credentials in Nexthink

Configure the credentials to access the SFTP server from the Nexthink web interface:

Select Administration from the main menu.
Select Connector credentials located under Integrations in the navigation panel.

Click on the New credential button located in the top-right corner of the Connector credentials page.
Enter a unique Name.
Select Secure File Transfer Protocol (SFTP) as Protocol to reveal additional form elements.
Hostname: sftp://<connection string>:<port> from Step 3.
SFTP server fingerprint: execute the command ssh-keyscan <sftp_server>.blob.core.windows.net in the command line interface and copy the entire string starting with ecdsa-

You can also use the string starting with ssh-rsa if the previous is not available:

Authorization: BASIC
Username: <username> from Step 3.
Password: <ssh password> from Step 3.
Click Save.

Refer to the Connector credentials documentation for more information.

Creating an SFTP data exporter in Nexthink

Configure the outbound connector to export data to the SFTP server:

Select Administration from the main menu.
Click on Outbound connectors from the Integrations section of the navigation panel.
Select Data Exporter from the table.
Click on the New exporter button located at the top right of the page.

General tab

Name: enter a meaningful name for the data exporter.
Description: enter a meaningful description of the goal of the data exporter.
Active: switch on the toggle to enable the exporter.
Credentials: define credentials from the third-party tool that the data exporter sends the data to. Refer to Connector credentials for more information.
Maximum file size: define the maximum file size generated by Data Export. If the data set from a specific NQL query is larger than the specified file size, it splits it into several separate files.

Data tab

Scheduling frequency: define how often the system executes the NQL query and exports data. The available options are:
- Hourly: The system triggers the data export data based on the value selected in the drop-down menu. For instance, every 1h, 2h, 3h, 4h, 6h or 12h.
- Daily: The system triggers the data export every day at 00:00 of the timezone where the Nexthink cloud instance is located.
- Weekly: The system triggers the data export weekly, on the selected day at 00:00 of the timezone where the Nexthink cloud instance is located.
Regardless of the chosen frequency, the execution of the data exporter might be delayed to ensure data completeness. This guarantees no data is missing at the time of the export process.

You must select a value for the Recurrence option because the system does not generate a default value and currently cannot prompt you that the value is missing during the validation process.

NQL query: Enter the NQL query to generate the data you wish to export to the destination.
Directory (optional): Define the directory within the container credentials from the third-party tool that the data is exported to. If the directory doesn’t exist, the system will automatically create it.
File name: Enter the filename created in the destination. Underscore is the only special character supported, for example: CMDB_importer_devices.

Testing the SFTP data exporter

Click the Tests load up to 20 records button to validate the connection before saving the configuration.

If the NQL query and the connection are valid, a message appears indicating that the query results has been successfully delivered.
If the NQL query or the connection is invalid, a message appears informing about the error details.

Refer to the Managing data exporters documentation to learn more about data exporters creation, editing, deleting and disabling.

NQL examples for SFTP data exporters

List of packages

CODE

package.packages 
| list name, publisher , version

List users that are not Local

CODE

users
| where name !in ["*Local*"]

List of users that have connected to a device

CODE

session.connects during past 7d
| where hardware.type == laptop or hardware.type == desktop
| summarize c1 = count() by device.name , user.name , user.ad.full_name
| list device.name , user.name , user.ad.full_name

List of laptop and desktop workstations

CODE

devices
| where hardware.machine_serial_number != "" and (hardware.type == laptop or hardware.type == desktop)
| include cpus
| compute num_of_cores = number_of_cores.count() , number_of_cpus = count(), freq = frequency.sum()
| include disks
| compute disk_capacity = capacity.sum()
| list group_name, last_seen, first_seen, entity, hardware.manufacturer, hardware.model , operating_system.architecture , hardware.machine_serial_number , name, hardware.memory, num_of_cores , number_of_cpus , freq ,disk_capacity, operating_system.name , operating_system.build

List of packages installed on a specific device

CODE

package.installed_packages
| summarize c1=count() by package.name, package.version , device.name
| list package.name, package.version , device.name

Troubleshooting Guide

Wrong credentials

There are many mechanisms to check whether the SFTP credentials are working:

Windows: Refer to Test sftp Connection from Windows and Linux article (external link).
Linux: Execute this command in the terminal sftp -P 22 <username>@<connection_string>
For SFTP clients such as FileZilla or WinSCP: Configure a new connector with the credentials defined in the documentation and check whether the system can establish a connection.

Error exporting the data

Check with the Nexthink support team.

F.A.Q.

Can I use the ssh-rsa as an SFTP server fingerprint?

Yes, but it depends on the SFTP server configuration. If it has several protocols available, you should choose the most secure one, otherwise, the system may throw errors when connecting.

Can I specify the name of the file to be exported?

Yes, the exported content is within a file with the following naming convention: ${file_name}_X_yyyymmdd-hhmmss.csv where X represents the number of the file and yyyymmdd-hhmmss the timestamp.

When executing Tests load up to 20 records, the exported content is within a file with the naming convention: Test_X_yyyymmdd-hhmmss.csv