Jump to content

How To Monitor Websurfing From Clients?

Recommended Posts

Hi there,


Thanks for looking at this topic. I've been going through the official documentation of ERAC, but I couldn't find any answer to my question. Well, as a company, we would like to monitor and obtain a report about the websites that our users are visiting, however there is no solution for this.


Is it possible to obtain a report about the visited websites per machine or per ESET client?


And, is it possible to configure it on the dashboard of the ERAC?


Thanks in advance for your reply.

Link to comment
Share on other sites

ERAC logs the following information when using Web control :
Logs and reporting
  • Time
  • Account
  • Group
  • URL
  • Matching URL
  • Category
  • Action performed


Keep in mind, web control only works when your clients have ESET Endpoint Security installed. Not Endpoint antivirus.


In addition, it appears that only information regarding blocked sites that you have created rules for will be submitted and recorded by ERAC.

Websites that are not listed under a category or rule will not show up. (Normal web traffic).

See attached picture.







Link to comment
Share on other sites

  • 3 months later...

Not sure if you found your answer or not, but i thought I'd throw my 2 cents in.


You can monitor all web traffic by creating a rule for each category and add which logging level (severity column) should be attached to those rule actions. You'll need to scroll the window to the right to see the log level selection or increase the window size. I've attached an image of what I use - Web Rules Editor.png. This way, all web browsing done by a user is logged, with blocked sites showing as a Warning and allowed sites as Informational.


Now, from the ERA, set the Web Control Log to collect logs at Level 3 or Normal log entries and above. I've attached an image of that as well - Web Log Level.png. This will display all web traffic passing through each client and the category rule that affected that traffic.


BE WARNED!!!! This will create a HUGE load on your database and will slow the ERA down if you try browsing for a large number of events. What I recommend is filtering at the ERAC level for warnings only so you can see blocked content without bogging the console itself down, but the data is there if you need a report. 


With this configuration, I was able to replace a Websense Content Proxy for a 250 client organization and save the company a bundle.




Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...