Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
955 Views 4 Replies Latest reply: Jan 23, 2013 3:18 PM by Jon Scholten RSS
Ahmed Eissa Apprentice 53 posts since
Nov 14, 2011
Currently Being Moderated

Jan 22, 2013 10:06 AM

integrate web reporter to directory to get username for IPS

MY webgateway is using IP Mapping , in secure web reporter the  genterated reportes are generated per IP address.

iam asking is there any way to integrate a manunal internal directory to show these ips with its username ??

and i mean with username that usernames which is manually configured

as "172.16.16.16" will be shown as "Ahmed Eissa"

aaaaaaaaaaaaUntitled.png

bbbbbbbbbUntitled.png

can i replace this ip with a username defined to me , unfortunately my orgnization Active directory is not based on ip address , it is based on username

 

Plllllz help me

 

Message was edited by: ahmed.eissa on 2013/01/22 10:06:18 AM
  • Jon Scholten McAfee SME 857 posts since
    Nov 3, 2009

    Hi Ahmed,

     

    I'm not sure I understand you correctly, but I'll try to explain.

     

    In order to get reports based on username's you need to enable authentication in Web Gateway. Please send in a screenshot of the full "web mapping" tab, as well as Proxies > HTTP(S) Proxy > Authentication tab. This will show me if you have authentication enabled. I'm guessing you do not.

     

    Web Gateway's "web mapping" are intended to assign URL Filtering policies based on IP/user/group.

     

    Best,

    Jon

  • sroering McAfee SME 458 posts since
    Feb 10, 2011

    Since you are using Web Gateway 6, the log header configuration controls the log records.  So this means that your client ip will be under the "client_ip" header.  Web Reporter is expecting the username under the "auth_user" header.  You could create a shell script to modify the header before sending them to Web Reporter, but I see 2 more problems:

     

    1) Web Reporter would still save the IP address as the user name, then using the internal directory it could add the real user name for "display name".  So you cannot actually get the username correct using this method. Maybe a small point.

     

    2)The second problem with modifying the header is that i'm pretty sure that Web Reporter requires client_ip. The log parsing job would probably fail without it.

     

    But Web Reporter already has an option to deal with unauthenticated traffic.  I think that your best option is to stand up a DNS service on the Web Reporter box that maps the ip address to user names.  Then on your log source, enable the "use host names" option.

  • Jon Scholten McAfee SME 857 posts since
    Nov 3, 2009

    Hi Ahmed,

     

    You cannot edit Web Reporter's database to do what you describe, a lot of things would break if you tried.

     

    Is there a reason you do not enable authentication on Web Gateway? This way Web Gateway would log who the user is and save you all this trouble.

     

    Best,

    Jon

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points