Product Guide Revision A McAfee Web Reporter 5.2.1
COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Web Reporter 5.2.1 Product Guide
Contents Preface 7 About this guide.................................. 7 Audience.................................. 7 Conventions................................. 7 What's in this guide.............................. 8 Find product documentation.............................. 8 1 Introduction 9 About McAfee Web Reporter.............................. 9 Elements..................................... 9 Features..................................... 10 Basic features................................ 10 Premium features.............................. 11 2 Installation 13 Setup requirements................................. 13 System requirements............................. 13 Licensing McAfee Web Reporter............................ 14 Download and install the software........................... 14 Download the software............................ 15 Install on a Microsoft Windows operating system.................. 15 Install on a UNIX/Linux operating system..................... 15 Enable premium features.............................. 16 Disable premium features.............................. 16 Upgrade the software................................ 16 Back up the current configuration........................ 17 Upgrade the software............................. 17 Update the database schema.......................... 19 Install a patch................................... 20 Uninstall the software................................ 20 Uninstall from Microsoft Windows........................ 20 Uninstall from UNIX/Linux........................... 20 3 Configuring a database 21 When to use an internal database........................... 21 When to use an external database........................... 21 Configure the database............................... 22 Connect to an external database........................ 22 Update the database schema.......................... 23 Partition the database............................ 23 Back up and restore the internal database.................... 24 Set the database online or offline........................ 25 Execute SQL................................ 25 4 Directories 27 McAfee Web Reporter 5.2.1 Product Guide 3
Contents About directories.................................. 27 Internal directory.............................. 27 External directories.............................. 27 Configure the directories............................... 28 Create the internal directory user and group file.................. 28 Populate the internal directory......................... 29 Schedule internal directory updates....................... 29 Add or remove users from the internal directory.................. 29 Configure an external directory......................... 30 Update an external directory.......................... 30 Schedule external directory updates....................... 30 Associate users with groups............................. 31 Display directories with user names in reports...................... 31 Display full names with user names.......................... 32 5 Log sources 33 About log sources................................. 33 Log source modes.............................. 33 Log formats................................. 34 Custom log formats.............................. 40 User-defined columns............................. 40 Page views setting.............................. 41 Custom columns.................................. 42 Custom rule sets.................................. 42 Browse time threshold............................... 42 Configure a log source............................... 43 Edit multiple log sources............................ 44 Customize a log source............................... 44 Configure advanced collect settings.......................... 45 View custom log format use............................. 45 Configure browse time options............................ 45 6 Categorization using the McAfee Global Threat Intelligence database 47 About Global Threat Intelligence............................ 47 Configure Global Threat Intelligence.......................... 48 7 Logon accounts for administrators and users 49 Logon account types................................ 49 Logon account role and permissions.......................... 51 Delegated reports................................. 51 Configure logon accounts.............................. 52 Configure user interface timeout........................... 52 8 Email 53 About email.................................... 53 Configure email settings............................... 53 Test email settings.............................. 54 9 Mapped columns 55 Mapped columns overview.............................. 55 Configure mapped columns.............................. 55 10 System performance 57 About system performance.............................. 57 View performance statistics for the database...................... 57 Configure advanced performance options........................ 57 4 McAfee Web Reporter 5.2.1 Product Guide
Contents Configure memory allocation............................. 58 11 Database maintenance 59 About database maintenance............................. 59 Database records.................................. 59 Database records rollup............................ 60 View internal database settings............................ 61 Configure the database maintenance schedule...................... 61 Delete or roll up database records........................... 62 Delete database records by log source......................... 62 Repopulate columns................................ 63 Synchronize users................................. 63 Rebuild indexes.................................. 64 Manually rebuild indexes........................... 64 Set up regular index rebuilding jobs....................... 64 Run database statistics............................... 65 View the status of database maintenance jobs...................... 65 12 System maintenance 67 About system maintenance.............................. 67 Perform system maintenance............................. 67 Manual system maintenance.......................... 67 Schedule maintenance............................ 68 View the status of system maintenance jobs....................... 68 13 Configuration backup and restore 69 Configuration settings backup............................. 69 Back up the current configuration........................... 70 Restore configuration settings............................ 71 Index 73 McAfee Web Reporter 5.2.1 Product Guide 5
Contents 6 McAfee Web Reporter 5.2.1 Product Guide
Preface This guide provides the information you need to install, configure, and maintain your McAfee product. Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Conventions This guide uses these typographical conventions and icons. Book title, term, emphasis Bold User input, code, message Interface text Hypertext blue Title of a book, chapter, or topic; a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; a code sample; a displayed message. Words from the product interface like options, menus, buttons, and dialog boxes. A link to a topic or to an external website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. McAfee Web Reporter 5.2.1 Product Guide 7
Preface Find product documentation What's in this guide This guide is organized to help you find the information you need. This guide is intended for a reporting administrator who installs, configures, and maintains the McAfee Web Reporter. Administration tasks include creating logon accounts, managing delegated reporting permissions, configuring email settings, managing the database, directories, and log sources, and so on. This guide assumes the reporting administrator has: An understanding of the organization's filtering device or other log source A working knowledge of the organization's internal network An understanding of the operating system on which the McAfee Web Reporter is installed A working knowledge of the Internet and its protocols Find product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service, access the type of information you need: To access... User documentation Do this... 1 Click Product Documentation. 2 Select a product, then select a version. 3 Select a product document. KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version. 8 McAfee Web Reporter 5.2.1 Product Guide
1 Introduction 1 McAfee Web Reporter (Web Reporter) is a powerful reporting tool that allows you to create reports that show you how people in your organization are using the Internet. Contents About McAfee Web Reporter Elements Features About McAfee Web Reporter McAfee Web Reporter provides the reporting tools to identify issues in your organization such as liability exposure, productivity loss, bandwidth overload, and security threats. You can use this information to modify web use policies and provide guidance for appropriate Internet use in your organization. McAfee Web Reporter is compatible with: McAfee Web Gateway McAfee SaaS Web Protection Service McAfee SiteAdvisor Enterprise software Other third party web filtering solutions McAfee SmartFilter software Elements McAfee Web Reporter provides several elements to generate reports for your organization. Understand the role of each element to plan, use, and maintain McAfee Web Reporter. McAfee Web Reporter Server based software that contains: Configuration settings Created report definitions Log data (when using the internal database) Reporting database McAfee TrustedSource database (when you choose to download it) Web based user interface McAfee Web Reporter 5.2.1 Product Guide 9
1 Introduction Features Administrators and users These three groups of people use McAfee Web Reporter: Users People in your organization who access the Internet Reporting users People who create and view reports Reporting administrators People who install, configure, and maintain McAfee Web Reporter, and are able to create and view reports Database The database stores and then generates reports using data from each log source. McAfee Web Reporter is installed with an internal database (MySQL), or you may use one of these supported external database platforms: Microsoft SQL Server 2005 MySQL 5.5 Microsoft SQL Server 2008 Oracle 10g Microsoft SQL Server 2012 Oracle 11g MySQL 5.0 (MyISAM Storage Engine) Directory The directory contains user or group logon account information. McAfee Web Reporter is installed with an internal directory, or you can connect to one of these supported external directories: LDAP Microsoft Active Directory Novell edirectory Sun Java System Directory Server Log sources Log sources are devices on the network set up to generate (web filtering device) or store (FTP server) log files. Log files contain web filtering data that includes information such as user names, IP addresses, URLs, time stamps, and protocols. McAfee Web Reporter receives or collects and processes the log files, then imports the data into the database. Log sources include: Custom log formats NetCache FTP server McAfee Web Reporter server directory McAfee Web Gateway McAfee SaaS Web Protection Service McAfee Web Security format Features Review information about McAfee Web Reporter features to determine how you set up your reporting environment. Basic features McAfee Web Reporter basic features are available for free in every installation of the software. Table 1-1 Basic features Feature External directories Internal database or external databases Description Use your organization's directory servers to include user and group information in reports and for logon accounts. Use the internal database or a supported external database, depending on your organization and data needs. 10 McAfee Web Reporter 5.2.1 Product Guide
Introduction Features 1 Table 1-1 Basic features (continued) Feature External log source and standard log formats First four records in Advanced reports Quick View reports Description Use your organization's device that generates log files in one of the supported standard log formats. View the first four rows (also called records) of any Advanced report. To access full Advanced reports, purchase a license for premium features. View and interact with summary, custom, and favorite reports. Premium features McAfee Web Reporter premium features are available with the purchase of a license key. However, the premium features are available for free during a 90 day evaluation period. After the evaluation period expires, all premium features are disabled. McAfee Web Reporter premium reporting adds these features: Table 1-2 Premium features Feature Complete Advanced reports Custom log formats Custom logo Delegated reporting Description Advanced reports give you the ability to further customize reports through options, such as table or graph layout, advanced queries, and more. Advanced reports are available in the basic reporting version with up to the first four rows of data. To run a report and display all available data, purchase and activate the premium reporting license. Gives you the ability to assign predefined column headers, exclude columns, or rename columns for existing log files, in addition to the supported formats available in the basic version. Customize a log format using the Custom Log Format wizard. The logo image feature enables you to add a custom logo or another image to display on all exported reports. By default the McAfee logo appears on all exported reports. A role based access control used to restrict access to specific report data. Specify access to data for: Individual IP addresses or IP address ranges Individual users or user groups (internal users and directory based users) Log source Delegated reporting permissions are selected when the reporting account is configured. McAfee Web Reporter 5.2.1 Product Guide 11
1 Introduction Features 12 McAfee Web Reporter 5.2.1 Product Guide
2 Installation The installation procedure for McAfee Web Reporter varies depending on the operating system and the type of installation (first time or upgrade). This section provides instructions about installing McAfee Web Reporter in a variety of environments. Contents Setup requirements Licensing McAfee Web Reporter Download and install the software Enable premium features Disable premium features Upgrade the software Install a patch Uninstall the software Setup requirements Before setting up McAfee Web Reporter, review the system and license requirements. System requirements To install and operate McAfee Web Reporter, the system must meet these minimum requirements. Table 2-1 Hardware requirements Hardware Processor RAM Disk space Requirement 2 GHz Dual CPU (or Dual Core) 32 bit (x86) 2 GHz Dual CPU (or Dual Core) 64 bit (x86_64, SPARC) 2 GB 600 MB for software 1 GB of space for every GB of log data collected and processed Table 2-2 Software requirements 32 bit processor Operating system Version Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2008 Service Pack 1 Red Hat Enterprise Linux 4.5 server Red Hat Enterprise Linux 5.4 server McAfee Web Reporter 5.2.1 Product Guide 13
