Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
390 Views 2 Replies Latest reply: Feb 27, 2013 12:54 PM by robert.messing RSS
robert.messing Newcomer 2 posts since
Feb 27, 2013
Currently Being Moderated

Feb 27, 2013 11:40 AM

What are the best practices to a rule which allow's all client IP's to be unfiltered to report activity?

I am new to McAfee Web Security and was looking for the best way to report all activity for diffrent client Ip subnets.

  • Regis Champion 457 posts since
    Oct 6, 2010

    You definitely don't want to generate email on every request.

     

    You might consider creating a separate log for them under the log handler   ... add a new one with a criteria of   client.ip matches in list   [list of whitelisted ip's].  And then deep in there is some magic to do FileSystemLoggin.WritelogEntry (User-definedloglinesomething or ther)   and within there a log configuration can be made to autmatically push that log out to Web Reporter at certain intervals.        I strongly recommend getting support's help with this because I can never do it on my own despite having done it twice before with their help.

       

    Or, if you have the web reporter,   you could possibly to it on that end based on stock access logs.  I'm not sure though as web reporter is ... not the greatest in terms of its query flexibility.  

     

    Or, you could deal with raw logs and do an zfgrep -f textfileoftheiripaddresses.txt  /path/to/your/archived/logs/accessYYMMDD*  >  whitelisters_reviewme_somehow.txt  

     

    The first one is probably the cleanest.

     

    Getting web reporter to send you a daily summary based on a log file source of those with that privilege is probably the way to go.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points