I have MWG 184.108.40.206.0 (23766) virtual appliance in my lab.
I already have a rule set to authenticate the user's sessions and later filter them based on their active directory group.
The authentication works fine, but I need to have a report based on a specific user groups.
For example, I want to know what kind of web pages (by URL Categorization) the group Marketing consume.
I have ePO v5.3.2 with McAfee Content Security Reporter v220.127.116.11 and I have the MWG reporting in the ePO.
Again, i don't have problems with the integration, because im able to see the events in ePO related to MWG.
I followed WR: How to Add a Log Column in Webgateway and How to Report on it Using Web Reporter because I think that is the way in wicht I will achieve to have the user's groups in my reports.
Here goes the modifications I did:
I added in the Access log the parameter List.OfString.ToString (Authentication.UserGroups,"")
Later, I configure the Access Log Configuration as follows:
And finally, configure the CSR in my ePO:
But after all the configuration, the ePO did not parse correctly and because of that, im not able to see any events in my ePO.
Here goes a line in the log file in which I can see indeed the AD groups:
[10/Jul/2017:12:10:41 -0400] "mgamarra" 192.168.0.78 200 "GET http://www.ole.com.ar/fuera-de-juego/fotos-BocaFan_OLEIMA20170703_0047_17.jpg HTTP/1.1" "Sports" "Minimal Risk" "image/jpeg" 12114 1360 "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0" "" "0" "" Internet_FullAdmins. del dominioUsuarios del dominioMcAfeeSIEMmesa_de_ayudaPropietarios del creador de directivas de grupoAdministradores de esquemaOrganization ManagementAdministradores de empresas
Can you please give me a hand whit that? My objective is to have a reports whit the AD groups of my users which the consume of web pages.
access.log.zip 143.3 K