iprism Reports Glossary Index

Similar documents
Reporting Guide V7.0. iprism Web Security

Reporting Guide - V8.1

WavecrestCyfin. Employee Forensic Web-Use Reporting Tool. ManagerAccountGuide. Version

Style Report Enterprise Edition

ZENworks Reporting System Reference. January 2017

CIC Scheduled Reports

ScholarOne Manuscripts. COGNOS Reports User Guide

ORACLE USER PRODUCTIVITY KIT USAGE TRACKING ADMINISTRATION & REPORTING RELEASE SERVICE PACK 1 PART NO. E

Netsweeper Reporter Manual

ClientNet Admin Guide. Boundary Defense for

ZENworks Reporting Beta System Reference. December 2015

Introduction to Cognos

OPS Webportal User Guide - Reporting v.2.1

Batch Scheduler. Version: 16.0

Table of Contents. Contents. 1 Introduction. 2 The Main Menu Notification Popups. 9 Service Calendar. 12 Generating Reports ...

Table of Contents. Contents. 1 Introduction. 2 The Main Menu Step #2 - PM Schedule. 8 Notification Popups. 9 Service Calendar

CCRS Quick Start Guide for Program Administrators. September Bank Handlowy w Warszawie S.A.

WebEx Meeting Center User Guide


Explore. American Express. User Guide

ASTRA USER GUIDE. 1. Introducing Astra Schedule. 2. Understanding the Data in Astra Schedule. Notes:

Report Commander 2 User Guide

Contents. Table of Contents Introduction. The Main Menu...1 The Fleet Manager...2. Viewing the Maintenance...16 Generating Reports...

SAS Web Report Studio 3.1

Web Report Library User Guide

WebEx Meeting Center User Guide

RONA e-billing User Guide

These pages will help you get started with the Mazda Web Report System. Use the following options to find the information you need:

Tyler Dashboard. User Guide Version 6.3. For more information, visit

COGNOS (R) 8 COGNOS CONNECTION USER GUIDE USER GUIDE THE NEXT LEVEL OF PERFORMANCE TM. Cognos Connection User Guide

FIREFOX MENU REFERENCE This menu reference is available in a prettier format at

About External Calendar Integration. Recurring Events are Not Currently Imported. Calendar Sync Based on Refresh Interval. Adding an External Calendar

Working with Mailbox Manager

System Reference ZENworks Reporting 5 November 2013

Business Insights Dashboard

Aesop QuickStart User Guide for Campus Users

TeamViewer Manual Manager

The PCC CIS etutorial to Outlook

Policy Commander Console Guide - Published February, 2012

RL6 - WORKING WITH REPORTS

BE Share. Microsoft Office SharePoint Server 2010 Basic Training Guide

LiveSTATS.XSP User Guide for ISP Clients

MyOffice Employee. User Guide Release 4.1

Universal Report Server User s Guide

Application Server Release 2015

Oracle Communications Performance Intelligence Center

Participant Training Guide

Advanced Application Reporting USER GUIDE

My Sysco Reporting Job Aid for CMU Customers. My Sysco Reporting. For CMU Customers (Serviced by Program Sales)

Outlook 2007 Web Access User Guide

N C MPASS. Getting Started. Version 6.8

Astra Schedule User Guide Scheduler

Cognos Connection User Guide USER GUIDE. Cognos (R) 8 COGNOS CONNECTION USER GUIDE

Outlook - an Introduction to Version 2003 Table of Contents

Designing Adhoc Reports

Altus Call Recording. Dashboard Admin User Guide. Document Version Maryland Way, Suite 300 Brentwood, TN Tel

USER GUIDE Time and Attendance User Administration Human Capital Management Suite

New User Orientation PARTICIPANT WORKBOOK

Activ! Coaching User Guide

Using Trend Reports. Understanding Reporting Options CHAPTER

Oracle User Productivity Kit Reports Management. E July 2012

Viewing Reports in Vista. Version: 7.3

Tyler Dashboard. User Guide Version 6.0. For more information, visit

Oracle Adaptive Risk Manager Online Dashboard and Reporting Guide

Query Studio Training Guide Cognos 8 February 2010 DRAFT. Arkansas Public School Computer Network 101 East Capitol, Suite 101 Little Rock, AR 72201

General Features Guide

Comodo One Software Version 3.26

The following topics describe how to work with reports in the Firepower System:

Propel PRO User Guide

KYOCERA Net Viewer User Guide

JUMP START GUIDE FOR REGULAR USERS

Easy Time Control Training Manual

Service Desk Staff Guide. Software version 4.16 Guide version ITarian 1255 Broad Street Clifton, NJ 07013

for Q-CHECKER Text version 15-Feb-16 4:49 PM

User Interface Document version

Business Intelligence for MYOB User Manual v3.3

University of North Dakota PeopleSoft Finance Tip Sheets. Utilizing the Query Download Feature

INSTITUTE BUSINESS SYSTEMS IMSS COGNOS REPORT STUDIO GUIDE

Dreamweaver MX The Basics

eschoolplus+ Cognos Query Studio Training Guide Version 2.4

Tellus EVV Introduction and Dashboard TRAINING REFERENCE GUIDE

Managing Reports, Dashboards, and Views

Primo Analytics Workshop. BIBSYS Konferansen 20 March 2018

City College of San Francisco Argos Training Documentation

Kerio Control. User Guide. Kerio Technologies

Contents. User's Guide

Comodo Antispam Gateway Software Version 2.1

INSERVICE. Version 5.5. InService Easily schedule and monitor attendance for your training programs, even at remote locations.

