After the update of our MWG are using the Web application control. We would like to generate reports on application usage on our Web Reporter. How can we generate these reports?
The access.log header is: # time_stamp "auth_user" src_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client bytes_from_client "user_agent" "virus_name" "block_res" "application_name"
In the Web Reporter, the log source is configured to accept the automatic log source format of MWG.
Does anyone know how can we generate reports with this information?
Thanks in advance.
Make sure the field in the log is also getting written. Changing the header alone is not enough to populate the data.
Set User-Defined.logLine = DateTime.ToWebReporterString
+ "" ""
+ String.ReplaceIfEquals (Application.ToString (Application.Name), "", "-")
FileSystemLogging.WriteLogEntry (User-Defined.logLine)<Access Log Configuration>
Once the rule is changed, in Web reporter, you must define a user-defined field in the log source. It is not an auto-detected field:
Then you create queries on the detail file to put into a report.
I've attached a report Export from mine that you shold ne able to import into Web Reporter to run.
I also included the report output in the attached PDF.
thanks very very much
Under the column properties tab (last screenshot), you probably want to sort hits by descending. Otherwise the bar graph would be random.
Note that the newly-released Web Reporter 5.2.1 now includes Application details in queries and/or reports. If I understand correctly, you would still need to follow the steps to have the MWG log "Application_name", but you would no longer need to do the custom column mapping in web reporter.
I would assume anyone who's configured the custom column mapping should disable it, post upgrade, in order to save processing time/disk space?
I've completed the upgrade - having the ability to drill-down in Applications via Custom reports really great.
Kudos to the dev team for adding this feature!
I'm just testing this myself too.
yes, you will have to disablet he user-defined field currently used for application_name and let the native parsing handle it.
This leads to a little bit of bifurcation because old data will remain in the UD field, and new data will be in the native application field.
I guess we'll have to accept thsi until the older data rolls off the history.
Yes, I would recommend using the new feature in Web Reporter 5.2.1 for the following reasons.
1) Application type reports available on summary data too
2) Better performance
3) Ability to create report level filters for applications
4) Maybe a little disk savings, but I think the over all numbers might be small percentage wise.