Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 12570 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to report on Web access using client source IP addresses or ranges

Joseph Puchalski

I'm supporting a user who has purchased a pair of Sophos XG units - one for his office and one for home.

He'd like to be able to monitor where his teenage kids are browsing  on the web.

I've pulled a list of mac addresses from the DHCP server and assigned his family machines static IPs in ranges - 192.168.1.30-39 for junior's computer, iPhone, etc.

Can I run a custom report to show where hosts (or better yet groups of hosts) are browsing? 

This doesn't seem straightforward so far.

No matter what I do in custom reports I get "no records found" - despite having upgraded to SFOS 16.05.3 MR-3.

Is there a better strategy for this? Is there a way I can define "Users" for the reporting process without forcing internal users to log on to the device?

I took a shot at using "Clientless users" but had no luck there - they don't seem to appear as users or groups in the reporting facility.

Thanks for any assistance.

Joe



This thread was automatically locked due to age.
Parents
  • 0

    Joe,

    web risks and usage or custom web report should help.

    For clientless, make sure you create clientless users and then on the LAN to WAN firewall policy you enabled "match know users" and you put the list of clientless users.

    If it does not help, show us what you have configured on your XG.

    Regards

  • 0 in reply to lferrara

    I've enabled "match known users" in policy. I am still unable to get the desired result in custom reports.

    However that may be because I am unable to get *any* result in custom reports. I'd like to confirm that it is possible to get any result from the report facility.

    I accessed a host on the LAN behind the firewall and browsed to a number of sites just to generate traffic. I was able to check the firewall log via the log viewer to confirm this traffic.

    I then attempted to run a custom web report to capture this traffic. I searched in IP Address and entered the known source address 192.168.1.201. Type was set to "Web Surfing Reports", date range was today to today. I received the "No Records Found" result.

    Some questions - do I need to enable logging somewhere else to get this to work? What an I doing wrong?

    Is there a generic set of parameters I can enter for the "Custom Web Report" that will just show all of my web traffic from LAN to WAN/Internet? Or do I need to enable additional logging somewhere for that to work?

    At this point I just want to get a report that shows some records and demonstrates the facility is actually working.

    BTW, this XG unit is updated to the most recent MR3 firmware.

    If there is any additional config info I should provide please let me know.

    Thanks in advance for any assistance!

    Joe

Reply
  • 0 in reply to lferrara

    I've enabled "match known users" in policy. I am still unable to get the desired result in custom reports.

    However that may be because I am unable to get *any* result in custom reports. I'd like to confirm that it is possible to get any result from the report facility.

    I accessed a host on the LAN behind the firewall and browsed to a number of sites just to generate traffic. I was able to check the firewall log via the log viewer to confirm this traffic.

    I then attempted to run a custom web report to capture this traffic. I searched in IP Address and entered the known source address 192.168.1.201. Type was set to "Web Surfing Reports", date range was today to today. I received the "No Records Found" result.

    Some questions - do I need to enable logging somewhere else to get this to work? What an I doing wrong?

    Is there a generic set of parameters I can enter for the "Custom Web Report" that will just show all of my web traffic from LAN to WAN/Internet? Or do I need to enable additional logging somewhere for that to work?

    At this point I just want to get a report that shows some records and demonstrates the facility is actually working.

    BTW, this XG unit is updated to the most recent MR3 firmware.

    If there is any additional config info I should provide please let me know.

    Thanks in advance for any assistance!

    Joe

Children
No Data