Oracle Communications Performance Intelligence Center

Microsoft Outlook 2003 Microsoft screen shots used in accordance with Microsoft rules to be viewed at URL

ORACLE USER PRODUCTIVITY KIT KNOWLEDGE CENTER: REPORTS MANAGEMENT RELEASE 11.0 PART NO. E

ACTIVE Net Insights user guide. (v5.4)

2007, 2008 FileMaker, Inc. All rights reserved.

Public-Private Dialogue

The One Net ACH. User Guide. January 2005

GFI WebMonitor 2009 ReportPack. Manual. By GFI Software Ltd.

Admin Reporting: Citation Reporting

Scheduling WebEx Meetings with Microsoft Outlook

Intellicus Enterprise Reporting and BI Platform

Portal Integration Kit User s Guide for Microsoft SharePoint

Transcription:

Table Of Contents Starting the Reports Manager... 2 Using the Reports Manager... 5 Quick start shortcuts... 6 Navigation menu... 6 Creating and editing reports... 7 Creating a new report... 7 About reports... 7 New Report Wizard... 7 Choosing a report type... 9 Report types... 10 Choosing report grouping... 12 Web Statistics groups... 13 Web Hourly Statistics groups... 13 IM/P2P Statistics groups... 14 Choosing report sorting... 16 Sorting options... 16 Group-sensitive sorting... 18 Choosing report search criteria... 21 Search criteria for the Web Detailed report type... 22 Search criteria for the Web Statistics and Web Hourly Statistics report type... 24 Search criteria for the Web Top report type... 26 Search criteria for the IM/P2P Detailed report type... 29 Search criteria for the IM/P2P Statistics report type... 31 Finishing the report... 34 Editing a report... 36 Deleting a report... 39 Running and viewing reports... 41 Running a report... 41 Run in Background... 42 Choosing a report to run... 43 Choosing the report date range... 46 Viewing a report... 49 Sorting a report... 51 Drilling down in a report... 52 Drill-down options... 52 First drill-down level... 52 ii

Table Of Contents Second drill-down level... 53 Multiple tabs... 54 Saving a generated report... 56 Scheduling reports... 58 Creating a report schedule... 58 Choosing a report to schedule... 59 Choosing scheduling options... 61 Editing a report schedule... 63 Deleting a report schedule... 65 Monitoring in real time... 67 Using the Real-time Monitor... 67 Web monitor settings... 68 IM/P2P monitor settings... 69 Starting the Real-time Monitor... 70 Editing Real-time Monitor settings... 73 Samples... 74 Sample Web Detailed report... 74 Sample Web Statistics report... 76 Sample Web Hourly Statistics report... 79 Sample Web Top report... 82 Sample IM/P2P Detailed report... 84 Sample IM/P2P Statistics report... 85 Tutorials... 87 What is happening on the network today?... 87 Scenario... 87 First step: What's happening on the system today?... 87 Second step: Drill down to investigate... 90 Third step: Create a local block... 93 Is this employee abusing access privileges?... 100 Scenario... 100 First step: Find out the details of Chris's web use... 100 Second step: Drill down on suspicious URLs... 103 How are different offices using the network?... 104 Scenario... 104 First step: Create a Web Statistics report for each office... 104 Second step: Schedule and deliver each report... 108 Support... 110 Frequently asked questions... 110 Troubleshooting... 111 iii

iprism Reports Glossary... 112 Index... 113 iv

Welcome to iprism Reports iprism reports provide quick access to essential information that can help your company achieve its Internet filtering goals. iprism s Reports Manager contains predefined, commonly needed reports that give you the visibility you need, such as knowing who was visiting what site, and when. You can also create your own custom reports. Reports draw from a database that can hold up to 120 million records, including Instant Messaging, Peer-to-Peer, and URL events. iprism 4.1 provides an enhanced, Java2-based reporting interface that retains all the classic functionality of previous versions while providing important new features such as: Copyright The ability to report on Instant Messaging (IM) and Peer-to-Peer (P2P) network use Real-time, graphical status monitoring An easy-to-use Report Wizard Drill-down ability in text reports Support for multiple simultaneous users of the Reports Manager The ability to run reports immediately or schedule them to run later in batch mode The ability to export graphic and text reports in PDF format; text reports can also be exported as text files or as comma-separated data, suitable for use in Microsoft Excel or Crystal Reports 1

