SurfProtect User Activity Reporting
CONTENTS Document Aim 3 What are my options?... 3 Active Reports... 4 NetASQ Realtime Monitor & Event Reporter... 4 Where can I download the Windows Reporting tools that NetASQ provide?... 4 Realtime Monitor... 5 Event Reporter... 6 ~ 1 ~
Who Date Change Version M Dearlove 1 May 2014 N/A 1.0 ~ 2 ~
User Activity Reporting Document Aim Activity reporting in relation to web browsing is an important feature for a content filtering system to assist customer administration staff in the prevention and investigation of inappropriate web activity within their environment. This document aims to show what can currently be reported on from Partner devices used as part of the SurfProtect ICAP service solution. SurfProtect has no direct centralised means of providing auditing and logging functionality that customers can use. It is our intention to add this in the future. For now let us see what information sources we have when using the NetASQ U Range UTM device for ICAP integration. What are my options? Depending on the NetASQ device you have your options are: U70S Active Reports Realtime Monitor Event Reporter Local storage is optional Can use an SD card Send logs to SYSLOG server from device U150S or higher 120Gb storage Active Reports statistics collected by the firewall needs enabling to work Realtime Monitor Snap shot of current firewall activity Even Reporter deeper historical search of collected logging information IMPORTANT MESSAGE FROM EXA Please note that due to a limitation within the Realtime Monitor and Event Reporter you can ONLY use the admin username to access these tools. This presents Exa with a dilemma as admin account is used to manage the firewall settings by us and we cannot authorise other accounts to use these tools as it does not work. We will only grant access to the additional Windows tools Realtime Monitor/Event Reporter if you MUST have that level of reporting. We have raised a call with NetASQ to allow other administrator accounts to use these tools as a feature request. ~ 3 ~
Active Reports Active reports are statistical reports. The firewall can be configured to log/track information about usage. To use the reports requires an admin user to login and enable the collection of data to be turned on. This can be achieved by logging in to the firewall at https://ip/admin/report.html or if you are logged in to the main admin interface select the highlighted button shown below to take you to the Reporting Portal part of the firewall. There is also a link like the one shown below on the main login page of the firewall. On Reporting Portal you should see but the check box maybe un-ticked. Please remember that when any form of logging is enabled it could impact on your firewall performance. Access to view reports To enable users of Active Directory or Firewall Admin accounts to access the reports you will need to add them to Firewall Administrators and grant them Monitoring rights ~ 4 ~
The available reports will be shown below configuration panel shown in our screen shot above. ~ 5 ~
Please note that some reports will not produce any meaningful results as they are geared towards the NetASQ firewall s native content filtering software our integration with SurfProtect is not covered. Some examples are shown below. ~ 1 ~
~ 2 ~
~ 3 ~
NetASQ Realtime Monitor & Event Reporter You will need the following elements in order to install this software: CPU with a minimum of 2GHz A minimum of 512 MB of RAM (Windows XP) for client software, 2 GB for server software. About 300MB of hard disk space as this is what the software will occupy after its installation. If possible, reserve several gigabytes of space for the database (depending on the activity of the connected firewall(s). Ethernet 100 or 1000 Mbps network card Software applications are supported on the following operating systems: Microsoft Windows Server 2003 SP2 Microsoft Windows XP Service Pack 2 and higher, Microsoft Windows Vista Microsoft Windows Server 2008 The above requirements are taken from the Realtime Monitor userguide section 1.1.1 Pre-requisites. Where can I download the Windows Reporting tools that NetASQ provide? You can either visit our website at http://www.exa.net.uk/support/documentation and follow the link to download the installer Download directly from NetASQ at http://gui.netasq.com/last-version ~ 4 ~
Realtime Monitor This tool provides a snapshot of activity currently going on. It is advised that you only connect to your firewall with the READ ONLY flag checked! Once connected the useful sections will be: Events Hosts Users System Please refer to the full user guide which can be found on our website in Support>Documentation http://www.exa.net.uk/supportdocuments/naengde_nrmonitor.pdf ~ 5 ~
Event Reporter The Event Reporter can provide details of historical and current activity with better filtering abilities and also the means to export the information. Below is an example output from the Web section: ~ 6 ~
If you need to export the information the tool provides the following formats: Please refer to the full user guide which can be found on our website in Support>Documentation http://www.exa.net.uk/supportdocuments/naengde_nereporter.pdf ~ 7 ~