2 Installation Licensing McAfee Web Reporter Table 2-3 Software requirements 64 bit processor Operating system Version Windows Server 2003 Service Pack 2 Windows Server 2008 Service Pack 1 Windows Server 2008 Release 2 Oracle Solaris (on Oracle's Sun SPARC systems) 9 or 10 Red Hat Enterprise Linux 4.5 server Red Hat Enterprise Linux 5.4 server Supported browsers Microsoft Internet Explorer 6.x and later (with Java version 6 or higher installed) Mozilla Firefox 3.6.x (with Java version 6 or higher installed) Safari 5.0 (on Apple OS X) Report requirements One or more log sources One or more directory servers One database License for premium features Licensing McAfee Web Reporter Basic McAfee Web Reporter features do not require a license and run without restriction. Premium features are fully enabled during the 90 day evaluation period that begins immediately after installation. However, a license is required to continue running premium features past the evaluation period. The remaining number of days for the evaluation period displays in the top right corner of the McAfee Web Reporter user interface. At the end of the evaluation period, all premium features are automatically disabled and all data is retained. If you have an existing license, your license key is accepted and activates premium features in your current version of McAfee Web Reporter. The expiration date remains unchanged for your existing license and appears in the user interface. Download and install the software Download and install the software using the instructions for your operating system. s Download the software on page 15 Download the McAfee Web Reporter software from the McAfee download site. Install on a Microsoft Windows operating system on page 15 Install McAfee Web Reporter on a supported Microsoft Windows operating system. Install on a UNIX/Linux operating system on page 15 Install McAfee Web Reporter on a supported UNIX/Linux based operating system. 14 McAfee Web Reporter 5.2.1 Product Guide
Installation Download and install the software 2 Download the software Download the McAfee Web Reporter software from the McAfee download site. 1 Log on to the Microsoft Windows operating system as an administrator. 2 Go to http://www.mcafee.com/us/downloads/downloads.aspx. 3 Under Download My Products, enter your grant number, then click Go. 4 Download the software. 5 Select the directory to save the installation file, then click OK. Install on a Microsoft Windows operating system Install McAfee Web Reporter on a supported Microsoft Windows operating system. 1 Locate and run the installation file. 2 Follow the prompts to install the software. In the Logon Credentials window, enter a name and password (at least six characters) for the default reporting administrator. In the Email settings window, enter the email account settings to receive notifications or reports via email. This step is optional. If you do not provide email information at this time, enter the necessary information in the Email delivery window. Email information is necessary for the emailed reports and alerts features. Install on a UNIX/Linux operating system Install McAfee Web Reporter on a supported UNIX/Linux based operating system. 1 Locate and change permissions on the installation file using chmod 700 <installation filename>. 2 Run the installation file. For Red Hat Linux users, select the platform that best matches the version of Linux you are installing the software on. 3 Follow the prompts to install the software: In the Logon Credentials window, enter a name and password (at least six characters) for the default reporting administrator. In the Email settings window, enter the email account settings to receive notifications or reports via email. If you do not provide email information at this time, you can enter the necessary information in the Email delivery window in the interface. Email information is necessary for the emailed reports and alerts features. In the User account window, enter a UNIX/Linux user account that has a valid logon shell. McAfee Web Reporter 5.2.1 Product Guide 15
2 Installation Enable premium features Enable premium features Activate a license to enable McAfee Web Reporter premium features. Before you begin To enable premium features, you must have a license. If you need to obtain a license, contact your sales representative, authorized reseller, or contact Customer Service directly by visiting service.mcafee.com. To Automatically activate a license Follow these steps Automatically activate a license when the server has an Internet connection. 1 Select Administration Setup License. 2 Click Activate. 3 In the Automatically Activate tab, fill in all fields. 4 Click Activate. Manually activate a license Manually activate a license when you have a license key and the server does not have an Internet connection. 1 Select Administration Setup License. 2 Click Activate. 3 In the Manually Activate tab, fill in the License key field. 4 Click Activate. Disable premium features Disable McAfee Web Reporter premium features at any time, including the evaluation period. 1 Select Administration Setup License. 2 Click Disable premium features, then click Save. Upgrade the software Upgrade to the latest version of the software. s Back up the current configuration on page 17 Create a backup file in order to restore configuration settings after upgrading the McAfee Web Reporter software. Upgrade the software on page 17 Upgrade McAfee Web Reporter to the latest version. Update the database schema on page 19 Update the McAfee Web Reporter database schema after a software upgrade. 16 McAfee Web Reporter 5.2.1 Product Guide
Installation Upgrade the software 2 Back up the current configuration Create a backup file in order to restore configuration settings after upgrading the McAfee Web Reporter software. If you plan to use a backup file after uninstalling and re installing McAfee Web Reporter, save the backup file to a location other than the McAfee Web Reporter application folder. 1 Select Administration Tools System Backup. 2 Select System Backup. 3 Perform one of these actions: Click Browse, navigate to a directory where you want to store the backup file, click Select, then click Start. Click Start. A backup folder and corresponding XML file are created. A backup.xml file is saved in C:\Program Files\McAfee\Web Reporter\reporter\conf\ (for UNIX/Linux: /opt/mcafee/ WebReporter/reporter/conf), where 123456789 is the time stamp. When the System Backup message appears, click OK. The backup process can take several minutes. 4 Close McAfee Web Reporter after the backup is complete. 5 Stop the McAfee Web Reporter services. 6 Navigate to C:\Program Files\McAfee\Web Reporter\reporter (for UNIX/Linux: /opt/mcafee/ WebReporter/reporter) directory and back up these files and directories:.../conf/.../mysql/var/reporting/.../log/realtime.log (if you use real time logging).../docs/ 7 Upgrade McAfee Web Reporter. If there are issues after the upgrade, reinstall the previous running version and restore the backup files. Upgrade the software Upgrade McAfee Web Reporter to the latest version. Before you begin Determine if you are upgrading the McAfee Web Reporter 32 bit software to the latest 32 bit version, or if you are upgrading the McAfee Web Reporter 32 bit software to the 64 bit version. Then follow the appropriate software upgrade installation instructions. McAfee Web Reporter 5.2.1 Product Guide 17
2 Installation Upgrade the software s Upgrade 32-bit software on page 18 Upgrade an existing McAfee Web Reporter 32 bit software installation to the latest McAfee Web Reporter 32 bit software. Upgrade 64-bit software on page 18 Upgrade from McAfee Web Reporter 32 bit to 64 bit, or an existing McAfee Web Reporter 64 bit installation to the latest 64 bit software. Upgrade 32-bit software Upgrade an existing McAfee Web Reporter 32 bit software installation to the latest McAfee Web Reporter 32 bit software. Before you begin Back up your current McAfee Web Reporter configuration. 1 Log on to the operating system as an administrator. 2 Locate and run the installation file. [UNIX platforms] Change permissions on the installation file using chmod 700 <installation filename>. [Linux] If you install the software on an unsupported Linux platform, a message appears requesting you to select a supported Linux platform from a supplied list. Select the platform that best matches the version of Linux that you are installing McAfee Web Reporter on. 3 Follow the prompts to complete the upgrade. The installer checks for a system backup file. The backup file contains all McAfee Web Reporter environment settings. If a backup file is found, McAfee Web Reporter continues with the upgrade. If a backup file is not found, a message appears to create a system backup file. Click Exit and log on to your current installation of McAfee Web Reporter, then create a system backup file. Log off of McAfee Web Reporter and restart the upgrade process. McAfee Web Reporter is upgraded to the latest 32 bit software. Upgrade 64-bit software Upgrade from McAfee Web Reporter 32 bit to 64 bit, or an existing McAfee Web Reporter 64 bit installation to the latest 64 bit software. Before you begin Back up your current McAfee Web Reporter configuration. When you upgrade McAfee Web Reporter 32 bit to McAfee Web Reporter 64 bit, McAfee Web Reporter must be installed in a different directory do not use the existing McAfee Web Reporter 32 bit installation directory. After the upgrade, McAfee Web Reporter 64 bit is the default installation and McAfee Web Reporter 32 bit remains on the computer. 18 McAfee Web Reporter 5.2.1 Product Guide
Installation Upgrade the software 2 1 Log on to the operating system as an administrator. 2 Locate and run the installation file. [UNIX platforms] Change permissions on the installation file using chmod 700 <installation filename>. [Linux] If you install the software on an unsupported Linux platform, a message appears requesting you to select a supported Linux platform from a supplied list. Select the platform that best matches the version of Linux that you are installing McAfee Web Reporter on. 3 Follow the prompts to complete the upgrade. For UNIX, the installer asks for the user account. For 32 bit to 64 bit: The installer asks if you want to migrate the internal database. Ensure that you have sufficient disk space to migrate the internal database. The install checks for a system backup file. If a backup file is found, the installer asks to import the file. If a backup file is not found, the installer upgrades as a new installation and continues; the 32 bit version remains on the computer. For 64 bit to 64 bit, the installer checks for a system backup file. If a backup file is found, the installer asks to import the file. If a backup file is not found, a message appears to create a system backup file. Click Exit and log on to your current installation of McAfee Web Reporter, then create a system backup file. Log off of McAfee Web Reporter and restart the upgrade process. McAfee Web Reporter is upgraded to the latest 64 bit software. Update the database schema Update the McAfee Web Reporter database schema after a software upgrade. The database schema is used as tables and fields in the McAfee Web Reporter database. When McAfee Web Reporter detects that the database schema is out of date (such as after an upgrade), the database Availability is displayed as Offline. Schema is out of date. and provides an Update Schema button. Depending on the size of your database, updating the database schema might take some time. 1 Select Administration Setup Database. 2 Click Update Schema. To partition the database at the same time you perform the schema update, click Advanced and select Partition Schema, then click Update Schema. However, partition the database only if needed. After the partition begins, the action cannot be canceled or reversed. This option is not available if the database is already partitioned. The database Availability is displayed as Connected. McAfee Web Reporter 5.2.1 Product Guide 19
2 Installation Install a patch Install a patch Install available software patches. When a new software patch is available, a triangle appears in the upper right corner of the user interface. The symbol appears until the software is updated. 1 In the upper right corner of the user interface, click the triangle. 2 In the Notifications window, click the McAfee Product Downloads page link. 3 Under Download My Products, enter your grant number and click Go. 4 Download the software and install the patch. Uninstall the software Uninstall the McAfee Web Reporter software from your operating system. s Uninstall from Microsoft Windows on page 20 Uninstall McAfee Web Reporter from Microsoft Windows operating systems. Uninstall from UNIX/Linux on page 20 Uninstall McAfee Web Reporter from UNIX/Linux operating systems. Uninstall from Microsoft Windows Uninstall McAfee Web Reporter from Microsoft Windows operating systems. 1 In the Microsoft Windows Control Panel, select Add or Remove Programs. 2 Select McAfee Web Reporter (32 bit) or (64 bit), then click Remove. Uninstall from UNIX/Linux Uninstall McAfee Web Reporter from UNIX/Linux operating systems. 1 In the McAfee Web Reporter uninstall directory, run./uninstaller.bin. 2 In the Welcome window, click Next. 3 In the Summary Information window, click Uninstall. 4 In the Uninstall Complete window, click Finish. 20 McAfee Web Reporter 5.2.1 Product Guide
3 Configuring 3 a database McAfee Web Reporter requires a database to store data from log files. Set up a database that is appropriate for the size of your organization and the amount of data it generates using the default internal database, or one of a selection of external databases. Contents When to use an internal database When to use an external database Configure the database When to use an internal database During installation, McAfee Web Reporter automatically configures to use the internal database. The internal database installs on the same drive as McAfee Web Reporter. Log files and data from the internal database are not transferable to another database. Evaluate if using an internal database is necessary for your organization's needs. You must have enough free drive space to accumulate data in the internal database. McAfee recommends using an internal database for these situations: Small to medium size organizations Evaluating McAfee Web Reporter When to use an external database Use an external database to store the data collected from log files. Connect McAfee Web Reporter to one of these supported external database platforms to store report data: Microsoft SQL Server 2005 MySQL 5.5 Microsoft SQL Server 2008 Oracle 10g Microsoft SQL Server 2012 Oracle 11g MySQL 5.0 (MyISAM Storage Engine) Evaluate is using an external database is necessary for your organization's needs. McAfee Web Reporter 5.2.1 Product Guide 21
