2 Replies Latest reply on Jun 6, 2011 5:10 PM by Sean Slattery

    Sidewinder 8 and Smart Reporter

      Gentelmen,

      Any one had sucess in integrating sidewider 8 built-in SmartFilter with the external SmartReporter Server?

       

      I am assuming a problem with the reporter installation process. I have installed the complete Smart Filter Console and added the log source from the reporter interface.

       

      I was unable to find a document that discribes this specific part of the installation.

       

      Thanks

       

      Sameh

        • 1. Re: Sidewinder 8 and Smart Reporter
          PhilM

          Sameh,

           

          As you refer to the reporting product as Smart Reporter it makes me wonder if you are running the current version (as it has been called McAfee Web Reporter for at least a year, if not more). Web Reporter is currently running at v5.2

           

          In the Firewall Enterprise 8.1.x Product Guide, if your have implemented SmartFilter so that it is managed within the Firewall GUI, page 135 should explain what you need to do - essentially you enable SmartFilter auditing in the Application Defenses -> SmartFilter -> Audit screen, select the Audit Destination as either "Remote report server" or "Both" and enter the IP address & port number of your Web Reporter installation.

           

          As there's nothing more in the Firewall manual on this, I guess the rest is then covered in the Web Reporter documentation.

           

          Hope that helps.

          Phil.

          • 2. Re: Sidewinder 8 and Smart Reporter
            Sean Slattery
            1. Create the log source for the firewall in Web Reporter
              1. Mode is “Accept real-time log data”
              2. Plug-in address is the IP address of the firewall
              3. Configure log source options as necessary e.g. directories and processing
            2. Enable SmartFilter audit in firewall admin console
              1. Audit destination is “Remote Report Server”
              2. Report server address is IP of Web Reporter system and default port of 4200
              3. You can test the availability of the port with telnet. When running, you will connect but have not banner page. A timeout or connection error indicates the IP/port being inaccessible.
            3. Ensure that there is a firewall rule that uses sends traffic through SmartFilter i.e. users the URL filtering Application Defense rule.
            4. In Web Reporter, open the Statistics tab of the Log Sources section. The top right pane shows real-time log statistics as well as how long the listener has been running.
            5. Generate some web traffic. You should see the real-time statistics grow.
            6. As I have a combination of MWG, MFE and SAE/WFE data, you can create a filter in Web Reporter to view data from particular log sources e.g. the firewall..

             

            Note that the SmartFilter plugin to MFE will only show web traffic data hit counts but not bandwidth (byte count) information. This is the same as SAE/WFE. Only MWG is capable of recording bandwidth information. SmartFilter only provides a allow or deny check on site requests.