cancel
Showing results for 
Search instead for 
Did you mean: 
ahmed.eissa
Level 7

integrate web reporter to directory to get username for IPS

MY webgateway is using IP Mapping , in secure web reporter the  genterated reportes are generated per IP address.

iam asking is there any way to integrate a manunal internal directory to show these ips with its username ??

and i mean with username that usernames which is manually configured

as "172.16.16.16" will be shown as "Ahmed Eissa"

aaaaaaaaaaaaUntitled.png

bbbbbbbbbUntitled.png

can i replace this ip with a username defined to me , unfortunately my orgnization Active directory is not based on ip address , it is based on username

Plllllz help me

Message was edited by: ahmed.eissa on 2013/01/22 10:06:18 AM
0 Kudos
4 Replies
McAfee Employee

Re: integrate web reporter to directory to get username for IPS

Hi Ahmed,

I'm not sure I understand you correctly, but I'll try to explain.

In order to get reports based on username's you need to enable authentication in Web Gateway. Please send in a screenshot of the full "web mapping" tab, as well as Proxies > HTTP(S) Proxy > Authentication tab. This will show me if you have authentication enabled. I'm guessing you do not.

Web Gateway's "web mapping" are intended to assign URL Filtering policies based on IP/user/group.

Best,

Jon

0 Kudos
sroering
Level 13

Re: integrate web reporter to directory to get username for IPS

Since you are using Web Gateway 6, the log header configuration controls the log records.  So this means that your client ip will be under the "client_ip" header.  Web Reporter is expecting the username under the "auth_user" header.  You could create a shell script to modify the header before sending them to Web Reporter, but I see 2 more problems:

1) Web Reporter would still save the IP address as the user name, then using the internal directory it could add the real user name for "display name".  So you cannot actually get the username correct using this method. Maybe a small point.

2)The second problem with modifying the header is that i'm pretty sure that Web Reporter requires client_ip. The log parsing job would probably fail without it.

But Web Reporter already has an option to deal with unauthenticated traffic.  I think that your best option is to stand up a DNS service on the Web Reporter box that maps the ip address to user names.  Then on your log source, enable the "use host names" option.

0 Kudos
ahmed.eissa
Level 7

Re: integrate web reporter to directory to get username for IPS

Jon Scholten

Hi Ahmed,

I'm not sure I understand you correctly, but I'll try to explain.

In order to get reports based on username's you need to enable authentication in Web Gateway. Please send in a screenshot of the full "web mapping" tab, as well as Proxies > HTTP(S) Proxy > Authentication tab. This will show me if you have authentication enabled. I'm guessing you do not.

Web Gateway's "web mapping" are intended to assign URL Filtering policies based on IP/user/group.

Best,

Jon

Dear Jon

unfortuantely our web gateway don`t use username authentication ,it only based on ip mapping

i`m lloking for to edit in web reporter to replace map ip address with a user name edited manually by me

0 Kudos
McAfee Employee

Re: integrate web reporter to directory to get username for IPS

Hi Ahmed,

You cannot edit Web Reporter's database to do what you describe, a lot of things would break if you tried.

Is there a reason you do not enable authentication on Web Gateway? This way Web Gateway would log who the user is and save you all this trouble.

Best,

Jon

0 Kudos