Beruflich Dokumente
Kultur Dokumente
TM
The Blue Coat Reporter provides identity-based user and network reporting for evaluating Web security policies and resource management on an enterprise network. As an add-on product, Blue Coat Reporter provides a log analysis tool enabling network and security administrators to generate usage reports in HTML format. The Blue Coat Reporter can be installed on Windows, Sun Solaris and Red Hat Linux platforms.
The Blue Coat Reporter dramatically extends Blue Coat Security Gateway policies by enabling administrators to: Identify possible security holes Track potentially dangerous user activity Report on blocked traffic by category and URL Conserve network bandwidth resources by identifying abuse patterns Report on Web usage by user, group, location, URL, and other factors Determine violators of corporate Web access policies
There are four easy steps to implementing, configuring, and testing the Blue Coat Reporter solution: Install the Blue Coat Reporter Configure the accesslog format on the Blue Coat Security Gateway Port 80 appliance Import the accesslog into the Blue Coat Reporter Generate Reports
Note: Please refer to the AccessLog TechBrief to configure accesslog for your environment.
Technical Brief
Reporter
Step 1 Install the Blue Coat Reporter
The Blue Coat Reporter can be found at: http://download.BlueCoat.com/release/Reporter/index.html
Follow the easy download and installation instructions on your screen. Then launch the Blue Coat Reporter. The following launch screen and main page will be displayed:
Step 2 Configure the Accesslog Format on the Blue Coat Security Gateway
The next step is to configure the accesslog format for your Blue Coat Appliance. The Following format instructions will provide the following fields: Date/Time Username URL HTTP Method Size of object Content Filter Category
To configure access logging follow these steps: Blue Coat Management Interface | Access Logging category | Format
Click on Install Next, select the Upload Type tab to specify the upload client type (FTP or Custom) and the format to save the log file such as gzip or txt. Make sure you can save and view the access log file before proceeding to the next step.
Then, the following screen appears and allows you to create a new Reporter configuration and point to the access log file found on your Blue Coat Security Appliance. When you point Reporter to the new log file, it will not automatically recognize the format. You will have to tell it to use Blue Coat Custom Log Format that you specified earlier in the Blue Coat Security Gateway configuration. Copy and paste in the log file format as shown in this example
Technical Brief
Reporter
Click Next.
Select all the check boxes in the next window that comes up and click Next.
We now need to instruct Reporter to build correlations between categories of IP addresses and URLs. This is done from the Administrative Menu. Click on the Administrative Menu link and Reporter will bring up the following screen. From here select Open Configuration.
Next, you can open any report in the list. Select the Configuration name (WebReport in our example) and Click Open.
Technical Brief
Reporter
Several things can be configured from this screen. For example, from the Network tab, the DNS server and SMTP server can be set to facilitate automated email with periodic reports.
Click on the Database Xrefs to begin setting up the correlations necessary to report on Categories URLs IP addresses. All possible reporting can be configured from here. If there is a report that you need to create that is not currently being crossreferenced, this is where it can be selected. The Configuration Options screen looks like this before changes are made.
The cross-references necessary to see which IP addresses go to a particular category and URL, requires the selection of a few boxes as shown here.
After making the selections click on the button at the top to save changes and go back to the Main Menu. Clicking any tab or the Back to Configuration button will save your changes.
Click Next on the next screen so the database is rebuilt. Then View Statistics to see your comprehensive reports.
When you click on the Portal_Sites in the report, for example, you can then click on Top Source IPs on the left side to see which IP addresses correspond to a category.
Technical Brief
Contact Blue Coat Systems 1.866.30.BCOAT 408.220.2200 Direct 408.220.2250 Fax www.bluecoat.com
When you click on the Portal_Sites in the report, for example, you can then click on Top Source IPs on the left side to see which IP addresses correspond to a category. If there was more activity in the access log, this report would show more than one IP address in this report. If a Blue Coat Security Gateway is performing proxy
authentication, then these logs would display the authenticated username as well. Be sure to select the cross-references for Authenticated User in the Database Xrefs screen to display this information.
In this TechBrief we have discussed how to enable logging on a Blue Coat Security Appliance and then configure your add-on Blue Coat Reporter to display and correlate the log information. We have also shown a few of the many combinations of reports that can be easily created using the Blue Coat Reporter.
Blue Coat Systems, a Web security company, has developed the industrys first port 80 security appliance. Safeguarding many of the world's largest corporate networks, this high-performance security appliance intelligently protects against Webbased threats by policing Port 80 the primary hole in the enterprise security infrastructure. Headquartered in Sunnyvale, California, Blue Coat Systems can be reached at 408.220.2200 or at http://www.bluecoat.com. Copyright 2003 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use, Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Version 1.1