Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 3177 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need a Report showing Time stamp of access

D.R.e.W
Hello All & thanx in advanced for your time.

I'm looking for a report that will show me what time a user went to Youtube.com and/or video.nfl.com. The current filters don't show time so I can't figure out if the user is wasting his own time during lunch or my time during working hours.

We do have youtube.com open because equipment manufacturers post videos of equipment tests or descriptions we need to see but when a user is pulling 2GB a day, I'm guessing he's streaming more than a 5 min clip.

Andy


This thread was automatically locked due to age.
  • 0
    You could get that information by parsing the raw web filtering log.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    You could get that information by parsing the raw web filtering log.


    Is there a better way to "parse the raw web filter log" other then opening a 2MB file in a text editor & doing a search?

    Back in the day, Novell's BorderManager and SurfControl could do these individual user time reports out of the box.
  • 0
    You could script something to return only the data you need.  Almost easier to use Syslog to output the log data to a database, then query from there.  There's a handful of commercial products which may help for log analysis, but you'll need to evaluate each to see if they'll get you what you need.  Sawmill, WebSpy, and Fastvue.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    How about a different approach, Andy...

    Start by adding the users that need to access the videos to 'Bypass Users' in 'Filtering Options'.  This can be individual users synced from Active Directory or a Backend Group based on an Active Directory Security Group.

    Next, make a higher-priority Policy with a "Lunch" time event that uses a Filter Profile that does not block those sites.

    Finally, block those sites in the Policy that's always active.  Folks will still be able to access the videos, but they will have to identify themselves in order to do so.  If you see a suspicious pattern in the 'Overrides' report in Web Filtering Reporting, you can quickly search the log file to see what videos were watched outside of lunchtime.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML