Analyzing Blocked Traffic in Log Files for Suspicious Activity

Using log file analysis to report on blocked traffic can help troubleshoot issues with website and application behavior, and potential security issues. This article shows how to use WebSpy Vantage to identify suspicious activity from blocked traffic log events.

Creating a Remote Desktop Report (RDP Connections) with WebSpy Vantage

This article walks through the process of using WebSpy Vantage to create a comprehensive Remote Desktop Report by extracting information about remote desktop sessions (RDP) from your firewall log files. I’m using Firewall logs from Microsoft Forefront TMG, but you could just as easily use logs from other firewalls, such as the packet filter logs from Sophos UTM, or connection end events from Cisco ASA. The general process is the same. Let’s get started.

Distributing Web Activity Reports to Managers Using WebSpy Vantage

This video takes you through some new features in WebSpy Vantage to help distribute web activity reports to managers throughout your organization. These new features include: Manually Assigned Group Managers Redesigned Separation and Permission workflow Manager Reports Manually Assigned Group Managers WebSpy Vantage has always had the ability to report on Departments, Cities, or any …

Web Activity Reporting with Palo Alto Firewall Log Files

Using WebSpy Vantage to analyze and report across your Palo Alto Firewall deployment is a great way to keep on top of web usage throughout your organization. This guide will take you through the process of configuring Palo Alto Firewalls and WebSpy Vantage to produce accurate and meaningful web activity reports that can be utilized …

A Complete Guide to Useful Reverse Proxy Reporting

Reverse proxy reporting (using WebSpy Vantage Ultimate) is a great way to gain insight to how the Internet is using your published web sites or web applications. Forward proxy reporting is all about the users accessing content on the Internet from within your corporate network. Reverse proxy reporting is the opposite. When you have a …

Simple Network Monitoring With Windows Firewall Logging And Reporting

The Windows native firewall has been around for some time now. It first made its appearance in Windows XP as the Internet Connection Sharing Firewall, which was a basic inbound firewall. In Windows XP SP2 it was turned on by default and in Windows Vista, it had grown up to be both in and outbound …

Optimizing Log File Size For Analysis And Reporting

Firewalls and proxies generate a lot of log data. Multiple gigabytes per day are commonplace now. The log files themselves are generally simple flat text files. Their size comes from the sheer volume of entries, not from being rich data types. The log file size not only consumes disk space during logging, storing, and archiving, but …

Aliases are awesome. See why you should use them!

What is an Alias? As defined by Google, in computing terms, an alias is: An alternative name or label that refers to a file, command, address, or other item, and can be used to locate or access it. When it comes to WebSpy Vantage, an alias takes log data that does not make sense and …

How I used log file analysis to safely retire a legacy web site

Legacy applications and websites remain in place for longer than they should, often because there is a suspicion that they are still being used. Meanwhile, the application is hanging around consuming IT resources that could be put towards a more useful purpose. To safely decommission a web site or service, you need to be sure …

Rethinking Log Storage and Archiving with Data Deduplication

As a typical IT department, we log a lot data. Loads of it. Thanks to various regulatory requirements, we need to log more and more data from more and more sources. That’s a lot of mores! We are also required to mine more information from those logs, and need keep these logs in their original form for …