Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 2 subscribers
  • Views 7650 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to trace network usage behaviour for particular user?

kefiirs
Good evening,

There's a need to trace visited sites for particular user in network due to suspicion of browsing social sites and playing games during working hours. These may be web-based or installed rpg games. Is there an efficient way how to collect statistics of such network usage? 

I've found real time firewall logging feature but during fief hours of work there is an awful number of requests collected and its near to impossible understanding users networking behavior this way.. 

Any advice is highly appreciated.
Thank you!


This thread was automatically locked due to age.
  • 0
    I'm sorry!

    Forgot to mention our network is running on ASG V8
  • 0
    Hi, kefiirs, and welcome to the User BB!

    I assume you mean 8.308?

    Enable 'Application Visibility' in 'Web Security >> Application Control'.  Once some data is collected, go to 'Logging & Reporting >> Web Security' and select the 'Application Control' tab.  Select "Top Sources by Application Category" and 'Application Category: Games'.

    Please let us know if that's what you need.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Yes, you assumed correctly, 8.308 :-)

    Seems that ASG currently is collecting data and this is exactly what I was looking for.

    Thank you, BAlfson!
  • 0 in reply to kefiirs
    Hi

    Looks like when I choose "Top Sources by Application Category" and 'Application Category: Games' in 'Logging & Reporting' tab, it shows only games that has been blocked by firewall. Is there any way to see where all the traffic goes from a host? There are a lot of flash based games all over the interent, for example..
  • 0
    Do you have an Allow rule for the games you want to track?  I'm seeing everything in our system even without that. 

    Cheers - Bob

    Sorry for any short responses!  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I am sorry for my late responses, end of the year is always very intense.. [:)]

    I dont have any rules except default ones in "Application Control Rules" and looks like im getting report only about blocked programs, something is not working :/ I would like to see usage for all programs that is being used in our network rather its blocked or not.. I also cant figure out where to find statistics about visited sites for the particular user..
  • 0
    Try looking at a one-week period instead of just "Today."

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    unfortunately happens the same thing, only 1 application category is shown for all users: "eDonkey".. Please find attachment below
  • 0
    What about the other items in Reporting, are they all populating normally?

    You might try, as root, /etc/init.d/rrdcache restart

    If that doesn't work, try /etc/init.d/postgresql rebuild.

    If that still doesn't solve it, I'd be tempted to get some backups and re-install from ISO.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thank you so much for your help. It seems everything else with logging works fine.

    I'll try your advice on friday (just in case any problems arises with astaro) and let you know how it works.
Cookie Information Banner