I work for an goverment agency and we just got the appliance setup.What I need to be able to do is tell what people have visted what sites.I have been unable to see anywhere to run this kind of report.For example I need to be able to see what sites John Smith visited for say the month of december.
This level of detail is not available from the on-box reporting - basically the overhead of doing it is too great and could have a performance hit on the box.
To get the level of reporting you want you've got 2 options :
1. (Preferred!) Use Sawmill Reporter an as off-box reporting tool. IronPort OEM's and supports Sawmill, and you can download an eval version from the support portal (http://www.ironport.com/support/login.html -> "Web")
2. Use the logs from the appliance in another reporting package. By default the S-series logs using the industry defacto standard "Squid" log format (with a few extra fields for things like categories). These logs can be easily parsed by you, or by any 3rd party package that supports Squid.
In effect the first option is the same as the 2nd option, only we've done the hard work of configuring Sawmill for you so that it's pretty much plug-n-play, including support for the additional fields we add, plus a number of default reports.
This is a very important option and it was explained to me that this had a very robust reporting system built into and that I wouldnt have to purchase anything else.This for me is the most important feature as since I work for the goverment we have to know what users are going to what sites.While secuirty and filering is important the keeping track of where people go and the ease of getting that info is just as important and this appliance is advertised as a one box soloution.With everything you need in one appliance.
it was explained to me that this had a very robust reporting system built into and that I wouldnt have to purchase anything else.
The S-series does have a very robust reporting system built in, and in many cases what it provides will be sufficient - at the end of the day it depends on what level of reporting you require, and what timeframe you need to be able to report on.
If you're after data on which categories of sites your users are browsing, on what days, from what IPs, etc then the on-box reporting will probably do everything you require. If you want to dig deeper then you have the option of either using the raw logs (eg, once you've determined from the on-box reporting that a user is accessing a particular category for site you can look in the logs to see exactly which site), or use an off-box reporting package such as Sawmill.
Thanks Doc and I haven’t yet install and tried Sawmill but I will and report back.Please remember I am just passing on real world situations that perhaps ironport would like to hear about so that they can improve there appliance. If not that cools I will shut up :D
I agree they do have a level of reporting but not a robust level. In today's world of everybody sues everybody if a user is abusing the companies web policy you must be able to tell the exact sites that user is visiting and how many times and for how long. You must be able to do this out of the box without having to go thru raw logs as this can be very time consuming for the admin.
I will give you an example. Let’s say you have a user that is viewing porn. The way it shows know it says x user was in the porn catergory.Now the HR department says that you must be able to prove which site there were at exactly and for how long in order to take any action. Know in order to do this you would have to either search through Raw logs or purchase third party software. For most big companies while it good to know the categories people are going to for statics in order to enforce a web browsing policy you have to be able to tell right away what sites people are visiting without digging through a bunch of raw logs.
Many web security/filtering appliance have this feature built in and I would think that it might be something that they might want to add in the furture.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...