Novell Home

Monitoring Web Use with Accurate Logfile Analysis

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 24 Aug 2004
 

Monitoring Employee Web Usage with Accurate Logfile Analysis

Most IT administrators have read the headline-grabbing stories of employee Web abuse: an employee casually surfing the Web accidentally downloads spyware, compromising security and crippling a corporate network. Another employee repeatedly downloads pornographic material at work -- something HR only finds out about after a costly sexual harrassment lawsuit is filed and logfiles are subpoenaed.

Behind the headlines, however, are the thousands of hours lost by IT departments in resolving network slowdowns ? or analyzing volumes of raw logfile data for business managers looking to support disciplinary action. Losses like these can be prevented easily with employee Internet monitoring software.

Cyfin solutions for BorderManager

Wavecrest Computing's Cyfin Reporter Internet monitoring software tracks Web usage automatically, working with a proxy, firewall or caching appliance to read Web logs and analyze employee Web activity. Adding Cyfin Reporter logfile analyzer to Novell BorderManager allows you to quickly identify Web abuse, spot spyware and reduce legal liability risks by generating accurate, catagorized reports on up to 72 types of Web content. (Even better, an operator-only interface allows HR and other business managers to easily run reports on their employees' Web activity with no IT involvement.)

Accuracy in Internet montoring is critical. It is worth noting that Cyfin distinguishes unsolicited hits (banner ads) from user-initiated clicks, an important distinction many other logfile analyzers do not make. In addition, it can be easily set up to analyze Web activity against your organization's acceptable use policy settings, classifying activity as "acceptable," "unacceptable" or "neutral," according to your specifications and measuring usage against your threshold levels.

Cyfin's XML option generates clear, categorized reports on heavy volumes of logfile data in seconds. Support for AD and LDAP directory servers and automated product administration features makes setup easy. A complete data sheet is available at:

http://www.wavecrest.net/products/cyfin/include/cyfinreporterdatasheet.pdf

Setup and Configuration

Cyfin integrates easily with BorderManager proxy. Because the product simply analyzes BorderManager's logs, rather than operating inline between the firewall and the users, there virtually no impact on network speed or performance. Figure 1 illustrates the configuration:

Figure 1: Cyfin Reporter integrated with BorderManager

1) Download a free 30-day trial of Cyfin Reporter for BorderManager at:

http://www.wavecrest.net/demo/p6_bordermanager.html

2) After downloading the free trial, you will be guided through the installation process. When prompted, enter the following information:

Logfile Type: BorderManager Proxy

Default Directory: /proxy/logs

Logfile Prefix: Product uses "common" as the default.

Special Instructions: Select one of the following types of logging available from the BorderManager proxy:

  • Common format - Logs the following information: remote hostname, user's remote login name, authenticated username, date, request line from client, status, and length of data in bytes.
  • Extended format - Logs the common format information plus the following: cached status, date, time, client IP address, URL method, and URL.
  • Indexed format - Also referred to as the audit log. Logs the common and extended format information plus the following: when access was allowed or denied, the IP address that initiated an access attempt, the destination, the HTTP command used, and the result of the attempt (hit or miss).

3) If you selected common or extended logging, click the format name and specify the following parameters for each format:

  • Log File Directory - Directory to which the common or extended format log file is written.
  • Log Rollover - How often the file is overwritten (rolls over) by time (days or hours) or by size (KB or MB).
  • Old Log Files - Whether old log files are deleted because of their age or because of the number of old log files that are retained in the database.
  • Stop Services If Logging Fails - When enabled, stops all proxy services when the log file is full and log rollover is not specified.

4) Once Cyfin is installed, you are ready to configure the product to match your policy settings and begin running reports. Cyfin Reporter's set up guide offers a step-by-step guide for getting started. To download Cyfin's setup guide, visit:

http://www.wavecrest.net/support/cyfin/reporter/include/cyfinreporteradminguide.pdf.

Conclusion

Employee Internet monitoring should be a critical component of any enterprise Web use management program. Accurate Internet monitoring software, in combination with an effective Acceptable Use Policy, will dramatically reduce the risks of employee Web abuse. Cyfin Reporter for BorderManager makes the process easy.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell