Google Claim 6.4% of Internet traffic. Help us put this to the test

According to recent report, Google has a record slice, 6.4%, of the world’s Internet traffic. An accurate figure? Well, we wanted to put this claim to the test and therefore started off by investigating the share of WebSpy’s traffic to Google sites. We also encourage our Vantage and Analyzer users to do the same thing …

Hit and Miss – Are you Missing out on Important Hit Data?

Today I thought I’d cover some interesting hit information and explain how you can get more out of your data by ensuring your hits are accurately reported on. As the term ‘hit’ can sometimes be confusing, let’s start off by properly define hits.

Useful LDAP Search Queries

Today I was asked how to filter out computer objects when importing your Organizational structure into WebSpy Vantage. The default LDAP query when you first run through the Import Organization wizard should filter these computers objects out. The query is:

Event Log Reporting using Vantage

Event logs have been a feature of the MS Operating System (Windows) since the original release of Windows NT in1993. Designed to provide an audit trail of system use, event logging records the actions that occur within the system, such as users logging in, failure of a component to start, or an attempt to print …

Tips from TMG Expert: Changing WebSpy Vantage Scheduled Task Recurrence Interval

Microsoft ISA Server and Forefront TMG users are probably familiar with isaserver.org’s informative news articles, tutorials, blogs and forums. I just wanted to bring your attention to one of isaserver.org’s contributing blog authors, Richard Hicks. Richard has been working with Forefront Threat Management Gateway (TMG) 2010 and its predecessors for more than 12 years. He …

Why there is so much anonymous traffic in Microsoft TMG and ISA logs

One of the most common questions we get asked by users of Microsoft TMG and ISA is why there is so much traffic attributed to the Anonymous user. Even though unauthenticated access to the web has been disabled, they still see the ‘Anonymous’ user as one of the top users in their reports. So let’s …

Website Categorization – Assessing Productivity

Security and Threat Management solutions, such as Microsoft Forefront TMG, IronPort and Blue Coat, use predefined URL categorization to simplify blocking and filtering management. Different security vendors have different ways of categorizing websites but it generally involves referring to a gigantic, regularly updated database of millions of websites sorted into 50-100 relevant categories. Majority of …

Video: How to use WebSpy Vantage to report on IronPort log files

I’ve produced a video on how to use WebSpy Vantage to report on IronPort’s Web Security Appliance’s access log files. It is quite a detailed look at the key tasks involved in setting up and using WebSpy Vantage with IronPort WSA access logs, and is therefore divided into several parts. The videos take you through …

Accessing Microsoft Forefront TMG’s Log Files (SQL Express)

If you need to analyze and report on Microsoft Forefront Threat Management Gateway log files, the most common stumbling block is enabling access to the default SQL Express databases that contains the firewall and web proxy log files. The log databases are stored in an SQL Express instance named MSFW. By default these databases cannot …

How to report on bandwidth utilization using Cisco devices

Today I was speaking to a customer that had the following reporting request. “I would like to know how much of my bandwidth is being eaten by each protocol. I will then use this information to determine if circuit may need to be increased due to increased traffic”. This customer was collecting syslog messages from a Cisco Firewall, then using WebSpy Vantage to generate reports. There’s a simpler method.