Our website requires you install or enable flash player for full experience, you can download flash player by clicking here.
Make sure you also have javascript enabled so that flash player & menus work correctly.

Get Adobe Flash player

What would you like to monitor?

For when WebSpyrians have something to say.

Page 3 of 7«12345»...Last »

Archive for the ‘How To’ Category

Event Log Reporting using Vantage

Wednesday, August 18th, 2010

Event logs have been a feature of the MS Operating System (Windows) since the original release of Windows NT in1993. Designed to provide an audit trail of system use, event logging records the actions that occur within the system, such as users logging in, failure of a component to start, or an attempt to print a document.

 

Event Log Management

Every event that occurs across a network can be recorded in an event log file. The list of events that are recorded by default can be modified to reflect the needs of the organizations system. Information stored in event log files is extremely useful to organizations as it provides real-time indications of network incidents as well as an audit trail of user activity. However extracting useful information can be challenging as it is very difficult to manage and filter the vast amount of data generated.

(more…)

Share|

Tags: , ,
Posted in How To, Vantage, Windows Event Logs | No Comments »

Tips from TMG Expert: Changing WebSpy Vantage Scheduled Task Recurrence Interval

Monday, July 19th, 2010

Microsoft ISA Server and Forefront TMG users are probably familiar with isaserver.org’s informative news articles, tutorials, blogs and forums. I just wanted to bring your attention to one of isaserver.org’s contributing blog authors, Richard Hicks.

Richard has been working with Forefront Threat Management Gateway (TMG) 2010 and its predecessors for more than 12 years. He has designed and deployed network security solutions using TMG and ISA for SMB’s, military and defense organizations, and Fortune 500 companies around the world.

In addition to his isaserver.org blogs, Richard has his own ISA/TMG blog where he recently posted some useful tips on changing WebSpy Vantage’s scheduled task recurrence interval using the schtasks.exe command line tool. Adding more frequent import options (i.e. hourly) is on the product roadmap but until then, using the command line tool is a great alternative.
(more…)

Share|

Tags: , , , , , , , ,
Posted in How To, Microsoft ISA Server, Microsoft Threat Management Gateway | No Comments »

Why there is so much anonymous traffic in Microsoft TMG and ISA logs

Monday, July 19th, 2010


One of the most common questions we get asked by users of Microsoft TMG and ISA is why there is so much traffic attributed to the Anonymous user. Even though unauthenticated access to the web has been disabled, they still see the ‘Anonymous’ user as one of the top users in their reports.

So let’s use WebSpy Vantage to drill into that Anonymous user and find out what is going on. (more…)

Share|

Tags: , , , , , , , , , , , , , , ,
Posted in Aliases, Firewall Analysis, How To, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, Reports, Tips and Best Practices, Vantage, Web Browsing Analysis, WebSpy | 3 Comments »

Website Categorization – Assessing Productivity

Monday, July 12th, 2010

Security and Threat Management solutions, such as Microsoft Forefront TMG, IronPort and Blue Coat, use predefined URL categorization to simplify blocking and filtering management. Different security vendors have different ways of categorizing websites but it generally involves referring to a gigantic, regularly updated database of millions of websites sorted into 50-100 relevant categories.

Majority of security vendors will give you a high level overview of the categories, such as Sports, Shopping, Online Community, Streaming Media, Employment and Gambling, but rarely provides intuitive ways to further investigate the traffic going to the sites within these categories. The nifty thing about WebSpy’s solutions is that, as long as categories are logged, you can use WebSpy to analyze web browsing in relation to these categories and get a much clearer overview of your organization’s web usage.

(more…)

Share|

Tags: , , , , , , , , ,
Posted in How To | No Comments »

Video: How to use WebSpy Vantage to report on IronPort log files

Friday, June 18th, 2010

I’ve produced a video on how to use WebSpy Vantage to report on IronPort’s Web Security Appliance’s access log files. It is quite a detailed look at the key tasks involved in setting up and using WebSpy Vantage with IronPort WSA access logs, and is therefore divided into several parts. The videos take you through the following activities:

  • How to import your log files and explore the information recorded by IronPort using the Summaries screen
  • How to open the customized IronPort Report Templates and Aliases
  • How to generate reports
  • How to import your organizational structure and report on departments
  • How to setup the Web Module and publish reports

(more…)

Share|

Tags: , , , , , , , , , ,
Posted in Aliases, Firewall Analysis, How To, IronPort, Log File Analysis, Reports, Scheduled Tasks, Tips and Best Practices, Vantage, Web Browsing Analysis, Web Module, WebSpy | No Comments »

Accessing Microsoft Forefront TMG’s Log Files (SQL Express)

Friday, June 11th, 2010

If you need to analyze and report on Microsoft Forefront Threat Management Gateway log files, the most common stumbling block is enabling access to the default SQL Express databases that contains the firewall and web proxy log files.

The log databases are stored in an SQL Express instance named MSFW. By default these databases cannot be accessed by a remote computer. I’d first like to say that we recommend changing TMG’s logging to W3C text files, as these logs are about 5-6 times faster to import, and you don’t need to worry about the steps below.

But if you need to stick with the SQL Express logging, here are the basic steps to enable access to the logs from a remote computer: (more…)

Share|

Tags: , , , , , , , , , , ,
Posted in Firewall Analysis, How To, Loaders, Log File Analysis, Microsoft Threat Management Gateway, Vantage, Web Browsing Analysis, WebSpy | No Comments »

How to report on bandwidth utilization using Cisco devices

Thursday, May 27th, 2010

Today I was speaking to a customer that had the following reporting request:

“I would like to know how much of my bandwidth is being eaten by each protocol. I will then use this information to determine if circuit may need to be increased due to increased traffic”.

This customer was collecting syslog messages from a Cisco Firewall, then using WebSpy Vantage to generate reports. In theory, this sounds like a fair plan. Unfortunately, the Cisco Firewall logs many different types of messages. Some to do with denied packets, some to do with authentication, some for vpn and so on. The information contained within each message changes. Some events include the size information that is required for any type of bandwidth assessment and some don’t. Correlating the required events to get any sort of accurate ‘bandwidth’ representation is a bit of a nightmare.

Fortunately, there’s a simpler method. (more…)

Share|

Tags: , , , , , , , , , , , , ,
Posted in Firewall Analysis, FlowMonitor, How To, Reports, System Administration, Tips and Best Practices, Vantage, WebSpy | 1 Comment »

Page 3 of 7«12345»...Last »