Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1419 Views 6 Replies Latest reply: Jan 18, 2013 9:58 AM by sroering RSS
maitane Apprentice 129 posts since
Apr 18, 2011
Currently Being Moderated

Jul 4, 2012 4:44 AM

How to generate application report on Web Reporter

 

Hello,

 

After the update of our MWG are using the Web application control. We would like to generate reports on application usage on our Web Reporter. How can we generate these reports?

 

The access.log header is: # time_stamp "auth_user" src_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client bytes_from_client "user_agent" "virus_name" "block_res" "application_name"

 

In the Web Reporter, the log source is configured to accept the automatic log source format of MWG.

Does anyone know how can we generate  reports with this information?

 

Thanks in advance.

  • eelsasser McAfee SME 842 posts since
    Mar 24, 2010
    Currently Being Moderated
    1. Jul 4, 2012 3:06 PM (in response to maitane)
    Re: How to generate application report on Web Reporter

    Make sure the field in the log is also getting written. Changing the header alone is not enough to populate the data.

    Events:

    Set User-Defined.logLine = DateTime.ToWebReporterString

    (...snip...)

    + "" ""

    + String.ReplaceIfEquals (Application.ToString (Application.Name), "", "-")

    + """

    FileSystemLogging.WriteLogEntry (User-Defined.logLine)<Access Log Configuration>

     

     

    Once the rule is changed, in Web reporter, you must define a user-defined field in the log source. It is not an auto-detected field:

    Capture.jpg

     

    Then you create queries on the detail file to put into a report.

    Capture2.jpg

    Capture3.jpg

    Capture4.jpg

     

    I've attached a report Export from mine that you shold ne able to import into Web Reporter to run.

    I also included the report output in the attached PDF.

    Attachments:
  • sroering McAfee SME 458 posts since
    Feb 10, 2011

    Under the column properties tab (last screenshot), you probably want to sort hits by descending. Otherwise the bar graph would be random.

  • clausonna Newcomer 18 posts since
    Nov 11, 2009
    Currently Being Moderated
    4. Jan 18, 2013 9:47 AM (in response to maitane)
    Re: How to generate application report on Web Reporter

    Note that the newly-released Web Reporter 5.2.1 now includes Application details in queries and/or reports.  If I understand correctly, you would still need to follow the steps to have the MWG log "Application_name", but you would no longer need to do the custom column mapping in web reporter. 

     

    I would assume anyone who's configured the custom column mapping should disable it, post upgrade, in order to save processing time/disk space?

     

    I've completed the upgrade - having the ability to drill-down in Applications via Custom reports really great. 

     

    Kudos to the dev team for adding this feature!

  • eelsasser McAfee SME 842 posts since
    Mar 24, 2010

    I'm just testing this myself too.

    yes, you will have to disablet he user-defined field currently used for application_name and let the native parsing handle it.

     

    This leads to a little bit of bifurcation because old data will remain in the UD field, and new data will be in the native application field.

    I guess we'll have to accept thsi until the older data rolls off the history.

  • sroering McAfee SME 458 posts since
    Feb 10, 2011

    Yes, I would recommend using the new feature in Web Reporter 5.2.1 for the following reasons.

     

    1) Application type reports available on summary data too

    2) Better performance

    3) Ability to create report level filters for applications

    4) Maybe a little disk savings, but I think the over all numbers might be small percentage wise.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points