Note: This topic applies to the Kenilworth Release.
Note: Note that a Guardian license is required to view the web filter logs. For more information, contact your Smoothwall representative.
Web filter logs provide detailed, configurable and searchable information about web filtering activity regarding user and group activity, source IPs, requested URLs, categories of web content requested and domains recorded.
|1.||Go to Reports > Logs > Web filter.|
|3.||Select from the following to change the information displayed:|
|•||Username — Select to display the usernames of users making web requests.|
|•||Source IP — Select to display source IP addresses that web requests are coming from.|
|•||Group — Select to display the logs for groups of users.|
|•||Code — Select to display the HTTP response status code.|
|•||URL — Select to display the URLs of the requested web resources.|
When content matches a web filter policy, the Smoothwall displays a link to the policy.
|•||Category — Select to display the categories a request was categorized as being in. Depending on how the request was categorized, the Smoothwall may also display the following status information:|
Malware was found in the content. The name of the malware found shown.
Access to the content was denied. The names of the categories which caused the request to be denied is shown.
Multi-Tenant licensed systems do not see the tenant name for tenant-specific categories in this column as it reports the category as used by Guardian's categorization methods, which does not include the tenant information.
|•||Policy — Select to display which web filtering policy has been applied to the content. For more information about policies, see About Guardian Policies.|
Categories and category groups from Multi-Tenant licensed systems are prefixed with the tenant name in the Policy column.
|•||Domain — Select to display log entries recorded against domains.|
|•||SNI — Select to display when an HTTPS request has not included a Server Name Indication (SNI) field in its header.|
If an HTTPS request with no SNI field fails, the Code field will display 0.
You can also filter out types of URLs from the displayed web filter.
You do this as follows:
|1.||Ensure URL is enabled, and appears in the Web filter table.|
|2.||From the URL column, click Exclude.|
|3.||Select one or more of the following to exclude from the web filter view:|
|•||Images — Select to exclude all images.|
|•||CSS — Select to exclude CSS resource requests.|
|•||User defined — Enter a regular expression to find and exclude a web resource.|
It is possible to monitor web filter log activity in real-time.
To monitor activity in real-time, do the following:
|1.||On the Reports > Logs > Web filter page, click Realtime. The Smoothwall displays the currently configured log options in real-time in a table of log entries and in the web filter graph. The results are updated automatically.|
Tip: To get a closer look at what is happening at a specific time, locate and click on that time in the graph. The Smoothwall stops the real-time display and shows what has been logged at the time you clicked on.
|2.||To stop real-time monitoring, click Realtime. The Smoothwall stops displaying real-time data.|
The Smoothwall enables you to search for and filter information in a number of ways.
To search for and filter information:
|1.||On the Reports > Logs > Web filter page, use one or more of the following methods:|
|•||Graph — On the graph, locate and click on the time you are interested in. The Smoothwall displays what was logged at the time you clicked on.|
|•||Time — Click in the date and time picker and specify when to search from. Click Apply. The Smoothwall displays search results from the time specified and two hours forward.|
|•||Free search term — In the Username, Source IP, Code, URL or Domain column(s), enter one or more search terms.|
Note that you can use an asterisk (
*) to filter the free search terms. For example:
john matches "john" (and nothing else)
itc\ does not match anything
itc\john matches "john" only, not "itc\john.doe"
john* matches anything that contains "john", such as "john.doe", "itc\john", "john\here", "itc\john", and so on
itc\* matches anything that contains "itc\", such as "itc\john", "itc\jack", and so on
itc\hans* matches anything that contains
itc\john such as "itc\john", "itc\john.doe", "otherdomain-itc\john.doe", and so on
10.15.28.12 matches 10.15.28.12
10.15.28.12* matches anything that contains
10.15.28.12, such as 10.15.28.12, 10.15.28.120, 10.15.28.121, 220.127.116.11, 18.104.22.168, and so on
|•||Group — From the Group column drop-down menu, select the group you want to search for.|
|2.||Depending on your search criteria, the Smoothwall updates the information displayed.|
It is possible to export logged data in comma-separated (CSV) format.
|1.||On the Reports > Logs > Web filter page, configure or search for the data you want export. For more information, see Viewing Web Filter Logs and Searching for and Filtering Information.|
|2.||Click Export. Follow your browser’s prompts to save and export the data.|