Web Activity Report Examples
Overview
The ThreatMonitor is a reporting tool that is part of every eSoft device. This document will illustrate some example of the use of one part of the ThreatMonitor, the Web Security folder. This folder allows system administrators to run top level reports and to then drill down to find specific information. Please note that the amount of web traffic, the date range being reported and the speed of the unit itself will all affect the speed at which various reports are displayed.
Tracking Web Traffic by User
It is sometimes necessary to track a single user's web traffic. To create this custom report click on the Add Report button located along the top bar.
Once the report wizard opens enter a name and description for the new report.
Under the Query Tab the Source needs to be 'Web Proxy'. Next the Search needs to be set to include the user. Then enter the user name to filter. It is also possible to include more than one user and have results for any of those users returned. To accomplish this simply change the 'Include matches' drop down to 'Any'.
The example custom report below will narrow the focus to one single user (enewvine).
By clicking the plus sign to the right, it is possible to add additional search criteria. For example if an administrator needed to see all the traffic from one user that was within the Social Networking Category, it is simply a matter of adding a search criteria of "Category equals Social Networking".
Click Apply to generate the report and view the results.
Tracking Web Traffic by IP Address
It is sometimes necessary to track web traffic from a single IP address. To create this custom report click on the Add Report button located along the top bar. Once the report wizard opens enter a name and description for the new report.
Under the Query Tab the Source needs to be 'Web Proxy'. Next the Search needs to be set to include the Client IP addresses. It is also possible to search by username if authentication has been enabled on the web proxy. Then enter the IP address to filter. It is also possible to include more than one IP address and have results for any of those IP addresses returned. To accomplish this simply change the 'Include matches' drop down to 'Any'.
The example custom report below will narrow the focus to one single IP address (10.54.54.187).
By clicking the plus sign to the right, it is possible to add additional search criteria. For example if an administrator needed to see all the HTTP traffic from one IP address that was marked as Mature content, it is simply a matter of adding a search criteria of "Action equals Mature".
Click Apply to generate the report and view the results.
Monitor a single category
It can be helpful to setup a persistent report to monitor what users are browsing to explicit or other content. Start by clicking on Add Report. Then name and provide a description for the report.
Next enter the query by selecting Category from the drop down box and entering the category to be monitored. It is also possible to monitor more than one category by changing Include matches then clicking the plus sign to add a new query line. In the example below two categories will be monitored, Pornography/Sex and Mature.
With this report created it can be viewed every time the Web Security folder is loaded or through the daily reports which are sent every night.
Change the graph type
Sometimes it is helpful to view a graph in a different format. Many of the default graphs in the new ThreatMonitor are setup as pie charts. In this section we will explore how to change a pie chart to a bar graph.
To change the way a graph is displayed first click on the edit button for the graph to be changed. The edit button is the left most button located in the top right corner.
Next click the display tab and change the Type to Column Chart.
Finally click the Apply button. This will save the change and the ThreatMonitor will then display the updated graph.
Additional Resources
Although not discussed explicitly in this document the Web Security ThreatMonitor gives system administrators the ability to change the category for any URL real-time. For more information regarding URL categorization please read the following documentation URL Reclassification.
Any questions or concerns not answered in this document should be directed to eSoft technical support, please contact eSoft.