3 Configuring a database Configure the database McAfee recommends using an external database for these situations: There is more than 50 GB of data to store In a medium to large size organization Do not want to condense log records into page views Need to increase performance Need additional database management tools Refer to the product documentation for your external database for instructions about backing up the database. Configure the database Configure internal or external database options depending on the amount data your organization needs to store. Contents Connect to an external database Update the database schema Partition the database Back up and restore the internal database Set the database online or offline Execute SQL Connect to an external database If you want to use an external database rather than the default internal database, you must connect McAfee Web Reporter to the external database. Before you begin You will need to provide the database address, port, logon information, and name. Any user on the Microsoft SQL Server database is required to have db_owner privileges. Install McAfee Web Reporter and the external database on the same computer, or on separate computers. If McAfee Web Reporter is installed on the same computer as the external database, there must be enough disk space to accumulate data according to your organization's needs. Refer to the product documentation for your external database for instructions about backing up the database. 1 Select Administration Setup Database. 2 In the Database window, select This external database, then select an external database type from the drop down list. 3 In the Database settings window, fill in the fields. 22 McAfee Web Reporter 5.2.1 Product Guide
Configuring a database Configure the database 3 4 Click Test to verify the settings are correct. 5 Click Save. Update the database schema After the database is configured, update the database schema. The database schema is the definition of tables and fields used in the McAfee Web Reporter database. When McAfee Web Reporter detects that the database schema is out of date (such as after an upgrade), the database Availability is displayed as Offline. Schema is out of date. and provides an Update Schema button. Depending on the size of your database, updating the database schema might take some time. 1 Select Administration Setup Database. 2 Click Update Schema. To partition the database at the same time you perform the schema update, click Advanced and select Partition Schema, then click Update Schema. However, partition the database only if needed. After partitioning begins, the action cannot be canceled or reversed. This option is not available if the database is already partitioned. The database Availability is displayed as Connected. Partition the database Partition the database to improve the performance of report generation and scheduled maintenance when there is a large amount of data in the database. Before you begin Partition the database only if needed. After partitioning begins, you cannot cancel or reverse this action. This option is not available if the database is already partitioned. McAfee Web Reporter supports partitioning for the following databases: Microsoft SQL Server 2005 and SQL Server 2008 Enterprise Edition Oracle 10g and Oracle 11g Enterprise Edition McAfee Web Reporter processes, such as importing logs and generating reports, are not available during partitioning. 1 Select Administration Setup Database. 2 Click Advanced. 3 Click Partition Schema. If the schema needs updating, both Update Schema and Partition Schema options are available and can be performed at the same time. To complete both actions at once, select Partition Schema, then click Update Schema. McAfee Web Reporter 5.2.1 Product Guide 23
3 Configuring a database Configure the database The action completes and McAfee Web Reporter sets the database to Connected. Back up and restore the internal database Back up the internal database to safeguard your data against hardware failures or other issues. Reinstate data from the backup using the restore feature. Before you begin McAfee recommends using the MySQL GUI Tools, which includes MySQL Administrator, to back up or restore the McAfee Web Reporter internal database. The MySQL GUI Tools is available as a free download from dev.mysql.com/downloads/ gui tools and must be installed on the same computer as McAfee Web Reporter. You will need the following information when using this tool: Server Hostname 127.0.0.1 Password dba Port 9129 Database name reporting Username dba To Log off Shut down the Web Reporter Server service Follow these steps Log off McAfee Web Reporter For Microsoft Windows: 1 Select Control Panel Administrative Tools Services 2 In the Name columns, select one of these options: McAfee Web Reporter Server (32 bit) McAfee Web Reporter Server (64 bit) 3 Stop the service For Linux: 1 As root, open a terminal shell 2 Execute one of these commands: /etc/init.d/webreporter_x32_control stop /etc/init.d/webreporter_x64_control stop Perform the backup or restore procedure Use instructions in the MySQL Administrator documentation. 24 McAfee Web Reporter 5.2.1 Product Guide
Configuring a database Configure the database 3 To Start the Web Reporter Server service Follow these steps For Microsoft Windows: 1 Select Control Panel Administrative Tools Services 2 In the Name columns, select one of these options: McAfee Web Reporter Server (32 bit) McAfee Web Reporter Server (64 bit) 3 Start the service For Linux: 1 As root, open a terminal shell 2 Execute the following command: /etc/init.d/webreporter_control start Log on Log on to McAfee Web Reporter The backup or restore is complete and the internal database is functional. Set the database online or offline McAfee Web Reporter lets you set the database online or offline. If the database is set to offline, McAfee Web Reporter cannot run reports or queries, parse logs, run database maintenance, or display dashboard content. 1 Select Administration Setup Database. 2 Set the database online or offline. 3 Click Save to confirm the change. 4 Click Refresh to update the status message. Execute SQL Use the Execute SQL feature when you are working with technical support. Click Execute SQL to open a window that enables a reporting administrator to provide and execute SQL statements. McAfee Web Reporter 5.2.1 Product Guide 25
3 Configuring a database Configure the database 26 McAfee Web Reporter 5.2.1 Product Guide
4 Directories 4 Use directories to include information for user names and groups imported from log file data and for logon accounts. Contents About directories Configure the directories Associate users with groups Display directories with user names in reports Display full names with user names About directories Use the default internal directory, or connect to an external directory that contains existing network user and group accounts. Internal directory McAfee Web Reporter is installed with an internal directory to store the user and group names you create. Use the internal directory for a local list of user accounts. Create a list of local users and groups in a text file and import it into the McAfee Web Reporter internal directory when you do not have an external directory, or when you want a separate directory for custom user names and groups. The internal directory does not support nested groups. See also Display directories with user names in reports on page 31 Configure an external directory on page 30 External directories Connect McAfee Web Reporter to your organization's user directory. Use an external directory to include your organization's user names and groups in the log file data and logon accounts. McAfee Web Reporter uses existing user and group names from your directory in report data, or existing user or group accounts as logon accounts for the user interface. Supported external directory services include: Lightweight Directory Access Protocol (LDAP) Microsoft Active Directory McAfee Web Reporter 5.2.1 Product Guide 27
4 Directories Configure the directories Novell edirectory Sun Java System Directory Server Refer to the product documentation for your external database for instructions about backing up the database. Configure the directories Use the default internal directory, or connect McAfee Web Reporter to an external directory. Contents Create the internal directory user and group file Populate the internal directory Schedule internal directory updates Add or remove users from the internal directory Configure an external directory Update an external directory Schedule external directory updates Create the internal directory user and group file The internal directory is populated with a text file that contains the user and group information. Before you begin McAfee Web Reporter supports importing only UTF 8 encoded files for the internal directory 1 Open a new text file. 2 Enter the user and group information. When using the internal directory, the user and group names must not contain spaces. The content of the text file should look like this: group 1 user bcarlisle user jlock group 2 user jshepherd user jfourd 3 Save the file in a location accessible from McAfee Web Reporter. 28 McAfee Web Reporter 5.2.1 Product Guide
Directories Configure the directories 4 Populate the internal directory To use the internal directory for local logon accounts and custom user names and groups, populate the internal directory with a list of users and groups. Before you begin You must have a text file containing the user and group information readily accessible from McAfee Web Reporter. 1 Select Administration Setup Directories. 2 On the Directories tab, select internal, then click Edit. 3 Browse to the file on the reporting server or a location accessible from McAfee Web Reporter. 4 Click Import. The user structure appears in the Imported user and group structure pane at the bottom of the window. 5 Click OK to complete populating the internal directory. Schedule internal directory updates Schedule regular updates to the internal directory when there will be periodic changes to the text file that populates the internal directory. 1 Select Administration Setup Directories. 2 Select Internal and click Edit. 3 In the Edit Internal Directory window, click the Schedule tab. 4 Configure the frequency and start time for the scheduled updates, then click OK. Add or remove users from the internal directory Make changes to the internal director by updating the text file. If you remove users from the internal directory and then perform an update, any historical user data remains in the database and is available until this information is deleted from the database. 1 Open the text file that contains user information for the internal directory. 2 Add or delete users or groups. 3 Save and close the file. 4 Update the internal directory. McAfee Web Reporter 5.2.1 Product Guide 29
4 Directories Configure the directories Configure an external directory Connect McAfee Web Reporter with your organization's directory (an external directory) to include user and group information in reports. You can also use your directory user and group accounts to create logon accounts. Before you begin Gather this directory service information: Name Port Type Logon information Address 1 Select Administration Setup Directories, then click Add. 2 Specify the basic settings for the directory. McAfee Web Reporter automatically associates user names with directory resources using Microsoft Windows domain information from the log file. To take advantage of this feature, the directory resource name must exactly match the name (case insensitive) of the Microsoft Windows domain information in the log file. 3 Complete directory configuration automatically using the Detect option, or manually by specifying additional settings on the Advanced tab. See also Display directories with user names in reports on page 31 Internal directory on page 27 Update an external directory Update an external directory when there are changes to user or group information that you want to see in McAfee Web Reporter. 1 Select Administration Setup Directories. 2 Select one or more directories from the list and click Update Now. Schedule external directory updates Schedule regular external directory updates to ensure current user and group information. 1 Select Administration Setup Directories. 2 Click Add. 30 McAfee Web Reporter 5.2.1 Product Guide
Directories Associate users with groups 4 3 In the Add or Edit Directory window, click the Schedule tab. Schedule updates during off peak times. The database (including new reports) is not available during directory updates. 4 Select the Schedule directory to update checkbox and configure the frequency and start time, then click OK. The next update will occur at the scheduled time. Associate users with groups Groups appear after McAfee Web Reporter starts tracking group membership. To track group membership, McAfee Web Reporter pulls a list of groups from a directory during log file processing and directory updates. 1 Create a directory resource and configure the group attribute. 2 Add the directory to one or more log sources. a Select Administration Setup Log Sources. b c d e Add or Edit a log source. In the Add or Edit Log Source window, click the Directories tab. From the Available directories list, add a directory to the log source, then click OK. Click Import log data and select files that contain users in the previously added directory. 3 Create a group filter and use it in a report to begin tracking group membership. a Select Quick View Custom. b c d e Expand Report type and filters. Click the arrow beside the All user names, and select Add from the drop down list. Select Users & Groups Add manually Add from directory. Search the directory for the group you want to track, include it in the filter, then click OK. 4 Update the directory. The reporting database is populated with a list of groups and users are associated with the appropriate groups. See also Log source modes on page 33 Display directories with user names in reports Display directory and user names in reports. McAfee Web Reporter 5.2.1 Product Guide 31
