Our website requires you install or enable flash player for full experience, you can download flash player by clicking here.
Make sure you also have javascript enabled so that flash player & menus work correctly.

Get Adobe Flash player

What would you like to monitor?

Analyzing IronPort log files with WebSpy

 

NEW: Watch WebSpy Vantage and IronPort Video Tutorials

Watch Video Tutorial

 

To anaylze and report on your IronPort log files with WebSpy you need to:

Configure IronPort to log to an external FTP server

WebSpy Vantage can import multiple log files simultaneously using its multi-threaded architecture. Unfortunately, the IronPort FTP server does not handle multiple connections well, and as such can cause issues for Vantage during import. WebSpy therefore recommends configuring IronPort to log to a separate FTP server and then import the local or networked text files into Vantage. This has the added benefit of increasing the speed at which the logs get imported.

Note: You can import directly from the IronPort’s internal FTP server, however we recommend you disable multi-processing in Tools | Options | Performance while importing.


To configure IronPort’s logging options:

  1. Click Log Subscriptions on the 'System Administration' drop down menu.
  2. Click on accesslogs under the ‘Log Name’ column.


    3. Log Subscriptions



  3. Set the log style to ‘Squid Details’
  4. WebSpy supports some custom fields that you can add to your log file. Authenticated Username (%A), Group (%g), Request Body Size (%q) and Response Body Size (%b). You can enter these fields as required in the Custom Fields edit box. Just make sure that Request Body Size precedes Response Body Size.
  5. Set the Retrieval Method to FTP on Remote Server.
  6. Leave the Maximum Time Interval between Transferring as the default (3600). Enter the FTP Host, Directory, Username and Password of the Remote FTP server that you will transfer the log files to. WebSpy recommends installing an FTP server on the same machine running WebSpy Vantage, and transferring the log files to that machine. The closer the log files are to WebSpy Vantage, the faster the import will be.


  7. Click submit to save your changes.

IronPort is now configured to log in a WebSpy Vantage compatible format. Once logfiles have been generated by IronPort you can import them into a storage in Vantage to begin analyzing and reporting.

Return to top

Importing into a Storage

Before you can start analyzing and reporting on your IronPort logs, you need to import your log file data into a storage. Storages are optimized for quick data access so you can analyze and report on the data you are interested in faster.

The Input Dialog wizard is used to import log files. This wizard can also be launched by clicking Import logs on the Inputs pane.

  1. On the 'Storages' page, enter a name for a new storage or select an existing storage to import to.
  2. On the 'Input Type' page select Local or networked files and folders
  3. Select the IronPort format on the 'Loader Selection' page.


    4. Loader Selection

  4. On the 'Input Selection' page, click Add | Add Folder. Enter the path where your FTP server is storing the IronPort logs. Leave the file mask as * and check Add Sub Folders. Then Click OK.


  5. The IronPort access log files will then be displayed


  6. Click OK to begin importing your data.

As Vantage imports your IronPort logs, you can view the progress of the import on the Storages dock. The Storages dock displays the size of the log file (illustrated as size imported / total size), the number of records imported, and the percentage complete (shown in the progress column).

Return to top

Download IronPort Report templates and Aliases

If you download WebSpy's IronPort Report template file, you can easily create reports that are customized for your IronPort log files.

To import the templates into Vantage:

  1. On the 'Reports' tab, click the Open templates link.
  2. Navigate to the location of your IronPort template file and select it.
  3. Click Open.
  4. Select your merging option (WebSpy recommends 'Keep existing template AND add new template) and click Merge.

You should now be able to see your new IronPort report templates.

If you download WebSpy's Productivity (IronPort) Alias file, you can easily apply the alias to improve your experience whilst running Analyses.

To import this alias into Vantage:

  1. On the 'Aliases' tab, click the Open Aliases link.
  2. Navigate to the location of your IronPort alias file and select it, then click Open.

Your Productivity (IronPort) alias can now be seen in the list of aliases.

Return to top

Analyzing your Storage

Running an Analysis is the process of reading the information in your storage and creating Summaries. Summaries can be interactively browsed and filtered using the Summaries dock, enabling you to drilldown into all areas of your network activity.

Run an Analysis

To run an analysis on your IronPort storage:

  1. Click the Summaries tab at the top of the screen.
    This takes you to the Summaries dock.
  2. Click the New Analysis link in the 'Summaries' task pad to launch the Create Analysis dialog.
  3. Select your IronPort storage from the Storage list.
  4. Select IronPort WSA Access Logs from the Schema list and then click Next.
  5. On the 'Analysis Type' page, select the 'Ad-hoc Analysis' radio button and ensure 'Use precalculated analysis if available' checkbox is checked.
    Note: You can also select Template-based Analysis and select any of the pre-defined report templates. This will run a standard report (see Reporting section below) but the Summaries screen provides the ability to drilldown beyond the bounds of the report if you find something that you would like more details on.
  6. Select any filters or summaries that you desire and then click OK to finish the wizard.

Once your analysis is complete, the Summaries are listed on an Overview screen, and clicking a summary displays the underlying information.

You can drilldown further into your data by right-clicking on any hyperlinked item and selecting Drilldown from the pop-up menu. When you drilldown, Vantage runs another analysis to retrieve the next group of Summaries from your storage.

Using the IronPort Aliases

Once you have downloaded and opened the IronPort specific aliases, you are able to group IronPort categories into 'Productive', 'Unproductive' and 'Uncertain'.

To do this:

  1. Select the 'Category' summary.
  2. In the Aliases task pad (on the left), select the 'Productivity (IronPort)' alias.

Return to top

Reporting on your Storage

Vantage enables you to produce report documents which you can send to other members of your organization, or archive.

The Reports dock enables you to configure report templates which you can then generate on your open storages. You can also view previously created reports using this dock.

Please download and open our IronPort report templates here - download IronPort report templates. You can also customize any of the existing reports, as well as create your own.

Generating a Report

To generate a report on your IronPort log data:

  1. Click the 'Reports' tab at the top of the screen. This takes you to the Reports dock.
  2. Select the tab that contains the Report Template you want to generate.
  3. Click the name of the report you want to generate.
  4. In the 'Template Editor' panel, click Generate report.
    This launches the Generate Report dialog.
  5. On the 'Storages' page, check the storage that contains your IronPort log data. Click Next.
  6. On the 'Format' page, select the format for the report. Click Next.
  7. On the 'Publish' page, enter a name for the report, and select Display the report using the default viewer if you would like the report to open after it has been generated.
  8. Leave the Filters, File Selection and Partition pages as default and then click OK to generate the report.

After Vantage has generated your report, it will be displayed using the default viewer for the format you selected. This report has also been saved in the Report Manager on the Reports dock.

Return to top