I have been in a similar situation, and have been using Webtrends with mixed results. Webtrends offers very good graphing, reporting, etc. But I have found two problems with this setup.
First, since the firewall logs IP addresses rather than user names of the clients, you cannot be sure who the user was logged onto the workstation. This then forces you to look at the local security logs or cookies on the client machine in question to verify the user logged on. Also, in a DHCP environment, gathering a user activity report from last month or last quarter may return erroneous results since IP addresses of the clients may have changed during those times. Two things that can address these problems: Use a proxy that logs by username - MSProxy, ISA, Squid to name a few. This will give you reliable results correlating to a user rather than an IP or workstation name. Checkpoint MetaIP - this is a major undertaking in a large environment, but MetaIP offers DNS, DHCP, and user logon tracking which in the big picture logs the username in the Firewall-1 logs. -----Original Message----- From: tony toni [mailto:[EMAIL PROTECTED]] Sent: Monday, October 22, 2001 3:47 PM To: [EMAIL PROTECTED] Subject: Firewall and Internet Reporting Software...Best One? Folks, I am conducting research on finding a package that will create (1) management/performance reports from our Checkpoint firewall logs and (2) create reports on employee internet usage. We currently use WebSense to keep employees from going to porno and gambling sites but found it will not work for our reporting needs (ie it uses a MS SQL data base and we are a Oracle shop). So currently, I am not saving any log information. However, getting a lot of pressure from Management...they want know what employees are doing on the internet, time spent, bandwidth, etc. I am also the firewall administrator. I need a product that will quickly go through the mountains of firewall log activity that is generated daily. I want to perform management, performance and health checks on the firewalls but the log reporting that comes with Check Point is so slow and primitive. I would like to find one product that can give me a wide variety of reports/graphs on firewall performance and employee internet activity. I have briefly looked at WebTrends, SurfControl, CyberPatrol...not sure if they fit the bill. Any recommendations? Tony IT Security Manager _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
