Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
511 Views 2 Replies Latest reply: Apr 3, 2013 8:14 AM by sroering RSS
waynediesel Newcomer 39 posts since
May 4, 2012
Currently Being Moderated

Apr 2, 2013 11:38 AM

Report MWG User-Defined Counters in ePO

Hi -

 

Is there a way to report user-defined counters from MWG7x to ePO 4.6.x without the use of Content Security Reporter (CSR)?

 

I have 2 separate rules that block based on a particular set of categories, and I would like to be able to capture statistics for when those rules are triggered. I have the connection setup between MWG and ePO, but I only get a generic counter name that tells me that the URL was filtered:

MWG7_URL_Filter_Protected_Counter.JPG

 

I noticed that in the listing, none of my user-defined counter names appear when trying to create a query based on Counter Name:

MWG7_Counter_Names_1.jpg

MWG7_Counter_Names_2.jpg

 

I feel like I may be missing something simple. Any help would be greatly appreciated!

 

Message was edited by: waynediesel on 4/2/13 11:38:41 AM CDT
  • trishoar Apprentice 61 posts since
    Jan 28, 2010
    Currently Being Moderated
    1. Apr 3, 2013 5:51 AM (in response to waynediesel)
    Re: Report MWG User-Defined Counters in ePO

    Hi Wayne,

     

    This does not answer your question as such, but from what I have found the user-defind counters are not that well supported at the moment.

     

    I, too, have used them to monitor a number of different parts of my policy. The only way I have found to graph them so far is a bit of a hack job. What I have done is make a block page that has the various counters I want to monitor. this is then triggered by a specific rule for my monitoring server's IP. I then have a shell script that goes to my blocked page, and pulls that data out and puts in to RRD, and I then graph that data from there. I can share the scripts if you are interested in how I've done this?

     

    Example of what the graphs look like, the solid blue is our whitelist against the left axis, the light blue line is our black lists against our right axis and the red line is the 95th percentile.

    big-glo-filter-rps.png

     

    Tris

     

    Message was edited by: trishoar on 03/04/13 05:51:20 CDT
  • sroering McAfee SME 458 posts since
    Feb 10, 2011
    Currently Being Moderated
    2. Apr 3, 2013 8:14 AM (in response to trishoar)
    Re: Report MWG User-Defined Counters in ePO

    CSR is the only product that uses ePO and reads MWG access logs, and as you may have noticed, you can save up to 4 user-defined columns, but CSR can only treat them as text values.  As such, you cannot perform numerical functions such as graph, sum, average, etc. on those values.  Sorry.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points