Our website requires you install or enable flash player for full experience, you can download flash player by clicking here.
Make sure you also have javascript enabled so that flash player & menus work correctly.

Get Adobe Flash player

What would you like to monitor?

For when WebSpyrians have something to say.

Page 5 of 8« First...«34567»...Last »

Archive for the ‘Tips and Best Practices’ Category

Watch your TMG’s waist line. Switch log format and reduce fat now!

Wednesday, October 27th, 2010

We often recommend customers using Microsoft ISA or TMG switch their logging to W3C text file, in order to get the best possible import speed, and also because the text logs are much easier to access from a remote machine (see my previous article on accessing TMG’s SQL Express Log database). Logging to the default MSDE or SQL Express databases also requires more resources in terms of processor utilization, memory consumption and disk I/O.

But there is another advantage to switching to text. They take up considerably less disk space. Here are some figures:

(more…)

Tags: , , , , , , , , , ,
Posted in Firewall Analysis, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, System Administration, Tips and Best Practices, Vantage, Web Browsing Analysis, WebSpy, storages | 2 Comments »

Hit and Miss – Are you Missing out on Important Hit Data?

Wednesday, October 13th, 2010

Today I thought I’d cover some interesting hit information and explain how you can get more out of your data by ensuring your hits are accurately reported on.

As the term ‘hit’ can sometimes be confusing, let’s start off by properly define hits.

(more…)

Tags: , , , , ,
Posted in Aliases, How To, Tips and Best Practices, Vantage | No Comments »

Microsoft Forefront TMG logs size fields the wrong way around

Thursday, July 29th, 2010

If you’re using Microsoft Forefront Threat Management Gateway, there is a bug in the logging that causes Bytes Sent and Bytes Received to be logged in reverse. This seems to only affect the Web Proxy logs – both SQL and W3c . We noticed in a few web reports, that people were generally uploading a lot more than they were downloading. So we checked the logs and verified the buggy behavior: (more…)

Tags: , , , , , ,
Posted in Firewall Analysis, Log File Analysis, Microsoft Threat Management Gateway, Reports, Tips and Best Practices, Vantage, Web Browsing Analysis, WebSpy | No Comments »

Why there is so much anonymous traffic in Microsoft TMG and ISA logs

Monday, July 19th, 2010


One of the most common questions we get asked by users of Microsoft TMG and ISA is why there is so much traffic attributed to the Anonymous user. Even though unauthenticated access to the web has been disabled, they still see the ‘Anonymous’ user as one of the top users in their reports.

So let’s use WebSpy Vantage to drill into that Anonymous user and find out what is going on. (more…)

Tags: , , , , , , , , , , , , , , ,
Posted in Aliases, Firewall Analysis, How To, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, Reports, Tips and Best Practices, Vantage, Web Browsing Analysis, WebSpy | 6 Comments »

Video: How to use WebSpy Vantage to report on IronPort log files

Friday, June 18th, 2010

I’ve produced a video on how to use WebSpy Vantage to report on IronPort’s Web Security Appliance’s access log files. It is quite a detailed look at the key tasks involved in setting up and using WebSpy Vantage with IronPort WSA access logs, and is therefore divided into several parts. The videos take you through the following activities:

  • How to import your log files and explore the information recorded by IronPort using the Summaries screen
  • How to open the customized IronPort Report Templates and Aliases
  • How to generate reports
  • How to import your organizational structure and report on departments
  • How to setup the Web Module and publish reports

(more…)

Tags: , , , , , , , , , ,
Posted in Aliases, Firewall Analysis, How To, IronPort, Log File Analysis, Reports, Scheduled Tasks, Tips and Best Practices, Vantage, Web Browsing Analysis, Web Module, WebSpy | No Comments »

How to report on bandwidth utilization using Cisco devices

Thursday, May 27th, 2010

Today I was speaking to a customer that had the following reporting request:

“I would like to know how much of my bandwidth is being eaten by each protocol. I will then use this information to determine if circuit may need to be increased due to increased traffic”.

This customer was collecting syslog messages from a Cisco Firewall, then using WebSpy Vantage to generate reports. In theory, this sounds like a fair plan. Unfortunately, the Cisco Firewall logs many different types of messages. Some to do with denied packets, some to do with authentication, some for vpn and so on. The information contained within each message changes. Some events include the size information that is required for any type of bandwidth assessment and some don’t. Correlating the required events to get any sort of accurate ‘bandwidth’ representation is a bit of a nightmare.

Fortunately, there’s a simpler method. (more…)

Tags: , , , , , , , , , , , , ,
Posted in Firewall Analysis, FlowMonitor, How To, Reports, System Administration, Tips and Best Practices, Vantage, WebSpy | 1 Comment »

How WebSpy Vantage uses your CPUs

Friday, May 21st, 2010

I’m frequently asked how WebSpy Vantage utilizes a systems CPU resources. Sometimes you may notice Vantage utilizing 100% of your machine’s CPU power, and other times it will be hardly touched. So here is an overview of how the software works internally so you can understand when your CPUs will and won’t be pushed. (more…)

Tags: , , , , , , , ,
Posted in Reports, System Administration, Tips and Best Practices, Vantage, WebSpy | No Comments »

Page 5 of 8« First...«34567»...Last »