4 Directories Display full names with user names 1 Select Administration Options General. 2 Select the Display directories with user and group names checkbox, then click Save. See also Configure an external directory on page 30 Internal directory on page 27 Display full names with user names Use this option when you want reports to include full names of users with their shortened user names. Before you begin Verify the Full name key is specified in the directory setup. 1 Select Administration Options General. 2 Click the Display full names with user names checkbox, then click Save. 32 McAfee Web Reporter 5.2.1 Product Guide
5 Log 5 sources Log sources are used to obtain log file data from a filtering device. The log files contain web usage data that is used in reports. McAfee Web Reporter processes the log files and stores the data in a database. Contents About log sources Custom columns Custom rule sets Browse time threshold Configure a log source Customize a log source Configure advanced collect settings View custom log format use Configure browse time options About log sources A log source in McAfee Web Reporter corresponds to a device on your network (such as a McAfee Web Gateway appliance) or the cloud, which collect web filtering data and places the data in log files. The web filtering data stored in log files shows data about how people in your organization are using their access to the Internet. McAfee Web Reporter then uses this data to generate reports. Log source modes Use a log source mode to obtain log file data from a log source. When configuring a log source, select one of the available modes, or manually import a single log file. The mode you select depends on the ability of your web filtering device to send log files. Accept incoming log files For organizations with web filtering devices that write their own log files and have the ability to send the log files to another location (such as the McAfee Web Reporter server); log files can be accepted from: McAfee Web Gateway (Webwasher) Auto Discover McAfee SaaS Web Protection Service Format McAfee Web Reporter 5.0 and higher Text Format McAfee SiteAdvisor Enterprise Format McAfee SmartFilter IFP SFv4 Text Format McAfee SmartReporter 4.2 and higher Text Format McAfee Web Reporter 5.2.1 Product Guide 33
5 Log sources About log sources McAfee Web Security Format Blue Coat SG Auto Discover Collect log files from For organizations using devices that write their own log files, but are unable to send the log files to another location; log files can be collected from: McAfee Web Gateway 6.x (Webwasher) FTP Server McAfee Web Gateway 7.x A directory on report server McAfee SaaS Web Protection Service NetCache When using the Directory on report server option, approximately 1 GB of temporary space is needed on the McAfee Web Reporter server for every gigabyte of log data collected and processed. McAfee Web Gateway provides the ability to allow custom block_res codes for specific action such as authorized overrides and coaching. Accept real time log data For organizations using SmartFilter software Import Log For situations when you want to manually import log files from a local directory on the McAfee Web Reporter server See also Associate users with groups on page 31 Log formats Log formats determine how McAfee Web Reporter processes (also called parsing) data from log files, and how the data is stored in the database. Log formats consist of automatic discover and fixed field log formats. Automatic-discover log formats McAfee Web Reporter supports some automatic discover log formats. However, some modifications to the log file headers are necessary to correctly parse the data. The following tables provide necessary header modifications for automatic discover log formats: Blue Coat McAfee Web Gateway This table provides information on Blue Coat log file headers used in McAfee Web Reporter and the necessary modifications for McAfee Web Reporter to correctly parse the data. Some cells remain intentionally empty. Table 5-1 Blue Coat header formats Format in extended log file Custom Content policy language Description c ip %a IP address of the client cs bytes cs categories Number of bytes sent from client to appliance All content categories of the request URL 34 McAfee Web Reporter 5.2.1 Product Guide
Log sources About log sources 5 Table 5-1 Blue Coat header formats (continued) Format in extended log file Custom Content policy language Description cs categories bluecoat cs categories external cs categories local cs categories policy cs categories provider cs categories qualified cs category All content categories of the request URL that are defined by Blue Coat Web Filter All content categories of the request URL that are defined by an external service All content categories of the request URL that are defined by a local database All content categories of the request URL that are defined by CPL All content categories of the request URL that are defined by the current third party provider All content categories of the request URL, qualified by the provider of the category Single content category of the request URL (such as sc filter category) cs host %v Host name from the client s request URL; if URL rewrite policies are used, this field s value is derived from the log URL cs method cs request line Request method used from client to appliance First line of the client s request c dns %h Host name of the client (using the client s IP address to avoid reverse DNS) cs uri url log_url Original URL requested The log URL cs uri address cs uri categories cs uri categories bluecoat url.address log_url.address IP address from the original URL requested; DNS is used if the URL is expressed as a host name IP address from the log URL; DNS is used if URL uses a host name All content categories of the request URL All content categories of the request URL that are defined by Blue Coat Web Filter McAfee Web Reporter 5.2.1 Product Guide 35
5 Log sources About log sources Table 5-1 Blue Coat header formats (continued) Format in extended log file cs uri categories external cs uri categories local cs uri categories policy cs uri categories provider cs uri categories qualified cs uri category cs uri host cs uri hostname Custom Content policy language url.host log_url.host url.hostname log_url.hostname Description All content categories of the request URL that are defined by an external service All content categories of the request URL that are defined by a local database All content categories of the request URL that are defined by CPL All content categories of the request URL that are defined by the current third party provider All content categories of the request URL, qualified by the provider of the category Single content category of the request URL (such as sc filter category) Host name from the original URL requested Host name from the log URL Host name from the original URL requested; RDNS is used if the URL is expressed as an IP address Host name from the log URL; RDNS is used if the URL uses an IP address cs uri path blank %U url.path blank Path of the original URL requested without query Path from the log URL without query cs uri pathquery url.pathquery log_url.pathquery Path and query of the original URL requested Path and query from the log URL cs uri port url.port log_url.port Port from the original URL requested Port from the log URL cs uri query blank %Q url.query blank Query from the original URL requested Query from the log URL 36 McAfee Web Reporter 5.2.1 Product Guide
Log sources About log sources 5 Table 5-1 Blue Coat header formats (continued) Format in extended log file cs uri scheme cs uri stem Custom Content policy language url.scheme log_url.scheme Description Scheme of the original URL requested Scheme from the log URL Stem of the original URL requested Stem from the log URL The stem includes everything up to the end path, but does not include the query. cs user %u Qualified user name for NTLM; relative user name for other protocols cs userdn cs username Full user name of a client authenticated to the proxy (fully distinguished) Relative user name of a client authenticated to the proxy (not fully distinguished) date %x date.utc GMT date in YYYY MM DD format gmttime %t GMT date and time of the user request in [DD/MM/ YYYY:hh:mm:ss GMT] format localtime %L Local date and time of the user request in [DD/MMM/ YYYY:hh:mm:ss +nnnn] format rs(content Type) %c response.header.content Type Response header: Content type sc bodylength Number of bytes in the body (excludes header ) sent from appliance to client sc bytes %b Number of bytes sent from appliance to client sc filter category %f Content filtering category of the request URL sc filter result %W Content filtering result: Denied, Proxied, or Observed sc headerlength Number of bytes in the header sent from appliance to client sc status %s Protocol status code from appliance to client time %y time.utc UTC (GMT) time in HH:MM:SS format McAfee Web Reporter 5.2.1 Product Guide 37
5 Log sources About log sources Table 5-1 Blue Coat header formats (continued) Format in extended log file Custom Content policy language Description timestamp %g Unix type time stamp x cache user x client address x client ip Relative user name of a client authenticated to the proxy (not fully distinguished; same as cs username) IP address of the client IP address of the client x cs dns client.host The host name of the client obtained through reverse DNS x cs http method http.method HTTP request method used from client to appliance; empty for non HTTP transactions x cs user authorization name user.authorization_name User name used to authorize a client authenticated to the proxy x cs user credential name user.credential_name User name entered by the user to authenticate to the proxy x cs user login address user.login.address The IP address that the user was authenticated in x cs username or ip Used to identify the user using either their authenticated proxy user name or, if that is unavailable, their IP address x sc http status http.response.code HTTP response code sent from appliance to client x virus id icap_virus_id Identifier of a virus if one was detected This table provides information on McAfee Web Gateway log file headers used in McAfee Web Reporter and the necessary modifications to correctly parse the data. Table 5-2 McAfee Web Gateway header formats Header "attribute" "auth_user" "auth_user_anonymous" block_res bytes_to_client bytes_from_client bytes_to_server bytes_from_server "categories" elapsed_time Description URL categories Client user name Anonymous user name Filtering action Number of bytes written to the client Number of bytes received from the client Number of bytes sent to the web server from Web Gateway Number of bytes received from from the web server URL categories Time to process request 38 McAfee Web Reporter 5.2.1 Product Guide
Log sources About log sources 5 Table 5-2 McAfee Web Gateway header formats (continued) Header "media_type" "profile" "referer" "rep_level" "req_line" src_host src_ip status_code time_stamp unix_epoch "user_agent" "virus_name" Description Content type header Skipped Referer Reputation of the URL Request Client host name Client IP address HTTP status code Time of request UNIX time stamp Client user agent Name of virus found in the request Fixed-field log formats Some supported fixed field log formats do not require any header changes. McAfee Web Reporter correctly parses the data from these log files without any modifications. The following table provides information about supported log file formats that are not automatic discover in McAfee Web Reporter. This table includes examples of the expected header information found in the corresponding log file format. Any deviation from the expected field format can result in inaccurate reports. Table 5-3 Non automatic discover log file formats Log file type Expected formats Examples Blue Coat SG SmartReporter Format McAfee SaaS Web Protection Service McAfee Web Security Format "[dd/mm/yyyy:hh:mm:ss timezone]" "computer name" client ip url action "cat match list" username bytes "user_id", "username", "source_ip", "http_action", "server_to_client_bytes", "client_to_server_bytes", "requested_host", "requested_path", "result", "virus", "request_timestamp_epoch", "request_timestamp_formatted", "uri_scheme", "category" tv_sec.(tv_usec/1000) cache_msec client_ip cache_code/ http_code cache_size method_str url user hier_code/hier_host content_type sf_action "sf_cats" "[15/05/2001:15:08:34 GMT]" "FunZone 77" 10.1.1.19 http://www.google.com/ OBSERVED "Search Engines" 909 "47877615", "rrengo@webreporter.com", "172.22.65.200", "GET", "664", "2837", "www.myspace.com", "/", "DENIED", "", "1319501356", "2011 10 24 18:09:16 06", "http", "Social Networking" 1085754420.626 1 172.17.68.177 TCP_DENIED/403 0 GET http://www.msn.com/ sjones ONE/ DENY "Portal Sites" McAfee Web Reporter 5.2.1 Product Guide 39
5 Log sources About log sources Table 5-3 Non automatic discover log file formats (continued) Log file type Expected formats Examples SiteAdvisor Enterprise Software Format McAfee Firewall Enterprise SFv4 Text Format SmartFilter Software IFP SFv4 Text Format DetectedUTC EventTypeID CategoriesShortName URL ActionID RatingID ReasonId AgentGUID User MachineName PhishingFacet DownloadsFacet SpamFacet PopupsFacet BadlinkerFacet ExploitFacet IP MIMEType client_ip user_1 [time_stamp] "GET url" http_status sf_action sf_cats client_ip user_1 [time_stamp] "GET url" http_status sf_action sf_cats 2009 01 01T14:31:12 18600 rb http://www. 0d6b214a aafe 42e9 a150 c237c86cd959.com/ a9cf15e0 c151 408a a8b2 fb31debd8e7c.html 1 1 9 ef4a3a5b 773b 467f af1f f1ddb0f5ba31 sara machine1 6 3 6 6 1 6 192.168.0.1 text/html 172.17.68.177 jlock [28/Jun/2004:11:44:54] "GET http://www.msn.com" 403 COACH "Portal Sites" 172.17.68.177 imanderson [28/Jun/ 2004:11:44:54] "GET http://www.msn.com" 403 COACH "Portal Sites" Custom log formats When a log format does not fit any of the formats listed in McAfee Web Reporter, create a custom log format to obtain log file data. Creating a custom log format assigns a field that is not recognized by McAfee Web Reporter to a data column. After creating the custom log format and assigning it to a log source, each new log file from that log source is processed using the custom format. Use these guidelines when considering a custom log format: To configure a custom log format, an original log file must reside on the McAfee Web Reporter server. At a minimum, a custom log format requires the assignment of the following fields: Time, Client Address, and URL. Any unassigned columns (labeled as Ignore) are skipped during log file processing and that data is not stored in the database. User-defined columns With user defined columns, you can substitute column data values with a custom string value, and pull data from log file fields that might normally be skipped. User defined columns only work with detail data and are used to repopulate database columns during database maintenance. Configure up to four user defined columns for each log source during log file processing to substitute column data, or obtain data from columns that are normally skipped. When a custom column header is assigned to a custom log format, a user defined column needs to be configured so the log source include the custom log format column during processing. User defined columns do the following: 40 McAfee Web Reporter 5.2.1 Product Guide
Log sources About log sources 5 Include skipped log field data During log file processing, some log file fields are skipped. For example, log file processing skips the Referrer field or the McAfee Web Gateway Policy name field. When you want your reports to include data from any skipped fields in reports, you can configure up to four user defined columns to get the data from the skipped fields. Assign a custom value to column data Substitute standard column data with a custom string value to make it easier to find and review in reports. For example, you want to assign test lab to all IP addresses beginning with 115 and assign other to any additional IP addresses. In the report, the user defined column displays either test lab or other in place of the numeric value of IP addresses. When you create a user defined column, McAfee Web Reporter treats this as an additional column and leaves the original column and original data in the log file. Using the previous example of substituting IP addresses, the original IP address column data remains unchanged and is still available for use in reports. When entering a value in the Log file header value box, do not use quotation marks. See also Custom rule sets on page 42 Customize a log source on page 44 Configure a log source on page 43 Page views setting The Condense log records into page views setting on the Processing tab for a log source affects queries and disk space requirements for the reporting database. Page views, sometimes referred to as hits, are related to HTTP requests. Each line of a log file is a separate HTTP request for a webpage element. Viewing one webpage can result in multiple lines of records in the log file. The Condense log records into page views option consolidates multiple lines of data from a log file into a single page view in reports. Condensing log records into page views generates a broad report view when using either summary or detailed queries. For example, condensing log records into page views could potentially reduce a 1 GB log file down to a 100 MB log file. The file size is currently limited to 1 GB. By default, the Condense log records into page views option is enabled. If you disable this option, each webpage you visit, and each element on the page, are logged as separate HTTP requests. For example, if you visit www.example.com, and that page contains multiple elements, then the log data would look like this: www.example.com www.example.com/rss.xml www.example.com/advertisement.js adserver.example.com/ad1.jpg adserver.example.com/ad2.jpg adserver.example.com/ad3.jpg With Condense log records into page views enabled, your log data will show only one HTTP request as a page view www.example.com. See also Configure a log source on page 43 McAfee Web Reporter 5.2.1 Product Guide 41
5 Log sources Custom columns Custom columns Custom columns substitute the data in the browser and cache columns in your log files with a word or phrase that better identifies the browser or cache value. Custom columns are pre defined rules. Instead of your reports containing Mozilla/4.0 (compatible; MSIE 7.0 ), the reports contain Internet Explorer 7.0. However, the original data value is retained in your database. Each custom column uses a configured rule set to substitute technical data values from the browser or cache columns, and substitute with common identifiers to make the browser and cache data in your reports more recognizable. See also Custom rule sets on page 42 Customize a log source on page 44 Custom rule sets Rule sets are customized instructions that tell McAfee Web Reporter to look for a specific string of data during log file processing and replace it with a different string. This resulting string appears in reports and is more recognizable to users. A test function is available to validate the result of a rule set. Rule sets make your custom columns and user defined columns work. Configure rule sets to find any string that appears in a log file and replace it with a different string defined by you. The string can be letters, numbers, and symbols. Custom column rule sets Custom columns are predefined for the browser and cache columns. Each custom column has a corresponding rule set. You can modify the rule sets, but you cannot add or delete rule sets for the custom columns. User defined column rule sets User defined columns are customized by you for any available log record or header. You create the rule sets for these columns, which can be edited, deleted, copied, and used by more than one user defined column at a time. See also User-defined columns on page 40 Customize a log source on page 44 Configure a log source on page 43 Custom columns on page 42 Browse time threshold You can specify the length of time for the browse time threshold. McAfee Web Reporter estimates a user's browse time by calculating the difference between the time stamps of two log lines. 42 McAfee Web Reporter 5.2.1 Product Guide
Log sources Configure a log source 5 For example, if the log file shows that Jon Lock visits www.example.com at 03:00:00 p.m. and then news.example.com at 04:30:00 p.m., the browse time is the 1 hour 30 minutes that occurred between the time he first visited www.example.com and then visited news.example.com. However, Jon Lock probably did not spend more than one hour viewing a single webpage. To compensate for this, McAfee Web Reporter overrides the estimated browse time with a default browse time. The browse time threshold option specifies the maximum length of time you expect a user to spend viewing a single webpage. The default is three minutes. When a user exceeds the browse time threshold, the default browse time is recorded in the database instead. Configure a log source Configure the log source options in McAfee Web Reporter to collect web filtering data for generating reports. To Configure the log source mode and format Follow these steps Configure a log source that contains the data used in reports. 1 Select Administration Setup Log Sources, then click Add. 2 Enter a name for the log source. 3 Select the appropriate mode for your device according to how McAfee Web Reporter will pull log files. 4 From the Log Format drop down list, select the log format that corresponds to your device. Configure user defined columns You can use up to four user defined columns for each log source. The user defined columns rules are used when log files are processed for the log source. 1 In the Add window, click the User Defined Columns tab. 2 Select up to four user defined columns. 3 Select the Populate this column checkbox. 4 From the Log record drop down list, select a source data type. If the log record is not found in the drop down list, use the Log file header definition box to define a header. The Log file header must match the log format column header. 5 Select the Apply this rule set checkbox and choose a pre defined rule set from the drop down list. Configure processing and post processing options Determine how McAfee Web Reporter handles the data it pulls from the log files. 1 In the Add window, click the Processing or Post Processing tabs. 2 Select the appropriate options, then click OK. See also Page views setting on page 41 Customize a log source on page 44 User-defined columns on page 40 Custom rule sets on page 42 McAfee Web Reporter 5.2.1 Product Guide 43
5 Log sources Customize a log source Edit multiple log sources Select multiple log sources to edit the log source options. 1 Select Administration Setup Log Sources. 2 Press Ctrl and select multiple log sources, then click Edit. 3 Choose from these multi edit options: If the checkbox is checked, the option is available for all log sources. If the checkbox is unchecked, the option is unavailable for all log sources. If the checkbox is a solid, black box, options vary between log sources and remain unchanged. Customize a log source Configure customizable log source options in McAfee Web Reporter to collect web filtering data for generating reports. To Configure custom log formats Follow these steps Use custom log formats when you have log files with non standard headers. 1 Select Administration Setup Log Sources, and click the Custom Formats tab. 2 Click Add to open the Add Log Format Wizard. 3 Enter a name and browse to a log file. Click Next. 4 Click a column to open the Column Selection window and assign a column, then click OK. 5 Click Finish. When assigning column headers to columns, you must designate at least the Time, Client domain or IP address, and URL columns. Configure custom columns Custom columns are predefined columns with a set of corresponding predefined rule sets that you can edit. 1 On the Custom Columns tab, select a Custom Column. 2 To edit a rule set for a custom column, click Edit Rule Set. 3 Click Save. Configure custom rule sets Add, edit, copy, and delete rule sets for use with user defined columns. 1 On the Custom Rule Sets tab, click Add. 2 Configure the rule set using the available options, then click OK. See also Configure a log source on page 43 User-defined columns on page 40 Custom rule sets on page 42 Custom columns on page 42 44 McAfee Web Reporter 5.2.1 Product Guide
Log sources Configure advanced collect settings 5 Configure advanced collect settings View and edit the current last time and limit for log sources. 1 Select Administration Setup Log Sources. 2 Select the log source from the list. 3 Click Edit. 4 In the Edit Log Source window, select Collect log files from, and make a selection from the drop down list. 5 Click Advanced. An Advanced Collect Settings window appears. 6 Select the Update Last Retrieval Time checkbox, and choose a date and time. 7 Select the Update Retrieval Limit checkbox, choose a value, then click OK. View custom log format use The View Use window displays which log sources are using a particular custom log format. 1 Select Administration Setup Log Sources and click the Custom Formats tab. 2 Select a custom log format from the list and click Used By. The View Use window appears and displays the custom log format assignments. 3 Click Close. Configure browse time options Set the browse time threshold and default browse time for user browsing sessions. 1 Select Administration Options General. 2 In the Browse time area, configure the threshold and default browse time options, then click Save. McAfee Web Reporter 5.2.1 Product Guide 45
5 Log sources Configure browse time options 46 McAfee Web Reporter 5.2.1 Product Guide
6 Categorization 6 using the McAfee Global Threat Intelligence database Use Global Threat Intelligence to include category and reputation information for the URLs in McAfee Web Reporter log files. By default, the McAfee Web Gateway and McAfee SmartFilter software log files contain category and reputation information. Contents About Global Threat Intelligence Configure Global Threat Intelligence About Global Threat Intelligence The McAfee Global Threat Intelligence database (formerly known as the McAfee TrustedSource database) is McAfee's comprehensive, real time, cloud based threat intelligence service that enables McAfee products to protect customers against both known and emerging electronic threats across all threat vectors. Web categorization Global Threat Intelligence web domain categorization service enables McAfee products to take policy based action on user web activity, as well as protect customers against both known and emerging web based threats. Web categories are contained in a downloadable database where similar types of URLs are organized into groups based on webpage content. For example, www.mcafee.com and www.trustedsource.org are grouped in the Business category and the Software/Hardware category. Categorizing a particular URL is a defined process using objective standards and definitions. To gather and rate websites, McAfee uses various technologies, artificial intelligence techniques, and customer logs. After gathered and rated, sites are reviewed and the corresponding URLs are added to the database. Web reputation Global Threat Intelligence URL and web domain reputation service enables McAfee products to protect customers against known and emerging web based threats. Web reputations are contained in a downloadable database where each URL is assigned to a reputation that identifies the level of risk at which you are placing your network, computers, and personal information when you visit a particular URL. After Global Threat Intelligence technology determines the reputation, it is represented separate from and regardless of its categorization status. This means a URL can have a reputation score without categorization. For more information, see the McAfee Global Threat Intelligence Proxy 2.0.0 Product Guide. Download the guide from https://mysupport.mcafee.com/eservice/default.aspx. McAfee Web Reporter 5.2.1 Product Guide 47
6 Categorization using the McAfee Global Threat Intelligence database Configure Global Threat Intelligence Configure Global Threat Intelligence Configure McAfee Web Reporter to use Global Threat Intelligence web categorization and web reputation technologies by downloading the TrustedSource database. 1 Select Administration Options Categorization, and select the Download the TrustedSource Web Database checkbox. 2 Provide a valid serial number. Use premium features, McAfee Web Gateway, or SmartFilter software serial number. 3 Configure the frequency and start time to schedule regular database downloads. 4 Enter the address and port settings for the download server, if necessary. If you make any changes to the address or port fields for the download server settings, you must click Save to re enable the Download Now button. 5 Configure proxy settings when the McAfee Web Reporter server does not have a direct connection to the Internet. 6 Click Save. 48 McAfee Web Reporter 5.2.1 Product Guide
7 Logon 7 accounts for administrators and users Create logon accounts for additional administrators, and users who want to create and view reports. Contents Logon account types Logon account role and permissions Delegated reports Configure logon accounts Configure user interface timeout Logon account types The logon account type determines how the account accesses McAfee Web Reporter and whether the account permissions are inherited or unique. Local user Create logon accounts used only for McAfee Web Reporter. Users log on to the user interface with the user name and password provided by an administrator. Permissions are also determined by an administrator. Network user Use existing network accounts from a directory in McAfee Web Reporter as logon accounts. After the account is added, the user logs on to the user interface using their network user name and password. Permissions are determined by the administrator and are set up for the account individually, or are inherited from a network group account if you add the account to a parent group. You do not have to assign network user logons to a group even when they are members of the network group in your directory. Assign network user accounts to a group only when you want the account to inherit permissions from the group. Network group Create reporting user accounts that belong to an existing network group from a directory set up in McAfee Web Reporter. Using a network group allows you to assign the same permissions to each user account at the group level. After you select a group and set permissions, any user who is a member of that group can log on to McAfee Web Reporter using their network user name and password. McAfee Web Reporter 5.2.1 Product Guide 49
7 Logon accounts for administrators and users Logon account types If you already have individual network user logon accounts for McAfee Web Reporter, you can add them to a newly setup network group. Verify that the existing network user is a member of the network group, and then add or edit the network user account and assign it to the network group logon using the Parent Group option. Do not assign a group if you want unique permissions set for a network user logon. Example of using network user and group Assume you want to create a McAfee Web Reporter logon account for Jon Lock using his network account, jlock. The account, jlock, is a member of two network groups Management and HR. Both groups, Management and HR, are set up as network group logons. You want the jlock logon account to inherit permissions from the Management network group logon, not the HR group. Follow these scenarios to complete account setup for the jlock account: The network group logon account You first set up the network groups as logons in McAfee Web Reporter. At this point, Jon Lock can log on to the user interface with his jlock network account because it is a member of at least one network group that is defined in McAfee Web Reporter as a logon group. When jlock logs on to the user interface, his account automatically appears within the first group McAfee Web Reporter finds his account a member of. Since McAfee Web Reporter searches the groups in alphabetical order, McAfee Web Reporter assigns jlock to HR. However, you want the jlock account to appear within Management. As an administrator, you can now edit the jlock account to manually assign this account to the Management network group logon. After assigning the jlock account to Management, it now appears within the Management group in the user interface and inherits account permissions from this group. The network user logon account You first set up the network user account, jlock, as a logon in McAfee Web Reporter. The jlock network account is a member of the HR and Management network groups. At this point, jlock is not part of a group in McAfee Web Reporter and can log on to the user interface using the permissions you defined for the account. Since you want the jlock account to inherit permissions from the Management group, you add the Management group as a logon in McAfee Web Reporter and define permissions for it. Now you can edit the jlock account and assign it to the Management group. The jlock account now appears within the Management group in McAfee Web Reporter and inherits account permissions from this group. Later, you add the HR group as a logon in McAfee Web Reporter. Even though the jlock network account is also a member of this group, group membership within McAfee Web Reporter does not change because jlock is already assigned to the Management group. See also Logon account role and permissions on page 51 Delegated reports on page 51 Configure logon accounts on page 52 50 McAfee Web Reporter 5.2.1 Product Guide
Logon accounts for administrators and users Logon account role and permissions 7 Logon account role and permissions The account role and permissions specify either an administrator or user account, and the data the user account can access. Administrator accounts have unlimited access to all tasks and log file data, and user accounts have limited access. The role for a logon account defines which tasks the account can perform either administrative and reporting tasks (administrator), or only reporting tasks (user). When selecting the user account role, you can specify which tasks the account can perform and can use permission options to limit the data a user account can access. Choose one of two roles for the account: Administrator Access to all report data and tasks, including system configuration, and creating and viewing reports User Access to reporting tasks, such as managing the report list, and viewing and scheduling reports. You can restrict this type of account from access to any of the reporting tasks listed in the options See also Logon account types on page 49 Delegated reports on page 51 Configure logon accounts on page 52 Delegated reports Delegated reports is a premium feature used as an access control to restrict which report data a user account can access. You can specify which report data is available based on user names, groups, IP addresses, or log sources. See also Logon account types on page 49 Logon account role and permissions on page 51 Configure logon accounts on page 52 McAfee Web Reporter 5.2.1 Product Guide 51
7 Logon accounts for administrators and users Configure logon accounts Configure logon accounts As a McAfee Web Reporter administrator, create logon accounts for additional administrators, or users who need only to create and view reports. To Specify the logon account type Follow these steps Determine the user name and password for the logon account. 1 Select Administration Setup Logon Accounts. 2 Click Add. 3 On the Logon tab, select the logon method type. 4 Complete the logon information by typing or selecting the appropriate information for the remaining fields. Define the role and permissions Select delegated report data Determine the tasks the account can access. On the Permissions tab, select the role. When selecting User, specify which options to enable or disable for the account. At a minimum, you must select either View quick reports or View advanced reports. When selecting Administrator, you are done setting up this account. Define which log file data a user account can view in reports. 1 On the Delegated Reports tab, select the amount of data you want the logon report to view. When selecting Selected report data, click Select to complete setting up the delegated reports options. 2 Click the Publish this list to the user checkbox, then click OK. See also Logon account types on page 49 Logon account role and permissions on page 51 Delegated reports on page 51 Configure user interface timeout Specify how long an account will remain logged on to the user interface without activity. This setting affects all McAfee Web Reporter accounts. 1 Select Administration Options Inactivity Timeout. 2 Enter a time amount in the number field, select a time period from the drop down list, then click Save. 52 McAfee Web Reporter 5.2.1 Product Guide
8 Email 8 Add email server and address information to email reports to yourself, or other users, and receive system notifications. Contents About email Configure email settings About email Use your organization's email server and email accounts to deliver reports and system notifications to specified recipients. Report delivery Provide your organization's SMTP mail server information to email reports to any email address provided when configuring delivery options for a report. System notification messages Provide the sender and recipient email addresses for McAfee Web Reporter to send system notification messages. System notifications include messages about an expired serial number, the inability to download the TrustedSource database, and so on. See also Configure email settings on page 53 Test email settings on page 54 Configure email settings Add email account information to McAfee Web Reporter so that it delivers reports and system notifications through email. 1 Select Administration Setup Email. 2 Enter the server and email address information in the appropriate fields, then click Save. s Test email settings on page 54 Verify that email settings are configured correctly. See also Test email settings on page 54 About email on page 53 McAfee Web Reporter 5.2.1 Product Guide 53
8 Email Configure email settings Test email settings Verify that email settings are configured correctly. 1 Select Administration Setup Email. 2 Click Test. If incorrect information is entered, an error message appears. If the test is successful, a successful message appears and a test email messages are sent to any email address specified in the Recipient address field in the Email window. 3 Click OK to close the Test Mail Settings window. See also Configure email settings on page 53 About email on page 53 54 McAfee Web Reporter 5.2.1 Product Guide
9 Mapped columns Mapped columns in McAfee Web Reporter provide a way to assign a custom value to a specific data type (column). Contents Mapped columns overview Configure mapped columns Mapped columns overview Assign a custom numeric or string value to one or more data types (columns) with mapped columns. Use mapped columns for summary or detail query types. For example, if you map the File Type column to image when the value is.jpg or.gif, the report will display image in the File Type column any time it detects a.jpg or.gif file type. After mapped columns are created, they are available as a query column for any McAfee Web Reporter account. Configure mapped columns Define a name, select query columns, and use the remaining options to determine mapped column settings. Before you begin This option is available for administrator accounts only. 1 Select Administration Mapped Columns and click Add. 2 Specify a name and configure the general settings using the available options on the General tab. If you select < or <= as the operator, then a reporting administrator can use several mapping rules. Examples: If the value of column 1 is < 400, then map it to the value Z, and if the value of column 1 is < 500, then map it to the value V. In this case, Z is the mapped to value up to 399, V is the mapped to value 400 to 499, and all values greater than 499 will rely on the Fallback value. McAfee Web Reporter 5.2.1 Product Guide 55
9 Mapped columns Configure mapped columns 56 McAfee Web Reporter 5.2.1 Product Guide
10 System performance System performance options allow you to optimize performance so that McAfee Web Reporter runs efficiently. Contents About system performance View performance statistics for the database Configure advanced performance options Configure memory allocation About system performance After McAfee Web Reporter has been configured, you can view the statistics of the database and configure performance options. To optimize performance and ensure that McAfee Web Reporter runs efficiently, modify the amount of memory allocated to the report server. View performance statistics for the database View database performance statistics and use them as a guide when modifying settings that control database performance. 1 Select Administration Options Performance. 2 Click Database Statistics. Configure advanced performance options Advanced performance settings control the number of report and log processing jobs that run simultaneously, the parameters for processing, and additional cache settings. McAfee Web Reporter 5.2.1 Product Guide 57
10 System performance Configure memory allocation 1 Select Menu Configuration Report Server Settings Performance. 2 Click Advanced Options. 3 Configure performance settings as appropriate and click OK. Configure memory allocation Dedicate an amount of memory that will be available to the report server. 1 Select Administration Options Performance. 2 Click Performance Options. In Memory, click Edit. 3 Enter the amount of memory you want reserved for McAfee Web Reporter to use when loading the database. 4 Click Save. If the memory option is set too high, McAfee Web Reporter will not restart and you will need to manually fix the memoryalloc.conf file. 58 McAfee Web Reporter 5.2.1 Product Guide
11 Database maintenance Database maintenance options allow you to perform tasks that increase database performance, free database space, and ensure database records are reconciled with connected directories and recent log data. Contents About database maintenance Database records View internal database settings Configure the database maintenance schedule Delete or roll up database records Delete database records by log source Repopulate columns Synchronize users Rebuild indexes Run database statistics View the status of database maintenance jobs About database maintenance Use database maintenance options to roll up or delete database records, synchronize users with a directory, repopulate user defined columns, rebuild database indexes, and view the status of maintenance jobs. You can schedule database maintenance tasks to run at a regular frequency and start time, or perform the tasks manually for immediate results. Over time, records are added to the database and more space is used. To free space in the database, you can delete older records you no longer need. McAfee recommends that you perform database maintenance tasks during off peak times. During maintenance, the database and new queries and reports are not available. Make sure you read the instructions for each maintenance task before starting the maintenance job in McAfee Web Reporter. Database records McAfee Web Reporter can delete database records on a regular schedule or you can manually perform the tasks whenever you want. Over time, records are added to the database and more space is used. To increase the amount of free space in the database, you can delete older records you no longer need. McAfee Web Reporter 5.2.1 Product Guide 59
11 Database maintenance Database records Database records rollup When McAfee Web Reporter imports log data into the database, the summary data is stored in hourly increments, per user, per website name, per client IP address, per log source. Keeping summary data in hourly increments might cause the database to increase in size over time. To control the size of the database, you can "roll up" database records into daily or monthly increments. Database rollups control the size of the database by converting hourly data into daily or monthly data. Performing regular database rollups reduces unnecessary data and improves McAfee Web Reporter performance. Rollups ensure that the report database remains as compact as possible. Example of rolling up and deleting records You want to roll all daily records older than six months into monthly records. You also want to delete any records older than one year. You configure scheduled database maintenance to roll daily records to months for all records older than 6 months and to delete all records that are older than 12 months. McAfee Web Reporter has been following your scheduled database configuration for two years. It is now October 15, 2010, and you need to look at data from October 18, 2009. When you look for records dated October 18, 2009, you cannot find them. The reason records for October 18, 2009, are missing is because all daily records older than six months were rolled up into monthly records. Since October 18, 2009, was more than six months ago, it is now part of a monthly record. Second, when that daily record was rolled into a monthly record, the date and time were changed from October 18, 2009, to October 1, 2009, and time stamped 12:00:00 AM. Since you are deleting records older than 12 months and October 1, 2009, is more than 12 months ago, October data of 2009, is deleted. You are now no longer able to access this data. For this reason, we recommend you carefully consider the rollup and delete schedule for the database records. For example, if it is possible that you will want to review database records from any time in the past 12 months, then maybe you want to schedule McAfee Web Reporter to delete records older than 13 or 14 months. Roll hours into days When hours are rolled up into days, all records are condensed into one single record time stamped midnight for that day, and hits and bytes are totaled. Table 11-1 Representation of rolling hourly data into daily data Hourly data... Rolled into daily data... Time and date Hits Bytes Time Hits Bytes 8:00:00 AM 3/15/2010 120 2000 12:00:00 AM 3/15/2010 11140 47500 9:00:00 AM 3/15/2010 500 3500 10:00:00 AM 3/15/2010 700 4000 11:00:00 AM 3/15/2010 1500 6000 12:00:00 PM 3/15/2010 2000 7500 1:00:00 PM 3/15/2010 3500 9000 2:00:00 PM 3/15/2010 1500 6000 3:00:00 PM 3/15/2010 700 4000 4:00:00 PM 3/15/2010 500 3500 5:00:00 PM 3/15/2010 120 2000 60 McAfee Web Reporter 5.2.1 Product Guide
Database maintenance View internal database settings 11 Roll days into months When days are rolled up into months, each record is condensed into one record time stamped midnight of the first day of that month, with hits and bytes totaled. Table 11-2 Representation of rolling daily data into monthly data Daily data... Rolled into monthly data... Time and date Hits Bytes Time Hits Bytes 12:00:00 AM 3/15/2010 11140 47500 12:00:00 AM 3/01/2010 84645 336500 12:00:00 AM 3/16/2010 14370 57000 12:00:00 AM 3/17/2010 13212 55000 12:00:00 AM 3/18/2010 12555 52000 12:00:00 AM 3/19/2010 18572 65000 12:00:00 AM 3/20/2010 1800 7000 12:00:00 AM 3/21/2010 875 5000 12:00:00 AM 3/22/2010 12121 48000 View internal database settings The internal database requires no additional configuration, but you can view its settings such as its port number and logon information. Use the internal database if you will accumulate less than 50 GB of data. It stores data when McAfee Web Reporter processes log files. You cannot transfer log files and data from the internal database to another database. 1 Select Administration Setup Database. 2 Click Database. To see more information about the database, click Advanced. In Database settings, the internal database settings are visible. To see more information about the database, click Advanced. Configure the database maintenance schedule Set the frequency and start time for database maintenance jobs. Any options you configure in the Scheduled Maintenance window for database maintenance will run according to the schedule you configure, except for index rebuilding scheduling options. McAfee Web Reporter 5.2.1 Product Guide 61
11 Database maintenance Delete or roll up database records 1 Select Administration Tools Database Maintenance. 2 On the Scheduled Maintenance tab, click Set Schedule. 3 Configure the frequency and start time, then click OK. Delete or roll up database records Create database space by deleting or rolling up database records. From the Scheduled Maintenance tab, schedule McAfee Web Reporter to delete database records more frequently if reports are taking a long time to generate. 1 Select Administration Tools Database maintenance. 2 Click the Manual Maintenance tab. 3 Configure maintenance by date range, then click Start. 4 When the Confirm Maintenance message appears, click Yes. The rollup or delete process starts immediately. 5 To close the Maintenance Job Status message, click OK. Delete database records by log source Delete all database records for configured log sources. Perform maintenance during off peak times. Reports, queries, and dashboards are not available during maintenance. 1 Select Menu Configuration Report Server Settings. 2 Click Database Maintenance Manual Maintenance. 3 From the Delete all database records for this log source drop down list, select a log source. 4 Click Start. 5 When the Maintenance Job Status message appears, click Yes. The database maintenance process starts immediately. 6 Click OK to close the message that appears stating that the job is successfully queued. 62 McAfee Web Reporter 5.2.1 Product Guide
Database maintenance Repopulate columns 11 Repopulate columns Repopulate custom and user defined columns to apply settings to existing database records. Perform maintenance during off peak times. Reports, queries, and dashboards are not available during maintenance. Substituting Specific IP Addresses Example: Assume you have created a user defined column to substitute specific IP addresses with the custom string value test lab and now you have existing database records you want to apply to your created user defined column. Use the Repopulate Columns dialog box and in the User defined columns area to repopulate the user defined columns. By repopulating the columns, the specified IP addresses in existing database records now appear with the custom string value test lab. In this scenario, you are able to: Identify which specific IP addresses to substitute. Apply the custom string value test lab to existing database records. Update database records by repopulating columns. 1 Select Menu Configuration Report Server Settings. 2 Click Database Maintenance Manual Maintenance Repopulate Columns. 3 Configure the options for Custom columns and User defined columns, then click OK. Synchronize users Synchronize users if you imported data from a log source before associating a directory. Synchronizing users might take a significant amount of time depending on your hardware, number of users, and amount of existing database records. Perform maintenance during off peak times. During maintenance, the database and new reports are not available. 1 Select Administration Tools Database Maintenance. 2 On the Manual Maintenance tab, click Synchronize Users. A confirmation message appears stating that the database is not available during maintenance and asking if you want to continue. 3 Click Yes to continue. The synchronization process starts immediately and a message appears stating that the job is successfully queued. McAfee Web Reporter 5.2.1 Product Guide 63
11 Database maintenance Rebuild indexes 4 Click OK to close the message. 5 Click the Status tab to see progress for the synchronization job. Rebuild indexes Perform index rebuilding to prevent or correct performance issues. Over time, there are many changes made to database indexes that result in degraded performance. Degraded performance occurs when the index becomes fragmented. In McAfee Web Reporter, fragmentation occurs each time you import data, or delete data. Degraded performance affects importing logs, database maintenance jobs, and generating reports. On the database server, degraded performance can result in a high CPU load and high paging rate. Manually rebuild indexes Perform manual index rebuilding when you want to rebuild the indexes immediately. Perform maintenance during off peak times. During maintenance, the database and new queries and reports are not available. 1 Select Menu Configuration Report Server Settings. 2 Select Database Maintenance Manual Maintenance Rebuild Indexes. 3 When the Confirm Maintenance message appears, click Yes. The index maintenance process starts immediately. 4 When the Maintenance Job Status message appears, click OK. The database maintenance process starts immediately. Set up regular index rebuilding jobs Schedule index rebuilding to run at regular intervals during database maintenance jobs. Before you begin Ensure that you schedule index rebuilding on a day that you normally schedule your database maintenance. If you scheduled index rebuilding for Monday, but you do not have regularly scheduled database maintenance on Mondays, then the index rebuilding job will not run. When you schedule index rebuilding, it runs according to the frequency you select (weekly or monthly), on the day of the week you select, and will run at the same time of day that you scheduled database maintenance. For example, your regularly scheduled database maintenance is daily on Saturday, Sunday, and Wednesday at 12:01 a.m. You configure index rebuilding every week on Sunday. Index rebuilding will run as part of the regularly scheduled maintenance on Sundays at 12:01 a.m. Schedule maintenance during off peak times. Reports, queries, and dashboards are not available during maintenance. 64 McAfee Web Reporter 5.2.1 Product Guide
Database maintenance Run database statistics 11 1 Select Menu Configuration Report Server Settings. 2 Click Database Maintenance, then click Edit. 3 Click Set Schedule, and specify how often you want the job to run and when you want it to start. 4 Click OK. 5 Deselect the maintenance tasks that you do not want to happen as part of the maintenance job. 6 Ensure the Rebuild indexes every checkbox is selected, then specify when you want this task to run as part of your scheduled database maintenance. 7 Click Save. 8 Select Database Maintenance Status to see progress for scheduled maintenance jobs that are completed or are running. Index rebuilding occurs during regularly scheduled database maintenance for the frequency you selected. Run database statistics View statistics for database records and maintenance. 1 Select Menu Configuration Report Server Settings. 2 Select Database Maintenance Manual Maintenance Run Statistics. 3 When the Confirm Maintenance message appears, click Yes. The statistics job starts immediately. 4 When the Maintenance Job Status message appears, click OK. The database maintenance process starts immediately. View the status of database maintenance jobs View detailed information about each database maintenance job. McAfee Web Reporter 5.2.1 Product Guide 65
11 Database maintenance View the status of database maintenance jobs 1 Select Menu Configuration Report Server Settings. 2 Select Database Maintenance Status. 3 Select a job from the queue to view details. Details for the status are provided in the Job details area. 66 McAfee Web Reporter 5.2.1 Product Guide
12 System maintenance System maintenance tasks allow you to increase performance by deleting report results, real time traffic logs, and status messages. Contents About system maintenance Perform system maintenance View the status of system maintenance jobs About system maintenance System maintenance options allow you to reduce the use of storage space in McAfee Web Reporter using manual tasks or scheduled tasks. Perform system maintenance Delete status messages, report results, or real time traffic logs. s Manual system maintenance on page 67 Preform manual maintenance on the system when you want to delete status messages, report results, or real time traffic logs immediately. Schedule maintenance on page 68 Schedule jobs to perform system maintenance at the time and frequency you want. Manual system maintenance Preform manual maintenance on the system when you want to delete status messages, report results, or real time traffic logs immediately. 1 Select Administration Tools System Maintenance. 2 Click the Manual Maintenance tab. 3 Configure the system maintenance options, then click Delete Now for the options you configured. The delete process starts immediately. McAfee Web Reporter 5.2.1 Product Guide 67
12 System maintenance View the status of system maintenance jobs 4 Click OK to close the message that appears stating that the maintenance job is successfully queued. 5 Click the Status tab to see progress for the maintenance job. Schedule maintenance Schedule jobs to perform system maintenance at the time and frequency you want. 1 Select Administration Tools System Maintenance. 2 Click the Scheduled Maintenance tab. 3 Configure the maintenance options and set the schedule the maintenance jobs, then click Save 4 Click the Status tab to see progress for the maintenance job. View the status of system maintenance jobs View maintenance jobs status. 1 Select Administration Tools System Maintenance. 2 Click the Status tab. Status information is shown for each job in the list and details appear in the Details pane. 3 Click Refresh to obtain updated status information. 4 To delete status entries, select an entry, and click Delete or Delete All. 68 McAfee Web Reporter 5.2.1 Product Guide
13 Configuration backup and restore McAfee Web Reporter automatically generates a daily configuration backup. However, it also includes a feature to back up and restore specific system configuration settings to be backed up on demand through the user interface. The backup feature acts as a restore point in situations where McAfee Web Reporter needs to be restored to a previous state, or when you want to back up McAfee Web Reporter before upgrading the software. Contents Configuration settings backup Back up the current configuration Restore configuration settings Configuration settings backup Back up specific report and administration configuration settings. The backup features in McAfee Web Reporter backs up specific report and administration configuration settings. When a backup file is created, specific settings for reports and administration are automatically saved. Table 13-1 Configuration settings Option Advanced report definitions Filter configurations Favorite report configurations in Quick View Query configurations Scheduled report settings Database connection settings Database maintenance settings Directory resource settings Email settings General settings License keys Definition Saves each advanced report definition so you can re create the report result. Saves each filter configuration and restores its use. Saves each custom report configuration saved as a favorite in Quick View. Saves each query configuration and restores its use. Saves each report scheduled to run on a regular basis. Saves the configuration settings that allows McAfee Web Reporter to communicate with the database. Saves scheduled database maintenance job settings and status messages. Saves each directory resource McAfee Web Reporter is connected to. Saves email delivery settings. Saves general settings, such as log source configuration and browse time settings. Saves the activated license key. McAfee Web Reporter 5.2.1 Product Guide 69
13 Configuration backup and restore Back up the current configuration Table 13-1 Configuration settings (continued) Option Logon accounts Mapped column configurations Performance settings System maintenance settings System logs Definition Saves each logon account created with permissions and delegated report settings. Saves each mapped column configuration. Saves database and system performance settings. Saves scheduled system maintenance settings and status messages. Saves each system log generated. See also Back up the current configuration on page 70 Restore configuration settings on page 71 Back up the current configuration Back up system settings so you can restore configuration settings after upgrading the software, to ease recovery from a catastrophic failure, or to move settings from one McAfee Web Reporter installation to another. If you plan to use a backup file after uninstalling and re installing McAfee Web Reporter, save the backup file to a location other than the McAfee Web Reporter application folder. 1 Select Administration Tools System Backup. 2 Perform one of the following actions: Click Start. A backup folder and corresponding XML file are created. A backup.xml file is saved in c:\program Files\McAfee\Web Reporter\reporter\conf\ (for UNIX: /opt/mcafee/webreporter/ reporter/conf), where 123456789 is the time stamp. Click Browse. Navigate to a directory where you want to store the backup file and click Select, then click Start. A message appears stating that the client will not be able to communicate with the server until the system backup is done. 3 Click OK. The backup process can take several minutes. 4 Close McAfee Web Reporter after the backup is complete. 5 Stop the McAfee Web Reporter services. 6 Go to the c:\program Files\McAfee\Web Reporter\reporter\ (for UNIX: /opt/mcafee/webreporter/ reporter) directory and back up the following files and directories to a location of your choosing:.../conf/.../mysql/var/reporting/ 70 McAfee Web Reporter 5.2.1 Product Guide
Configuration backup and restore Restore configuration settings 13.../log/realtime.log (if you use real time logging).../docs/ 7 Upgrade McAfee Web Reporter If there are issues after the upgrade, you can reinstall the previous version you were running and restore your backup files. See also Restore configuration settings on page 71 Configuration settings backup on page 69 Restore configuration settings Restore the configuration settings when you need to return to previous settings or after you uninstall and reinstall the software. The backup folder and backup file must have read and write permissions for the same account running McAfee Web Reporter. 1 Log off McAfee Web Reporter. If you need to re install the previous version of McAfee Web Reporter that you were running: a b Uninstall McAfee Web Reporter. Re install the previous version of McAfee Web Reporter. 2 Stop McAfee Web Reporter services. 3 Create a folder named backup (must be lowercase) in the conf directory. If a backup folder already exists, do not create a new one. The backup folder and backup.xml file must have read and write permissions for the same account running the McAfee Web Reporter service. Windows C:\Program Files\McAfee\Web Reporter\reporter\conf\ UNIX /opt/mcafee/webreporter/reporter/conf 4 Copy the backup.xml file created during the backup to the backup folder in the conf directory. If you re installed McAfee Web Reporter, also copy these files and directories you backed up to the corresponding locations in the C:\Program Files\McAfee\Web Reporter\reporter\ (for UNIX /opt/ McAfee/WebReporter/reporter) directory:.../conf/.../mysql/var/reporting/.../log/realtime.log (if you use real time logging).../docs/ 5 Restart McAfee Web Reporter. 6 Open McAfee Web Reporter and log on. McAfee Web Reporter 5.2.1 Product Guide 71
13 Configuration backup and restore Restore configuration settings The configuration settings are restored. See also Back up the current configuration on page 70 Configuration settings backup on page 69 72 McAfee Web Reporter 5.2.1 Product Guide
Index A about this guide 7 accept incoming log file 33 accept real-time log data 33 activation automatic 16 manual 16 administrators about 9 logon accounts 51 advanced reports complete 11 custom logo 11 first four rows 11 aggregate record cache size 57 automatic-discover log formats 34 B backup current configuration 17, 70 internal database 24 settings 69 backup folder 17, 70 basic features 10 Blue Coat header formats 34 browse time 45 browse time threshold 42 C cache aggregate record cache size 57 fixed memory usage 57 incremetally load entries 57 IP cache size 57 load all entries 57 mode 57 site request cache size 57 user cache size 57 cache size aggregate record 57 IP 57 site request 57 user 57 categories log source setup 43 multiple 43 categorization, See web categorization collect log files from 33 columns custom 42 user-defined 43 concurrent jobs 57 configuration backup 69 settings 69 update now 30 Web Reporter 69 configure database, update schema 23 conventions and icons used in this guide 7 custom columns 42 about 42 rule sets 42 custom log formats 44, 45 assignments 45 configure 44 premium feature 11 used by 45 custom rule sets 42 D databases 19, 22, 23, 25 delete 62 execute SQL 25 external 22 internal 21, 24, 61 introduction 9 log source 62 maintenance 60 63 maintenance overview 59 maintenance statistics 65 offline 25 online 25 out-of-date 19, 23 partition 19, 23 rebuild index manually 64 records 65 McAfee Web Reporter 5.2.1 Product Guide 73
Index databases 19, 22, 23, 25 (continued) records maintenance 59, 62, 68 records rollup 60 repopulate columns 63 roll days to months 61 roll hours into days 60 rollups 62 days to months 61 delete schedule 68 hours to days 60 schedule 68 schema 19, 23 statistics 65 supported 9 supported external 21 synchronize users 63 system maintenance jobs 68 update 19, 23 delegated reports about 51 example 51 logon accounts 51, 52 premium feature 11 directories 27 31 associate users and groups 31 external 27, 30 schedule update 30 external schedule update 30 groups 31 in log sources 43 internal 27 29 log sources 43 logon accounts 49 reporting database 31 supported 27 synchronize users 63 test groups 31 user names, display 31 disable license 16 documentation audience for this guide 7 product-specific, finding 8 typographical conventions and icons 7 download McAfee Web Reporter 15 E elements, software 9 email 53 configure 53 report delivery 53 system notifications messages 53 test settings 54 evaluation period 11 execute SQL 25 external database 22 connect to 22 overview 21 recommendations 21 setup test 22 external directories add 30 configuration 30 detect 30 edit 30 schedule update 30 supported 27 update now 30 F features 10 fixed field log formats 34 fixed memory usage 57 fixed-field log formats list of 39 FTP, incoming log source 43 full names 32 G general inactivity timeout 52 Global Threat Intelligence database log sources 47 web categorization 47 web reputation 47 groups 31 associate users with 31 internal directory 28, 29 reporting database 31 test settings 31 H hardware requirements 13 host names log source setup 43 HTTP incoming log source 43 HTTPS incoming log source 43 I inactivity timeout 52 incoming log files 43 index about rebuilding 64 rebuild manually task 64 74 McAfee Web Reporter 5.2.1 Product Guide
Index index (continued) schedule rebuild 64 installation 14, 17, 23 database 21 hardware requirements 13 Microsoft Windows 15 operating system requirements 13 patches 20 report requirements 13 setup requirements 13 software requirements 13 system requirements 13 UNIX platforms 15 upgrade 18 internal database backup and restore 24 overview 21 setup 61 internal directory 27 add users 29 import 29 manual update 28 populate 29 remove users 29 schedule update 28, 29 setup 28 text file 28 update 28, 29 users 29 users and groups 28 IP cache size 57 J jobs concurrent 57 log processing 57 maintenance statistics 65 report 57 system maintenance 68 L license activation 16 disable 16 local user 49 locale log source setup 43 log fields 40 custom value 40 skipped 40 log files 40, 42 collect 33 custom columns 42 custom rule sets 42 log files 40, 42 (continued) import 33 incoming 33 page views 41 real-time 33 TrustedSource database 47 user-defined columns 40, 42 web categorization 47 web reputation 47 log formats 34, 39 41, 44, 45 automatic-discover list of 34 custom about 40 assignments 45 configure 44 used by 45 fixed-field list of 39 standard automatic-discover 34 fixed-field 34 TrustedSource database 47 web categorization 47 web reputation 47 log out, automatic 52 log records condense into page views 41 log sources 33, 40, 42 about 33 categories 43 character format 43 client host names 43 collect 33 configuring 43 custom columns 42 custom rule sets 42 data collected 9 detailed records 43 directories 43 FTP 43 HTTP 43 HTTPS 43 import 33 incoming 33 incoming log files 43 locale 43 modes 33 page views 41, 43 parsing errors 43 post-processing 43 processing 43 real-time 33 records maintenance 62 regular expression 43 McAfee Web Reporter 5.2.1 Product Guide 75
Index log sources 33, 40, 42 (continued) reputation 43 setup 43 supported 9 synchronize users 63 time offset 43 TrustedSource database 47 user-defined columns 40, 42, 43 UTC 43 web categorization 47 web reputation 47 logon account types 49 logon accounts 49 administrator 51 configure 52 delegated reports 51, 52 inactivity timeout 52 permissions 51, 52 roles 51, 52 type 52 types 49 users 51 M maintenance database 59 62 database records 59 database records rollups 60 delete 62 jobs 68 jobs statistics 65 log source records 62 rebuild index 64 rebuild index manually 64 refresh statistics 65 repopulate columns 63 roll days into months 61 roll hours into days 60 rollups 62 schedule 68 statistics 65 synchronize users 63 system 67 mapped columns about 55 add 55 edit 55 maximum unflushed record age 57 McAfee ServicePortal, accessing 8 McAfee Web Gateway header formats 34 McAfee Web Reporter download 15 elements 9 evaluation 11 McAfee Web Reporter (continued) features 10 premium features 11 role 9 memory setup requirements 13 software, about 9 system requirements 13 upgrade 18 user-defined columns 40 fixed usage 57 memory allocation 58 messages 53 Microsoft SQL Server external database 21 multiple categories log source setup 43 MySQL 21 N backup and restore database 24 external database 21 network group 49 network user 49 notifications 53 O operating system requirements 13 options P inactivity timeout 52 page views about 41 log source setup 43 parent group 49 partition 23 See also databases partition database 19, 23 during schema update 19, 23 patches, install 20 performance advanced options 57 database statistics 57 index, rebuild 64 memory allocation 58 tunable parameters 57 permissions delegated reports 51 logon accounts 52 restore settings 71 setting 9 permissions, logon accounts 51 76 McAfee Web Reporter 5.2.1 Product Guide
Index post-processing incoming log files 43 premium features 11 activation 16 disable 16 processing Q incoming log files 43 log records 41 queue throttle threshold 57 queue throttle wait time 57 R rebuild index task 64 record age 57 records maintenance overview 59 maintenance statistics 65 repopulate columns 63 rollups schedule 68 records rollups 60 regular expressions log source setup 43 repopulate columns task 63 report delivery 53 email setup 53 report server allocate memory 58 reporting database 31 reports complete 11 custom logo 11 first four rows 11 reputation See also web reputation log source setup 43 requirements restore roles hardware 13 operating system 13 report 13 setup 13 software 13 system 13 internal database 24 system settings 71 Web Reporter 71 logon accounts 52 roles, logon accounts 51 rollups days to months 61 example 62 hours to days 60 schedule 68 rule sets See also custom rule sets S custom columns 42 schema 19, 23 See also databases update and partition 19, 23 ServicePortal, finding product documentation 8 setup requirements 13 site request cache size 57 software download 14, 15 elements 9 requirements 13 uninstall 20 upgrade 18 SQL Server statistics Status external database 21 database 57 maintenance jobs 65 maintenance status 65 refresh data 65 maintenance results 65 maintenance statistics 65 synchronize users 63 system requirements 13 system maintenance 67 system notification messages 53 email setup 53 system settings T backup 17, 70 restore 71 Technical Support, finding product information 8 text file for internal directory 28 throttle threshold 57 throttle wait time 57 timeout 52 troubleshooting back up configuration 17, 70 McAfee Web Reporter 5.2.1 Product Guide 77
Index troubleshooting (continued) restore settings 71 TrustedSource, See Global Threat Intelligence TrustedSource database download 48 U unflushed record age 57 uninstall 20 Microsoft Windows 20 UNIX platforms 20 update 30 updates external directories 30 schedule 30 internal directory 28, 29 upgrade 16 32-bit 18 64-bit 18 database, update schema 19 URLs 47 multiple categories 43 web categorization 47 web reputation 47 user cache size 57 user-defined columns about 40 assign custom value 40 configure 43 in log sources 43 include skipped data 40 log source setup 43 log sources 43 rule sets 42 setup 43 users 31, 32 about 9 associate with groups 31 cache size 57 directories 31 users 31, 32 (continued) directories, display 31 full names, display 32 groups in directories 31 internal directory 28, 29 logon accounts 51 names, display 31 reporting database 31 set browse time 42 test group settings 31 UTC log source setup 43 UTF-8 28 W web categorization 47 web filtering data in log sources 9 Web Gateway header formats 34 Web Reporter backup and restore database 24 backup configuration 17, 70 backup settings 69 browse time 42 custom columns 42 edit database availability 25 external database 21 improve performance 64 index maintenance 64 internal database 21 log sources overview 33 maintenance overview 59 page views overview 41 post-processing options 43 processing options 43 repopulate columns 63 restore settings 71 rule sets 42 web reputation 47 what's in this guide 8 78 McAfee Web Reporter 5.2.1 Product Guide
00A00