12-08-2007 04:14 AM
Hello
I work for an goverment agency and we just got the appliance setup.What I need to be able to do is tell what people have visted what sites.I have been unable to see anywhere to run this kind of report.For example I need to be able to see what sites John Smith visited for say the month of december.
How would I do this?
12-08-2007 04:30 AM
This level of detail is not available from the on-box reporting - basically the overhead of doing it is too great and could have a performance hit on the box.
To get the level of reporting you want you've got 2 options :
1. (Preferred!) Use Sawmill Reporter an as off-box reporting tool. IronPort OEM's and supports Sawmill, and you can download an eval version from the support portal (http://www.ironport.com/support/login.html -> "Web")
2. Use the logs from the appliance in another reporting package. By default the S-series logs using the industry defacto standard "Squid" log format (with a few extra fields for things like categories). These logs can be easily parsed by you, or by any 3rd party package that supports Squid.
In effect the first option is the same as the 2nd option, only we've done the hard work of configuring Sawmill for you so that it's pretty much plug-n-play, including support for the additional fields we add, plus a number of default reports.
12-08-2007 04:56 AM
This is a very important option and it was explained to me that this had a very robust reporting system built into and that I wouldnt have to purchase anything else.This for me is the most important feature as since I work for the goverment we have to know what users are going to what sites.While secuirty and filering is important the keeping track of where people go and the ease of getting that info is just as important and this appliance is advertised as a one box soloution.With everything you need in one appliance.
12-08-2007 05:26 AM
Forgot to say I will try out the Sawmill and let you know how it turn out.
Thanks in advance
12-09-2007 11:20 PM
it was explained to me that this had a very robust reporting system built into and that I wouldnt have to purchase anything else.
12-10-2007 12:44 PM
Thanks Doc and I haven’t yet install and tried Sawmill but I will and report back.Please remember I am just passing on real world situations that perhaps ironport would like to hear about so that they can improve there appliance. If not that cools I will shut up :D
I agree they do have a level of reporting but not a robust level. In today's world of everybody sues everybody if a user is abusing the companies web policy you must be able to tell the exact sites that user is visiting and how many times and for how long. You must be able to do this out of the box without having to go thru raw logs as this can be very time consuming for the admin.
I will give you an example. Let’s say you have a user that is viewing porn. The way it shows know it says x user was in the porn catergory.Now the HR department says that you must be able to prove which site there were at exactly and for how long in order to take any action. Know in order to do this you would have to either search through Raw logs or purchase third party software. For most big companies while it good to know the categories people are going to for statics in order to enforce a web browsing policy you have to be able to tell right away what sites people are visiting without digging through a bunch of raw logs.
Many web security/filtering appliance have this feature built in and I would think that it might be something that they might want to add in the furture.
12-13-2007 02:35 PM
The SawMill option will DEFINATELY give you what your looking for and more....
I configured my SawMill profile to FTP into the IronPort(s) and pull the logs down. There are a number of ways you can handle getting the reports into SawMill, but this was the easiest for us.
Also, remember to add the custom field variables into the Appliances logging.
(System Administrator - Log Subscriptions)
Click AccessLogs
In the "Custom Fields" section you need: %XC %Xn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide