Hi,
I can't seem to find a help file on how to do this in wingate 7.
Our manager likes to see what people are doing on a per user basis and I found this to be much easier than 3'rd party log parsers.
This is the closest I can find and this is info for wingate 6x
http://help.qbik.com/index.php?p=WinGat ... m=data.chm
How do I go about setting something similar up in Wingate 7?
I used to just give the manager permissions to http://xxx.xxx.xxx.xxx:8010/audit/ after setting up user names to audit as in the above article.
Thank you in advance
Sean
Auditing users In Wingate 7 beta
Moderator: Qbik Staff
5 posts
• Page 1 of 1
Auditing users In Wingate 7 beta
by SeanLeR » Nov 02 10 8:16 pm
- SeanLeR
- Posts: 57
- Joined: Jul 28 05 8:09 pm
Re: Auditing users In Wingate 7 beta
by adrien » Nov 02 10 8:44 pm
Hi Sean
Individual audit logs were deprecated in WinGate 7 for a number of reasons:
a) they resulted in double logging, since the same info logged to user audit logs was also logged to service logs.
b) the only thing they added was separation per user
c) we overhauled the logging system in 7 and it was going to be difficult to put it back in without seriously compromising the capability of the new log system. Especially since we separated diagnostic from usage logging and allow selection of fields to log.
d) we didn't think many customers used it :)
Actually the main reason is c.
WinGate 7 logging is now componentised, and extendable. It can be extended by new formatters, and new field providers. For instance:
* the W3C logging plugin is a log extender that provides usage logging in W3C format. It accesses fields that are provided by a number of sources to build each log line that goes to file.
* The HTTP cache module provides a field for WWW logging - whether the result was served from cache or not
* The PureSight add-on provides a field for WWW logging - the category of site
Because different types of source (Web vs mail for instance) have different bits of information available to log, and we wanted to be able to allow users to choose what to log, we could no longer combine logs from incompatible sources, and this effectively put paid to per-user logs which combine all usage.
A driving factor here was the desire to log in a format that was
a) extensible - W3C format can be extended to any number of fields. For instance you can log down to the request / response header level in HTTP.
b) well-supported. W3C is probably the most commonly supported log format for log analysers. We tested with several log analysers to make sure that our logging system would work. We tested Proxy Inspector, Sawmill, Internet Access Monitor, Analog and several others.
Most W3C log analysers require several headers to be logged (e.g. Referer, User-Agent etc).
So, what to do for your boss?
Presuming that he's mostly interested in web-surfing, there are a number of options.
1. Reporting based on Timeline database: - the Timeline database stores a bunch of information about who goes to which sites for when, how long and how much data. It's a fairly simple database that could be reported on.
2. Log analysers. The quality of source data in WinGate 7's usage logs should be a lot better for log analysers. So reporting on these should be a good option as well.
3. Give your boss GateKeeper access. The Permissions system in GateKeeper allows you to set read / write / execute privileges on everything you can see in GateKeeper. This means you can have a GateKeeper login for your boss where
* he can't mess with your policy
* he can't mess with config
* he can see specified dashboards (you could set him one up)
* he can see timeline
The Timeline system has filters, which could be used to filter each user's web access. Alternatively the default timeline view you might find is completely satisfactory for him.
GateKeeper works great remotely, but it's a little more involved to set up, since there are a couple DLLs and help files needed to copy to the remote computer rather than just GateKeeper.exe. The files needed are:
GateKeeper.exe
ToolkitPro1432vc60U.dll
SSLeay32.dll
libeay32.dll
Scilexer.dll
For help, just copy all the CHM and CHI files from the root WinGate folder (not from packages folders, those are copied by GateKeeper later).
We'll be writing a dedicated GateKeeper installer at some stage prior to release.
Regards
Adrien
Individual audit logs were deprecated in WinGate 7 for a number of reasons:
a) they resulted in double logging, since the same info logged to user audit logs was also logged to service logs.
b) the only thing they added was separation per user
c) we overhauled the logging system in 7 and it was going to be difficult to put it back in without seriously compromising the capability of the new log system. Especially since we separated diagnostic from usage logging and allow selection of fields to log.
d) we didn't think many customers used it :)
Actually the main reason is c.
WinGate 7 logging is now componentised, and extendable. It can be extended by new formatters, and new field providers. For instance:
* the W3C logging plugin is a log extender that provides usage logging in W3C format. It accesses fields that are provided by a number of sources to build each log line that goes to file.
* The HTTP cache module provides a field for WWW logging - whether the result was served from cache or not
* The PureSight add-on provides a field for WWW logging - the category of site
Because different types of source (Web vs mail for instance) have different bits of information available to log, and we wanted to be able to allow users to choose what to log, we could no longer combine logs from incompatible sources, and this effectively put paid to per-user logs which combine all usage.
A driving factor here was the desire to log in a format that was
a) extensible - W3C format can be extended to any number of fields. For instance you can log down to the request / response header level in HTTP.
b) well-supported. W3C is probably the most commonly supported log format for log analysers. We tested with several log analysers to make sure that our logging system would work. We tested Proxy Inspector, Sawmill, Internet Access Monitor, Analog and several others.
Most W3C log analysers require several headers to be logged (e.g. Referer, User-Agent etc).
So, what to do for your boss?
Presuming that he's mostly interested in web-surfing, there are a number of options.
1. Reporting based on Timeline database: - the Timeline database stores a bunch of information about who goes to which sites for when, how long and how much data. It's a fairly simple database that could be reported on.
2. Log analysers. The quality of source data in WinGate 7's usage logs should be a lot better for log analysers. So reporting on these should be a good option as well.
3. Give your boss GateKeeper access. The Permissions system in GateKeeper allows you to set read / write / execute privileges on everything you can see in GateKeeper. This means you can have a GateKeeper login for your boss where
* he can't mess with your policy
* he can't mess with config
* he can see specified dashboards (you could set him one up)
* he can see timeline
The Timeline system has filters, which could be used to filter each user's web access. Alternatively the default timeline view you might find is completely satisfactory for him.
GateKeeper works great remotely, but it's a little more involved to set up, since there are a couple DLLs and help files needed to copy to the remote computer rather than just GateKeeper.exe. The files needed are:
GateKeeper.exe
ToolkitPro1432vc60U.dll
SSLeay32.dll
libeay32.dll
Scilexer.dll
For help, just copy all the CHM and CHI files from the root WinGate folder (not from packages folders, those are copied by GateKeeper later).
We'll be writing a dedicated GateKeeper installer at some stage prior to release.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Auditing users In Wingate 7 beta
by SeanLeR » Nov 02 10 11:33 pm
Thanks, I'll go through this and see what ends up being easiest.
- SeanLeR
- Posts: 57
- Joined: Jul 28 05 8:09 pm
Re: Auditing users In Wingate 7 beta
by SeanLeR » Nov 03 10 1:10 am
What logfile parser would you suggest we use?
It will only be for wingate.
We bought Proxy inspector about 3 weeks before they upgraded to version 3 and they insist we purchase v3 if we want it so I will not be buying anything from that company again (and v2.7 does not seem to work with wingate v7).
It will only be for wingate.
We bought Proxy inspector about 3 weeks before they upgraded to version 3 and they insist we purchase v3 if we want it so I will not be buying anything from that company again (and v2.7 does not seem to work with wingate v7).
- SeanLeR
- Posts: 57
- Joined: Jul 28 05 8:09 pm
Re: Auditing users In Wingate 7 beta
by adrien » Nov 03 10 3:58 am
Hi
I guess from the timing, we were trying ProxyInspector 3.something.
We did have to play a bit with the fields required, and I think even tell it to use ISA server format logs (and I think maybe even had to rename our log files into a format like ISA server ones for it to read them).
We had the best results with Sawmill I think. It's paid, but I think we decided you get what you pay for when we were evaluating them. I'd recommend testing a trial first.
Regards
Adrien
I guess from the timing, we were trying ProxyInspector 3.something.
We did have to play a bit with the fields required, and I think even tell it to use ISA server format logs (and I think maybe even had to rename our log files into a format like ISA server ones for it to read them).
We had the best results with Sawmill I think. It's paid, but I think we decided you get what you pay for when we were evaluating them. I'd recommend testing a trial first.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests