Our website requires you install or enable flash player for full experience, you can download flash player by clicking here.
Make sure you also have javascript enabled so that flash player & menus work correctly.

Get Adobe Flash player

What would you like to monitor?

For when WebSpyrians have something to say.

Page 1 of 212»

Posts Tagged ‘FTMG’

Vantage Update 2.2.0.51 (UrlCategory Fix for Microsoft TMG)

Thursday, August 26th, 2010

We have released an update to the Vantage range of applications to fix an issue with the Microsoft Forefront Threat Management Gateway (TMG) loader. (more…)

Share|

Tags: , , , , , , , ,
Posted in Loaders, Log File Analysis, Microsoft Threat Management Gateway, Software Updates, Vantage, WebSpy | No Comments »

Why there is so much anonymous traffic in Microsoft TMG and ISA logs

Monday, July 19th, 2010


One of the most common questions we get asked by users of Microsoft TMG and ISA is why there is so much traffic attributed to the Anonymous user. Even though unauthenticated access to the web has been disabled, they still see the ‘Anonymous’ user as one of the top users in their reports.

So let’s use WebSpy Vantage to drill into that Anonymous user and find out what is going on. (more…)

Share|

Tags: , , , , , , , , , , , , , , ,
Posted in Aliases, Firewall Analysis, How To, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, Reports, Tips and Best Practices, Vantage, Web Browsing Analysis, WebSpy | 3 Comments »

Website Categorization – Assessing Productivity

Monday, July 12th, 2010

Security and Threat Management solutions, such as Microsoft Forefront TMG, IronPort and Blue Coat, use predefined URL categorization to simplify blocking and filtering management. Different security vendors have different ways of categorizing websites but it generally involves referring to a gigantic, regularly updated database of millions of websites sorted into 50-100 relevant categories.

Majority of security vendors will give you a high level overview of the categories, such as Sports, Shopping, Online Community, Streaming Media, Employment and Gambling, but rarely provides intuitive ways to further investigate the traffic going to the sites within these categories. The nifty thing about WebSpy’s solutions is that, as long as categories are logged, you can use WebSpy to analyze web browsing in relation to these categories and get a much clearer overview of your organization’s web usage.

(more…)

Share|

Tags: , , , , , , , , ,
Posted in How To | No Comments »

Accessing Microsoft Forefront TMG’s Log Files (SQL Express)

Friday, June 11th, 2010

If you need to analyze and report on Microsoft Forefront Threat Management Gateway log files, the most common stumbling block is enabling access to the default SQL Express databases that contains the firewall and web proxy log files.

The log databases are stored in an SQL Express instance named MSFW. By default these databases cannot be accessed by a remote computer. I’d first like to say that we recommend changing TMG’s logging to W3C text files, as these logs are about 5-6 times faster to import, and you don’t need to worry about the steps below.

But if you need to stick with the SQL Express logging, here are the basic steps to enable access to the logs from a remote computer: (more…)

Share|

Tags: , , , , , , , , , , ,
Posted in Firewall Analysis, How To, Loaders, Log File Analysis, Microsoft Threat Management Gateway, Vantage, Web Browsing Analysis, WebSpy | No Comments »

Vantage Update 2.2.0.43

Thursday, May 20th, 2010

We’ve just released an auto update for WebSpy Vantage (Premium, Giga and Ultimate) as well as the Web Module.

This is a great update for Vantage Ultimate users as we’ve introduced a new feature/tab into the Web Module called ‘Dynamic Reports’.

If you’re publishing the same report to the Web Module each day, you can use the Dynamic Reports tab to select a date range and a department (or whatever organizational groups you have defined) and the Web Module will collate all the daily reports that match that filter into one report. This allows you to report on entire week, month or year by simply ‘reporting on reports’, rather than reporting months of raw storage data.

Here’s the full list of changes since the last auto update (2.2.0.32 on the 14th April 2010).

Application Changes

  • Added Dynamic Reports feature to the Web Module.
  • Rewrote the Web Module transfer protocol. New protocol adds version checking, connection checking, and integrity checking for high latency environments.
  • Purge data from storage task no longer prevents importing new hits when all data is removed from an input within a storage.
  • IPv6 addresses now show IPv4-mapped addresses as plain IPv4 addresses in summaries.
  • IPv6 and IPv4 addresses are now freely interchangable in filter expressions.
  • Fixed IPv6 drilldowns on the Summaries screen
  • SQL inputs can now be resumed from the previous position. Previously any input that was partially imported would be skipped when importing new hits.
  • Template-based analysis has been fixed, no longer results in blank/non-existent analysis.
  • Added new string manipulation functions to expression language; Contains, StartsWith, EndsWith, IndexOf.

Loader Changes

  • Astaro: Now checks that the ID field is present in a line before attempting to read it.
  • Barracuda Web Filter: Added this format to replace Spy Filter.
  • BlueCoat Proxy SG W3C: Added support for gmttime, timestamp, x-bluecoat-surfcontrol-is-denied and x-bluecoat-transaction-id.
  • ClearSwift: Added a new loader group for ClearSwift that includes the MimeSweeper loaders
  • ClearSwift SECURE Web Gatway: Now supported with the Web Appliance loader
  • Clearswift Web Appliance: User summary displays Source IP if Username is blank.
  • IronPort WSA: Fixed memory usage issues.
  • Microsoft FTMG: Added category name lookup to SQL loader.
  • Microsoft FTMG: No longer fails to import lines where the rule field contains square brackets.
  • Microsoft FTMG: URL Category field is now a string instead of an integer. Added URL Categorization Reason field.
  • Microsoft FTMG: Fixed memory usage issues.
  • Microsoft IIS W3C: No longer hangs or crashes when loading a file that isn’t IIS W3C.
  • NetAsq: Added support for srcname field. The Username summary is populated with user first, and then srcname if user is blank. The User summary is also now populated with Source IPs if the Username summary is blank.

To update WebSpy Vantage, simple select Tools | Check for updates.

To update the Web Module, login to the Web Module server, right-click the WebSpy system tray icon, and select Check for updates.

As always, please contact us if you have any issues or questions.

Share|

Tags: , , , , , , , , , , , , , , , , ,
Posted in IronPort, Loaders, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, Software Updates, Tips and Best Practices, Vantage, Web Module, WebSpy | No Comments »

Dedicated WebSpy and Forefront TMG pages – Everything you need to know about TMG Log Reporting

Wednesday, May 12th, 2010

forefront_v_webMicrosoft Forefront Threat Management Gateway (TMG) popularity is starting to pick up. WebSpy added support for analyzing and reporting on TMG logs even before the public release and have been improving our compatibility ever since.

(more…)

Share|

Tags: , , , , , , , , , ,
Posted in How To, Microsoft Threat Management Gateway, Reports, Sales and Marketing, Tips and Best Practices, WebSpy | No Comments »

Vantage Update 2.2.0.27 – Fix for Microsoft FTMG SQL Import

Tuesday, March 2nd, 2010

Our support for Microsoft Forefront Threat Management Gateway is quite new and we’ve just fixed a couple of issues in build 2.2.0.27. In particular, this update fixes the “specified cast invalid error” that occurs when importing the Web Proxy database logs.

Check your version in Help | About. If you are running 2.2.0.27 or above, then you already have this update. If not, make sure you update to your software by selecting Tools | Check for updates.

Share|

Tags: , , , , , , , , , , , , , , , ,
Posted in Loaders, Log File Analysis, Microsoft ISA Server, Microsoft Threat Management Gateway, Software Updates, Vantage, Web Module, WebSpy | No Comments »

Page 1 of 212»