Need help Matching Login or MAC/IP Address to User in Order to Generate Activity Reports

Hello Mintoo,

The lack of reporting might not be related to the User mapping, but it might be that the reporting is not yet setup fully. So we need to check three things!

The first thing to do is to check your User Mapping, can you see traffic for the users under System > Current Activity > Live Connection IPv4. If you cannot see traffic under the usernames your mapping is incorrect or they have not actually authenticated

I suspect what you might actually want to use Clientless Users, as the users created will need to authenticate via the Captive Portal or via the Authentication App (something you might not want to do with the kid's PC's)

- delete your current users and go to System > Authentication > Clientless Users to re-create them (this process will bind the user identity to a specific IP address)

- configure your DHCP server to always allocate the same IP Address to each PC (alternatively you can use Static IP Addresses on the devices), if using the DHCP server on the XG appliance you can configure reservations within the DHCP Scope

The second thing to consider is your policy base (rule set)

- every rule needs to have logging enabled

- in order to report on website you need to apply a Web Filter policy (this can be a custom/default one or even allow all)

- in order to report on applications you need to apply a Application policy again (this can be the default allow all a custom one)

* any rule that does not have logging enabled can create a reporting gap (this is useful in some scenarios, but not normally desired)

Finally you need to do is ensure that the logs are forwarded to the iView reporting engine

- go to System > System Services > Log Settings

- select the top check box under log settings, this should select everything and then apply (if you are using an external iView reporting appliance make sure you do this for the right log server)

* again any log entries not forwarded to the log server can create a reporting gap (this is useful in some scenarios, but not normally desired)

In small environments like the home, to get the best reporting results it is often easier to setup clientless users which do not require any software on the PC or result in interaction with the user (such as the Captive Portal), clientless users are also useful for other devices in the network for which the captive portal will not work (for example a Apple TV or Printer, which is in the network but you may want to report on what it does and possibly control it via a policy)

Hope this helps,

Leon

Hello Mintoo,

The lack of reporting might not be related to the User mapping, but it might be that the reporting is not yet setup fully. So we need to check three things!

The first thing to do is to check your User Mapping, can you see traffic for the users under System > Current Activity > Live Connection IPv4. If you cannot see traffic under the usernames your mapping is incorrect or they have not actually authenticated

I suspect what you might actually want to use Clientless Users, as the users created will need to authenticate via the Captive Portal or via the Authentication App (something you might not want to do with the kid's PC's)

- delete your current users and go to System > Authentication > Clientless Users to re-create them (this process will bind the user identity to a specific IP address)

- configure your DHCP server to always allocate the same IP Address to each PC (alternatively you can use Static IP Addresses on the devices), if using the DHCP server on the XG appliance you can configure reservations within the DHCP Scope

The second thing to consider is your policy base (rule set)

- every rule needs to have logging enabled

- in order to report on website you need to apply a Web Filter policy (this can be a custom/default one or even allow all)

- in order to report on applications you need to apply a Application policy again (this can be the default allow all a custom one)

* any rule that does not have logging enabled can create a reporting gap (this is useful in some scenarios, but not normally desired)

Finally you need to do is ensure that the logs are forwarded to the iView reporting engine

- go to System > System Services > Log Settings

- select the top check box under log settings, this should select everything and then apply (if you are using an external iView reporting appliance make sure you do this for the right log server)

* again any log entries not forwarded to the log server can create a reporting gap (this is useful in some scenarios, but not normally desired)

In small environments like the home, to get the best reporting results it is often easier to setup clientless users which do not require any software on the PC or result in interaction with the user (such as the Captive Portal), clientless users are also useful for other devices in the network for which the captive portal will not work (for example a Apple TV or Printer, which is in the network but you may want to report on what it does and possibly control it via a policy)

Hope this helps,

Leon