cancel
Showing results for 
Search instead for 
Did you mean: 

Users group info on web reporter not showing

Hello,

I have configured proxy chaining with one MS Threat Management Gateway as a downstream proxy and one Mcafee Web Gateway as an upstream proxy.

I have installed Web chain plugin on TMG server and configured it to send user and group information to Mcafee Web Gateway. I have integrated Mcafee Web Gateway with Web reporter.

So, on Web gateway I can see user information with web activity but I cannot see the corresponding group activity.

Does anyone faced the same issue before ? Any suggestion ?

BR,

Ilir

Message was edited by: isaqellari on 4/16/13 7:56:54 AM CDT
4 Replies
Highlighted

Re: Users group info on web reporter not showing

What is your goal of the groups?

1) Run a report with group filters (example: show me a list of sites with most hits for people in the Support group)

2) Run a report showing which groups were used to enforce policy (meaning that you want to show group information written to the access logs in your report results.)

For option 1, you don't want to use group information in the logs. Please refer to this KB article.

https://kc.mcafee.com/corporate/index?page=content&id=KB67630

For option 2, you would use user-defined columns

Step 1: Make sure your log sources are keeping detailed data

Step 2: On the log source, go to user-defined columns and add the name of the group header to one of the user defined columns

Step 3: Data from the group column would be available in detail data based report.

Re: Users group info on web reporter not showing

Hello sroering,

Thank you for you reply.

What I have noticed is the fact that user group information is not present at all on access.log file on Mcafee Web Gateway.

So, the access log is transmitted to Mcafee Web Reporter without user group info.

What should I configure to have this info logged on access.log file ?

BR,

Ilir

Re: Users group info on web reporter not showing

You don't need or probably want group information written in the access logs unless your goal is option 2 above.  The two scenarios are not equivelant by any means.

Typical/Classical group reporting is done by option 1.

If you are truely looking to do option 2, then this is the high-level process

1) Modify the MWG access log header to include a custom name for groups, such as "dsp_groups" for down-stream-proxy-groups.

2) Modify the MWG logging rule to log the HTTP header that contains the groups.

3) Edit the log source as I described above to save "dsp_groups" in a user-defined column.

Re: Users group info on web reporter not showing

Hello sroering,

Thanks again for your support.

I'm having difficulties regarding the step 2 of Option 2.

2) Modify the MWG logging rule to log the HTTP header that contains the groups.

I don't know how to configure the logging rule to log the HTTP header that contains the group info.

To the Events step of Write access.log rule I've added Header.Request.Get ("X-Authenticated-Groups") as you can see from the file attached.

Am I missing something ?

BR,

IlirCapture.PNG

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community