In the latest Vantage auto-update (2.2.0.68), we’ve included an experimental feature to allow multiple instances of WebSpy Vantage to run on the same operating system. The goal here is to run reports at the same time using multiple instances of the application. To do this, we have also include a second experimental feature to disable storage locking. This allows multiple instances of Vantage to read from the same storage at once. (more…)
Archive for the ‘Reports’ Category
Reporting on Astaro Security Gateway
Friday, December 10th, 2010
Astaro Security Gateway devices are capable of producing some very detailed log files including full URLs, usernames, categories, block action and reason which gives you some great reporting options in WebSpy Vantage.
Take a look at our dedicated Astaro pages to get an idea of what can be achieved when analyzing Astaro Web Gateway log files with WebSpy Vantage.
I’ve created some quick videos to show you how to enable the correct logging options on the Astaro Security Gateway appliance, how to import these log files into Vantage, and analyze the data on the Summaries screen. (more…)
Vantage Update 2.2.0.48 – New Loaders, Features and Fixes
Thursday, July 29th, 2010
We’ve just released an update to the Vantage range of application, including the Web Module.
This release will be welcomed with open arms by many customers for the following reasons:
- General usability improvements in the Web Module
Multi-select / delete options, Ajax progress indicators to avoid page refreshes, export from Dynamics Report tab and more (see below) - Fixes to the Microsoft Forefront TMG loader
See my other post: Microsoft Forefront TMG logs size fields the wrong way around. Also fixed ‘value cannot be null’ error when importing SQL logs. - Fixes to storage corruption issues
This build should prevent ‘Normalization Index’ storage corruption issues from occurring. This often occurred after importing data, editing some log inputs and reimporting. - New loaders and more fixes
See below for the full list
Microsoft Forefront TMG logs size fields the wrong way around
Thursday, July 29th, 2010
If you’re using Microsoft Forefront Threat Management Gateway, there is a bug in the logging that causes Bytes Sent and Bytes Received to be logged in reverse. This seems to only affect the Web Proxy logs – both SQL and W3c . We noticed in a few web reports, that people were generally uploading a lot more than they were downloading. So we checked the logs and verified the buggy behavior: (more…)
Why there is so much anonymous traffic in Microsoft TMG and ISA logs
Monday, July 19th, 2010
One of the most common questions we get asked by users of Microsoft TMG and ISA is why there is so much traffic attributed to the Anonymous user. Even though unauthenticated access to the web has been disabled, they still see the ‘Anonymous’ user as one of the top users in their reports.
So let’s use WebSpy Vantage to drill into that Anonymous user and find out what is going on. (more…)
Video: How to use WebSpy Vantage to report on IronPort log files
Friday, June 18th, 2010
I’ve produced a video on how to use WebSpy Vantage to report on IronPort’s Web Security Appliance’s access log files. It is quite a detailed look at the key tasks involved in setting up and using WebSpy Vantage with IronPort WSA access logs, and is therefore divided into several parts. The videos take you through the following activities:
- How to import your log files and explore the information recorded by IronPort using the Summaries screen
- How to open the customized IronPort Report Templates and Aliases
- How to generate reports
- How to import your organizational structure and report on departments
- How to setup the Web Module and publish reports
(more…)
How to report on bandwidth utilization using Cisco devices
Thursday, May 27th, 2010
Today I was speaking to a customer that had the following reporting request:
“I would like to know how much of my bandwidth is being eaten by each protocol. I will then use this information to determine if circuit may need to be increased due to increased traffic”.
This customer was collecting syslog messages from a Cisco Firewall, then using WebSpy Vantage to generate reports. In theory, this sounds like a fair plan. Unfortunately, the Cisco Firewall logs many different types of messages. Some to do with denied packets, some to do with authentication, some for vpn and so on. The information contained within each message changes. Some events include the size information that is required for any type of bandwidth assessment and some don’t. Correlating the required events to get any sort of accurate ‘bandwidth’ representation is a bit of a nightmare.
Fortunately, there’s a simpler method. (more…)
