Transfer an Uploaded file to another Server

While it has been possible to send files using the 'Launch an Executable' Event Rule Action for some time, it requires installing or building your own executable (typically cURL.exe) in order to do so. Furthermore, logging and error messages are often difficult to capture.

With this feature, there is integrated functionality making it easy to send a file and capture any messages directly within Cerberus.

Add the Event Target

To use the new functionality, start by creating a new Event Target and select Transfer File Target. See the ‘Add a New Transfer File Event Target’ screenshot  below

Add the Transfer File Target

Add information describing the server and user in the Transfer File Target panel. Refer to ‘The Transfer File Event Target’ screenshot below

The Transfer File Event Target

• Label Give the target a descriptive label so you know what it's for
• Protocol Select the Protocol you want to use. Currently, we support FTP, FTPS, SFTP, and HTTP/S PUT. Depending on the selected Protocol, certain options are available. For example, when FTP is selected, you can force upgrading to encrypted SSL channels by clicking Require SSL.
• When checked, Verify Remote Certificate will ensure that the host’s certificate and peer chain are valid; this option is available whenever a SSL channel is used, but not for unencrypted FTP or SFTP.
• Server which server to contact
• optional Path where to send the file (if you don't want to place the files in root directory). Simply leave blank if the files will drop into the root directory the user has access to. 
• Username (always required)
• Password (Only required if you are doing 'password' or 'password and public/private key authentication')
• Client Certificate Path/Private Key Path (Only required if you are doing 'public/private key authentication' OR 'password and public/private key' authentication. Unlike other SFTP clients, you will need both a public (Client Certificate) AND a private key. This is different from using a standard client implementation, like WinSCP or Filezilla, where only the private key is required.
  • Public Key (Client Certificate) should be in SSH Public Key Format
  • Private Key should be in PEM format. If the private key is encrypted, check the Needs Key Password setting and enter the password.

Note: It is possible to use both username/password and certificates/public key to provide two-factor authentication.

How to Generate a public/private key pair for SSH SFTP Authentication:

You can use PuTTYgen to create the key pair:

PuTTYgen download and install

PuTTYgen is normally installed as part of the normal PuTTY .msi package installation. There is no need for a separate PuTTYgen download. Download the PuTTY installation package. For detailed installation instructions, see PuTTY installation instructions.

Running PuTTYgen

Go to Windows Start menu → All Programs → PuTTY → PuTTYgen.

Creating a new key pair for authentication

To create a new key pair, select the type of key to generate from the bottom of the screen (using SSH-2 RSA with 2048 bit key size is typical).

Click Generate, and start moving the mouse within the Window. Putty uses mouse movements to collect randomness. The exact way you are going to move your mouse cannot be predicted by an external attacker. You may need to move the mouse for some time, depending on the size of your key. As you move it, the green progress bar should advance.

Once the progress bar becomes full, the actual key generation computation takes place. This may take from several seconds to several minutes. When complete, the public key should appear in the Window. You can now specify a passphrase for the key.

You should save at least the private key by clicking Save private key to <filename>.ppk (You will NOT use this. This is just to have a copy in case you need to recreate your supported public key).

Save the Private Key: Go To 'Conversions' > 'Export OpenSSH key'. Save the private key as <filename>.pem

Save the Private Key: Don't save the public key out of PuttyGen, it saves it in the wrong format. Copy and paste the data manually into a Notepad document, then save the private key as <filename>.pub.
​​

Point the Client Certificate Path field to the .pem key file you created

Point the Private Key Path field to the .pub key file you created

Click the Test button to verify that Cerberus is able to connect to the server and login; it doesn’t actually transfer a file, but it’s a good starting point for verifying that your Target is configured properly.

If you have problems connecting, go to the Log screen in the user interface, enable Debug Mode by clicking on the ‘bug’ icon, and test again. The log will now have detailed information about the connection and may provide some clues (ie. warnings/error messages) as to what changes you need to make to successfully complete the connection.

Create the 'Send A File' Rule

Add the New Rule

Once you can connect to your server, click Update and move on to the 'Event Rules' tab. This example describes a rule that transfers a file in response to an incoming 'File Transfer Event.'

1. Go to the Event Rules page of the Event Manager
2. Click the New button. The Add A New Event Rule dialog will appear.
3. Select the File Transfer Event Rule Type for your new rule. This event type will cause the rule to be triggered whenever a file transfer takes place.
4. Enter a name for your rule in the Rule Name edit box. For example, 'Forward Uploaded File'.
5. Press the Add a New Rule button on the Add A New Rule dialog to save and add the new Event Rule. The event rule will be selected and ready for editing on the Edit Rules page.

Add the Rule Conditions

Select the Match If All Filters Match mode. Selecting this option means that this rule will only be triggered whenever the rule’s event occurs and if all of the conditions listed are fulfilled.

To prevent the system from sending every incoming file, click New button to add a condition and set the Variable to '{{LPNT}} Local File Parent Directory', Comparison to 'Equals' and Value to a new directory like 'c:\ftproot\test\uploads' that you create in your path. Click the Add button.

lick New button to add a condition and set the Variable to '{{D}} Download', Comparison to 'Equals' and Value to 'False', meaning trigger on an upload. Click the Add button.

lick New button to add a condition and set the Variable to '{{S}} Success', Comparison to 'Equals' and Value to 'True', meaning only trigger on a successful upload. Click the Add button.

Add the Rule Actions

Add a new action and select Send a File and in the Using drop-down select the Event Target created in the Event Targets step. See the ‘Send a File Event Action’ screenshot below.

Since the action is sending a file that just came in, we can set File Path From to {{LFP}} which is a variable representing the 'Local File Path.' And for File Path To, we can select {{LFN}} which is just the filename part of the incoming file.

Clicking Add will complete the Rule and show a summary like:
Send file to 'ftp://user@example.com/newfolder/{{LFN}}' from '{{LFP}}'

Send a File Event Action

Test the transfer by uploading a file to the directory 'test\uploads' and verify that it is transferred to the remote server and placed in the 'newfolder' directory with the same filename as your original file.

If you have any issues, make sure DEBUG is enabled in the Log as discussed above, trigger the transfer, and look at the debugging and error messages.