Javascript must be enabled to download our products and perform other essential functions on the website.

ionicons-v5-m
ionicons-v5-j
Buy Now Download Free Trial
ionicons-v5-m
ionicons-v5-f

How to Extract Data from PA File Sight

Data for PA File Sight is stored in a database, and some customers want to access that data for additional uses. This is fairly easy to do. Reading data is fine. We recommend NOT writing to the databases.

SQLite or MS SSQL?

Before you go much further, you need to know if you are using the embedded SQLite databases, or a MS SQL Server database. This can be seen in the Database Settings dialog. Your application will either use the same or a similar connection string to connect to the MS SQL Server database, or one of the many available connectors for the SQLite databases.

File Access Records

The File Access Records are stored in a few key tables:

Table NameContains
FileSightFileTrackerThe main table that lists file activity monitored by the File Sight monitor. IDs in this table will refer to the FileSightComputers (ServerCompID column), FileSightUsers, FileSightSourceComputerIPs (FileAccessorIPID column), FileSightComputers (FileHostCompSrcID and FileAccessorCompSrcID columns) and other tables.

ServerCompID will be 0 for data returned from an Endpoint.

The Operation field will be one of these values:
  • 1 = File Created
  • 2 = File Written To
  • 3 = File Read From
  • 4 = File Deleted
  • 5 = File Renamed
  • 6 = File Moved
  • 7 = File SACL Changed
  • 8 = File DACL Changed
  • 9 = File Owner Changed
  • 10 = File Group Changed
FSRCBlockedThis table lists activities that were blocked/alerted on by the Trusted Application Monitors, and any rules that were running on end-user computers that are using the File Sight Endpoint.
FSRCWarningsThis table lists warnings from the Trusted Application Monitors. These are mostly performance and configuration related.
ionicons-v5-h

SQLite Locking: When doing reads or writes to an SQLite database, the entire database file is locked for everyone. So make sure your queries run as quickly as possible so the database locking doesn't affect the monitoring process.

PA File Sight

Help Map