Mariano Dabove 0 Posted December 1, 2016 Posted December 1, 2016 Hello again!! I have all my Terminals with ESET Endpoint Antivirus installed and running with my proxy policies that i ask in the later post of mine... My boss ask me about some sort of requirements to do with some reports in the web console and thats why now i am asking this kind of things... The 2 reports that my boss whant me to do are: - See how many times an user access to a certain url so he can know what are the most accessed url's in the company - See how many minutes does this user spend in each url Does ERA Remote Administrator can do this kinds of reports??? Thanks!!
Administrators Marcos 5,452 Posted December 1, 2016 Administrators Posted December 1, 2016 Endpoint could theoretically log all visited URLs with debug logging enabled but this would produce extremely large logs and the data would not be transferred to ERA.
Mariano Dabove 0 Posted December 1, 2016 Author Posted December 1, 2016 How can i see those logs or how can i access to this debug logging??
ESET Staff MichalJ 434 Posted December 1, 2016 ESET Staff Posted December 1, 2016 Answer to your question is: Partially - ESET has web control, which can be configured in a way, that you configure a Web Control rule for a category group that will include all sub-categories, Rule will be set to "log" and will have a severity set to warning. You can then create a report template in ERA V6. Details are listed here: hxxp://support.eset.sk/kb6043/?viewlocale=en_US What you should do in this case is to create a report with "group by URL" and then "row count" which will show you the number of visits per each URL. What you can then do, you can limit this to specific group of computers (filter by) or by TOP hits, and sort by the count descending. Report template columns configuration is in the attached screenshot. Please note, that WebControl is working in a way, that per one URL it creates more log entries, as it traces all of the sub-links, favicon, or subpages. The problem is, that per one visit, it can create 10s of entries, so the reporting will not be accurate. No, this is not possible. However, ESET offer a technology alliance partner product Safetica, which does have this functionality (productivity reports). Details are here: https://www.eset.com/int/business/endpoint-security/data-loss-prevention/
Mariano Dabove 0 Posted December 5, 2016 Author Posted December 5, 2016 I do the things that you suggest but the report doesn't retrive anything... I want to attach some screens so you can see my configuration but i can't post it where i can go so i show you the images???
Mariano Dabove 0 Posted December 6, 2016 Author Posted December 6, 2016 (edited) Here are the settings that i made so i think i can see all the logs of my visited urls... Here the report setting ( note that i cant put the Computer Names of each user because if i put this setting in the option box the options are modified and in the web control layer i only see the user option and i dont know if it is the same as the computer name option) hxxp://imageshack.com/a/img922/987/DYtad6.jpg The Report that i want to see is something like this... Computer Name Visited Url Times Visited COMPUTER 1 www.google.com 5 COMPUTER 1 www.youtube.com 3 . . . . . . . . . COMPUTER 2 www.facebook.com 2 And here the rule to detect (i think?) the urls that i visit hxxp://imageshack.com/a/img922/5691/d4nqKs.jpg Now and again i want to see wich urls each user visit so then i can block those when we want to put the block url policy... And i dont know how a rule can detect the report if i dont join the rule with the report... or i am missing something??? Plz answer i want to get rid of this proyect as soon as i can... Thanks!!! Edited December 6, 2016 by Mariano Dabove
ESET Staff MichalJ 434 Posted December 7, 2016 ESET Staff Posted December 7, 2016 Logging severity of the rule has to be set to "warning" not "always". I am not sure, if you can use wildcards for the URLs, I would recommend using "cathegory based" rule, where all URL groups are set. Screenshots attached. Then configure report like this (attached). PS: Such webcontrol report could generate excessive loads of data, as one page visit could log in multple (tens) of entries, which might significantly impact ERA server performance (!)
RyanTsai 3 Posted December 12, 2016 Posted December 12, 2016 OP specifically said he's using Endpoint Antivirus, so Web Control is not available. Only other option would be enabling diagnostic logging, but AFAIK these logs don't get passed to ERA.
ESET Staff MichalJ 434 Posted December 12, 2016 ESET Staff Posted December 12, 2016 When using ESET Endpoint Antivirus, there is no way, how to report access to all pages. Blocked webpages list won't be a solution, also diagnostic logging would not help, as ERA won't collect them (they are in intended for troubleshooting).
Mariano Dabove 0 Posted December 14, 2016 Author Posted December 14, 2016 I am using Eset Remote Administrator to manage Esert Endpoint Antivirus... And i can manage web controls with era to my eea... Neverthenless i dont know what you say in those 2 last replys of this post... Answering about the configuration that you show me i do all the things that you do. But i have some issues... First: The report dont show the computer's names Second: Despite i do this the report doesn't do anything is in blank... (I assing the policy to the computers btw). And a question... The GUI you show is different that my GUI i use thats because i have another ERA or its Only for you???. How can i attach those images in my post so i can show it to you?? I dont want to put a link everytime i want to show some pic hahahha Thanks for the reply!! and sorry for my late answer!!!
ESET Staff Solution MichalJ 434 Posted December 14, 2016 ESET Staff Solution Posted December 14, 2016 (edited) If you are using ESET Endpoint Antivirus, there is currently no way, how to achieve monitoring of blocked webpages by ESET Endpoint Antivirus. The report template shown by me, works only for ESET Endpoint Security, as that only uses the Webcontrol functionality. ESET Endpoint Antivirus does not have Webcontrol in it. Concerning the question about the different UI, I am using ERA 6.5 in my testing environment. This version is not yet generally available, but we are preparing for the release in the early Q1/2017 (by the end of January). About adding pictures, you can click on "More reply options" in the footer of your response, browse for a file by clicking "browse" and then attaching the file and publishing reply. Edited December 14, 2016 by MichalJ
Mariano Dabove 0 Posted December 14, 2016 Author Posted December 14, 2016 Thanks for the reply and your answer now i know the reason that i can't see the reports of those things... And thanks for the tip about the attach images. Plz end this topic i am very gratefull about all of your help thanks again!!!
Recommended Posts