Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 5714 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Monitoring of Website Usage

Brent Goben

Greetings,

I have been tasked with configuring a report of our users' web surfing. Basically, management wants to know what websites employees are visiting so they can crack down on time-wasting activities on the web.

We are using UTM 9. I am accessing the admin portal from a browser.

Does anybody know how to generate reports of usage by user, department, etc.?



This thread was automatically locked due to age.
  • 0

    Hi Brent and welcome to the UTM Community!

    Go to 'Logging & Reporting >> Web Protection' and choose "Users with Categories" on the upper-right.

    Depending on how many users you have, by-department may be more work than they would want you to do.  All of the users must be synced to the UTM and then manually placed in Department objects.

    You may also want to consult Configuring HTTP/S proxy access with AD SSO.  Although the article is aimed at Standard mode, 98% of it applies to Transparent mode, too.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Start by getting a log parsing solution in place, such as Splunk or my SQL tools (described in the Reporting forum).   You cannot discipline an employee without details, and you cannot get details from UTM or IView reports.

    Then get to know your data.   The most useful metric seems to be to sum on size by hostname.   HTTP and HTTPS-with-decrypt log each web request.   HTTP-without-decrypt logs one entry forthe entire session (at the end of the session.)   So if you count log entries, you need to count web requests and https session as separate buckets.   Summing on size is valid across both types of entries.

    UTM sees and logs everything.   Look at how much happens under the covers that the user never sees.

    Ignore blocked pages.   Employees will not repeatedly attempt to access a blocked site, and the automation will block a lot of things that they never requested, especially if you are blocking web ads (which i recommend.)

    As I have written elsewhere, using Standard Mode for browser traffic and Transparent Mode for everything else has two benefits (a) it protects all of your traffic, and (b) it separates employee browser activity from operating system overhead.

    Read my post on webfilter lessons learned once you have your log parsing plan in place.

Unfiltered HTML