4 Replies Latest reply on Apr 17, 2013 6:13 AM by isaqellari

    Users group info on web reporter not showing

      Hello,

       

      I have configured proxy chaining with one MS Threat Management Gateway as a downstream proxy and one Mcafee Web Gateway as an upstream proxy.

      I have installed Web chain plugin on TMG server and configured it to send user and group information to Mcafee Web Gateway. I have integrated Mcafee Web Gateway with Web reporter.

      So, on Web gateway I can see user information with web activity but I cannot see the corresponding group activity.

       

      Does anyone faced the same issue before ? Any suggestion ?

       

      BR,

      Ilir

       

      Message was edited by: isaqellari on 4/16/13 7:56:54 AM CDT
        • 1. Re: Users group info on web reporter not showing
          sroering

          What is your goal of the groups?

           

          1) Run a report with group filters (example: show me a list of sites with most hits for people in the Support group)

          2) Run a report showing which groups were used to enforce policy (meaning that you want to show group information written to the access logs in your report results.)

           

           

          For option 1, you don't want to use group information in the logs. Please refer to this KB article.

          https://kc.mcafee.com/corporate/index?page=content&id=KB67630

           

          For option 2, you would use user-defined columns

          Step 1: Make sure your log sources are keeping detailed data

          Step 2: On the log source, go to user-defined columns and add the name of the group header to one of the user defined columns

          Step 3: Data from the group column would be available in detail data based report.

          1 of 1 people found this helpful
          • 2. Re: Users group info on web reporter not showing

            Hello sroering,

             

            Thank you for you reply.

            What I have noticed is the fact that user group information is not present at all on access.log file on Mcafee Web Gateway.

            So, the access log is transmitted to Mcafee Web Reporter without user group info.

             

            What should I configure to have this info logged on access.log file ?

             

            BR,

            Ilir

            • 3. Re: Users group info on web reporter not showing
              sroering

              You don't need or probably want group information written in the access logs unless your goal is option 2 above.  The two scenarios are not equivelant by any means.

               

              Typical/Classical group reporting is done by option 1.

               

              If you are truely looking to do option 2, then this is the high-level process

              1) Modify the MWG access log header to include a custom name for groups, such as "dsp_groups" for down-stream-proxy-groups.

              2) Modify the MWG logging rule to log the HTTP header that contains the groups.

              3) Edit the log source as I described above to save "dsp_groups" in a user-defined column.

              • 4. Re: Users group info on web reporter not showing

                Hello sroering,

                 

                Thanks again for your support.

                 

                I'm having difficulties regarding the step 2 of Option 2.

                2) Modify the MWG logging rule to log the HTTP header that contains the groups.

                 

                I don't know how to configure the logging rule to log the HTTP header that contains the group info.

                To the Events step of Write access.log rule I've added Header.Request.Get ("X-Authenticated-Groups") as you can see from the file attached.

                 

                Am I missing something ?

                 

                BR,

                IlirCapture.PNG