Jump to content

Can i do this Report?


Go to solution Solved by MichalJ,

Recommended Posts

Hello again!!

 

I have all my Terminals with ESET Endpoint Antivirus installed and running with my proxy policies that i ask in the later post of mine...

 

My boss ask me about some sort of requirements to do with some reports in the web console and thats why now i am asking this kind of things...

 

The 2 reports that my boss whant me to do are:

 

- See how many times an user access to a certain url so he can know what are the most accessed url's in the company

- See how many minutes does this user spend in each url

 

Does ERA Remote Administrator can do this kinds of reports???

 

Thanks!!

 

Link to comment
Share on other sites

  • Administrators

Endpoint could theoretically log all visited URLs with debug logging enabled but this would produce extremely large logs and the data would not be transferred to ERA.

Link to comment
Share on other sites

  • ESET Staff

Answer to your question is:

  1. Partially - ESET has web control, which can be configured in a way, that you configure a Web Control rule for a category group that will include all sub-categories, Rule will be set to "log" and will have a severity set to warning. You can then create a report template in ERA V6. Details are listed here: hxxp://support.eset.sk/kb6043/?viewlocale=en_US
    1. What you should do in this case is to create a report with "group by URL" and then "row count" which will show you the number of visits per each URL. What you can then do, you can limit this to specific group of computers (filter by) or by TOP hits, and sort by the count descending. Report template columns configuration is in the attached screenshot. 
    2. Please note, that WebControl is working in a way, that per one URL it creates more log entries, as it traces all of the sub-links, favicon, or subpages. The problem is, that per one visit, it can create 10s of entries, so the reporting will not be accurate. 
  2. No, this is not possible. However, ESET offer a technology alliance partner product Safetica, which does have this functionality (productivity reports). Details are here: https://www.eset.com/int/business/endpoint-security/data-loss-prevention/ 

 

post-35-0-93088700-1480601130_thumb.png

Link to comment
Share on other sites

I do the things that you suggest but the report doesn't retrive anything...

 

I want to attach some screens so you can see my configuration but i can't post it where i can go so i show you the images???

Link to comment
Share on other sites

Here are the settings that i made so i think i can see all the logs of my visited urls...

 

Here the report setting ( note that i cant put the Computer Names of each user because if i put this setting in the option box the options are modified and in the web control layer i only see the user option and i dont know if it is the same as the computer name option)

 

hxxp://imageshack.com/a/img922/987/DYtad6.jpg

 

The Report that i want to see is something like this...

 

Computer Name           Visited Url             Times Visited

  COMPUTER 1         www.google.com               5

  COMPUTER 1         www.youtube.com             3

           .                                 .                             .

           .                                 .                             .

           .                                 .                             .

  COMPUTER 2         www.facebook.com            2

 

And here the rule to detect (i think?) the urls that i visit

 

hxxp://imageshack.com/a/img922/5691/d4nqKs.jpg

 

Now and again i want to see wich urls each user visit so then i can block those when we want to put the block url policy... And i dont know how a rule can detect the report if i dont join the rule with the report... or i am missing something???

 

Plz answer i want to get rid of this proyect as soon as i can...

 

Thanks!!!

Edited by Mariano Dabove
Link to comment
Share on other sites

  • ESET Staff

Logging severity of the rule has to be set to "warning" not "always".

I am not sure, if you can use wildcards for the URLs, I would recommend using "cathegory based" rule, where all URL groups are set.

 

Screenshots attached.

 

Then configure report like this (attached).

 

PS: Such webcontrol report could generate excessive loads of data, as one page visit could log in multple (tens) of entries, which might significantly impact ERA server performance (!)

 

post-35-0-10941700-1481129559_thumb.png

post-35-0-02847200-1481129566_thumb.png

post-35-0-95989700-1481129573_thumb.png

post-35-0-67031300-1481129582_thumb.png

Link to comment
Share on other sites

OP specifically said he's using Endpoint Antivirus, so Web Control is not available. Only other option would be enabling diagnostic logging, but AFAIK these logs don't get passed to ERA.

Link to comment
Share on other sites

  • ESET Staff

When using ESET Endpoint Antivirus, there is no way, how to report access to all pages. Blocked webpages list won't be a solution, also diagnostic logging would not help, as ERA won't collect them (they are in intended for troubleshooting).

Link to comment
Share on other sites

I am using Eset Remote Administrator to manage Esert Endpoint Antivirus... And i can manage web controls with era to my eea... Neverthenless i dont know what you say in those 2 last replys of this post...

 

Answering about the configuration that you show me i do all the things that you do. But i have some issues...

 

First: The report dont show the computer's names

Second: Despite i do this the report doesn't do anything is in blank... (I assing the policy to the computers btw).

 

And a question... The GUI you show is different that my GUI i use thats because i have another ERA or its Only for you???.

 

How can i attach those images in my post so i can show it to you?? I dont want to put a link everytime i want to show some pic hahahha

 

Thanks for the reply!! and sorry for my late answer!!!

Link to comment
Share on other sites

  • ESET Staff
  • Solution

If you are using ESET Endpoint Antivirus, there is currently no way, how to achieve monitoring of blocked webpages by ESET Endpoint Antivirus.

The report template shown by me, works only for ESET Endpoint Security, as that only uses the Webcontrol functionality.

ESET Endpoint Antivirus does not have Webcontrol in it.

Concerning the question about the different UI, I am using ERA 6.5 in my testing environment. This version is not yet generally available, but we are preparing for the release in the early Q1/2017 (by the end of January).

About adding pictures, you can click on "More reply options" in the footer of your response, browse for a file by clicking "browse" and then attaching the file and publishing reply.

post-35-0-87066300-1481733619_thumb.png

Edited by MichalJ
Link to comment
Share on other sites

Thanks for the reply and your answer now i know the reason that i can't see the reports of those things...

 

And thanks for the tip about the attach images.

 

Plz end this topic i am very gratefull about all of your help thanks again!!!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...