Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 2 answers
  • Subscribers 6 subscribers
  • Views 5984 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Monitoring of Website Usage

Brent Goben

Greetings,

I have been tasked with configuring a report of our users' web surfing. Basically, management wants to know what websites employees are visiting so they can crack down on time-wasting activities on the web.

We are using UTM 9. I am accessing the admin portal from a browser.

Does anybody know how to generate reports of usage by user, department, etc.?



This thread was automatically locked due to age.
Parents
  • 0

    Start by getting a log parsing solution in place, such as Splunk or my SQL tools (described in the Reporting forum).   You cannot discipline an employee without details, and you cannot get details from UTM or IView reports.

    Then get to know your data.   The most useful metric seems to be to sum on size by hostname.   HTTP and HTTPS-with-decrypt log each web request.   HTTP-without-decrypt logs one entry forthe entire session (at the end of the session.)   So if you count log entries, you need to count web requests and https session as separate buckets.   Summing on size is valid across both types of entries.

    UTM sees and logs everything.   Look at how much happens under the covers that the user never sees.

    Ignore blocked pages.   Employees will not repeatedly attempt to access a blocked site, and the automation will block a lot of things that they never requested, especially if you are blocking web ads (which i recommend.)

    As I have written elsewhere, using Standard Mode for browser traffic and Transparent Mode for everything else has two benefits (a) it protects all of your traffic, and (b) it separates employee browser activity from operating system overhead.

    Read my post on webfilter lessons learned once you have your log parsing plan in place.

Reply
  • 0

    Start by getting a log parsing solution in place, such as Splunk or my SQL tools (described in the Reporting forum).   You cannot discipline an employee without details, and you cannot get details from UTM or IView reports.

    Then get to know your data.   The most useful metric seems to be to sum on size by hostname.   HTTP and HTTPS-with-decrypt log each web request.   HTTP-without-decrypt logs one entry forthe entire session (at the end of the session.)   So if you count log entries, you need to count web requests and https session as separate buckets.   Summing on size is valid across both types of entries.

    UTM sees and logs everything.   Look at how much happens under the covers that the user never sees.

    Ignore blocked pages.   Employees will not repeatedly attempt to access a blocked site, and the automation will block a lot of things that they never requested, especially if you are blocking web ads (which i recommend.)

    As I have written elsewhere, using Standard Mode for browser traffic and Transparent Mode for everything else has two benefits (a) it protects all of your traffic, and (b) it separates employee browser activity from operating system overhead.

    Read my post on webfilter lessons learned once you have your log parsing plan in place.

Children
No Data
Unfiltered HTML