one of our MWG´s produce a lot of traffic but we cant identify what the system do. Anyone knows how we can identify what the system do?
Here is a screen of the Proxy who produce the traffic:
The traffic seems not to be at all the time. Last night the traffic goes down but day before traffic continues. Problem exists since tuesday this week:
Here ist the other one:
We took a look in the traces via Wireshark and have seen traffic from Web Gateway with a big download but the stream is crypted.
We think its the Filesystem usage and will make a Ticket:
Yes, please install McAfee Web Reporter then you can identify which computer/user account is responsible for it. All web traffic will be shown in reporter with great details of sites and bandwidth consumed.
Thx. Without Web Reporter or CSR you can see that in the Feedback-File "running-mwg-core.txt" or command "/opt/mwg/bin/mwg-core -S connections". Command or Feedback-File must create at time when traffic is there.