Starting the Reports Manager You can launch the Reports Manager from within the Appliance Manager or from the web-based administration menu. Multiple users may use the Reports Manager at the same time. Every report user has access rights that determine what information they can see. iprism administrators can associate report users with the following levels of access: Full Access to information about a certain profile (e.g., BlockOffensive) Access to information about a certain IP address range (e.g., the Marketing subnet) Users with limited access can only generate reports on the authorized information. To log in to the Report Manager: 1. Open the Appliance Manager. 2

Starting the Reports Manager 2. Double-click the iprism icon and select Reports Manager from the context menu. 3. Enter your iprism Reports user name and password and click OK. Wait a few moments for the Reports Manager to start up. 3

iprism Reports 4

Using the Reports Manager The Reports Manager contains all of iprism's reporting features. You can create and customize reports, define the grouping and sorting, select the deliverable format, and schedule reports for later use. There is no longer a separate Report Options page; options are now part of the Reports Manager interface. The Reports Manager opens on the Welcome to iprism Reports screen, which provides a brief description of the reporting system. It also explains how to navigate using the Quick Start shortcuts and the Navigation menu. Each screen in the Reports Manager contains instructions on how to use it. This help system provides more in-depth explanation of the options and how to combine them to create the reports you want. Sample reports and tutorials provide extra illustration. 5

iprism Reports Quick start shortcuts The Welcome screen provides shortcuts to four common tasks: Create a report, which launches the New Report Wizard, where you can create, run, and/or schedule a report Run a report, which enables you to run and view an existing report Schedule a report, which launches the Schedule Report Wizard, where you can schedule reports and set delivery options Exit, which closes the application Navigation menu The Navigation menu in the left sidebar provides quick access to the different areas of the reporting system: Reports, which enables you to create, run, view, edit, and delete reports Scheduler, which enables you to create, edit, and delete report schedules Real-time Monitor, which enables you to monitor web and IM/P2P use in real time, and to edit your monitoring configuration 6

Creating and editing reports Creating a new report About reports iprism comes with predefined reports, one for each report type. You can use these as is, create new ones based on them, or create new ones from scratch as described below. A report is simply a description of what you want information about. It does not include a schedule, a command to run itself, or information about what to do with it after you run it. You define these things using the Run and Schedule features. There are two ways to create a report in the Reports Manager: From the Quick start shortcuts on the Welcome page From the Reports screen, which you access by clicking Reports in the Navigation menu Both launch the same New Report Wizard. However, the Reports screen also provides options such as editing, running, and deleting reports. Note: If you are using partitions for your iprism, the reports you create/run only show data for the partitions on which you are delegated with administrative or reporting rights. New Report Wizard The New Report Wizard is a multi-tab interface for creating reports. The first tab explains how to use the wizard. Note: This page provides a brief overview of the procedure. The remaining tabs in this section explain in detail how to fill in each page. To create a report: 1. Do one of the following: Click Create a report in the Quick starts shortcuts section of the Welcome screen. Click Reports in the Navigation menu, and then click Create New Report. The New Report Wizard appears. 7

iprism Reports 2. Select one of these options: Create a new report from scratch. Create a new report based on a pre-existing report. Clicking this option allows you to select an existing report from the drop-down list box beneath it. 3. Click Next to go to the next tab. On each tab, select the options you want for your report, then click Next to go to the next tab. The Grouping tab is only available for the Web Statistics and IM/P2P Statistics report types. The Sorting tab is available for the Web Statistics, IM/P2P Statistics, and Web Detailed reports. This help system explains the options on each tab and the ways you can combine them to get what you need. For sample reports and tutorials on assembling some of the more powerful and popular reports, open the Samples and Tutorials books in the left sidebar of this help. 4. On the Finish tab, follow the instructions for naming and processing your report, then click Finish. 8

Creating and editing reports Choosing a report type Report types: Web Detailed Web Statistics Web Hourly Statistics Web Top Accessed IM/P2P Detailed IM/P2P Statistics Use the Type tab to select the report type. This determines the general type of information that goes into your report: web access statistics, IM/P2P use, top-access lists, and so on. iprism provides several main report types, described in the following table. If you choose Web Statistics, Web Hourly Statistics, or IM/P2P Statistics, you can choose grouping and sorting options. When you choose the Web Detailed, you can choose sorting options. For any other report type, the Grouping and Sorting tabs will be inactive. 9

iprism Reports Report types Report type Web Detailed Web Statistics Web Hourly Statistics Description Provides the same data as the Real-time Monitor, showing all web accesses that have occurred in the system. The Web Detailed report can take a considerable amount of time to run, due to the level of detail it provides. For each web access, the report lists: Date and time IP address User name Profile Action Bandwidth Rating URL Summarizes the data provided in the Web Details report. This report usually runs quickly. Drill-down options enable you to obtain more data on any record. The report lists: Actions taken Number of hits Number of pages Bandwidth used Duration (time spent) Provides an hourly breakdown of web access statistics. The report summarizes: Actions taken Number of hits Number of pages Bandwidth used Duration (time spent) broken down by hour 10

Creating and editing reports Web Top IM/P2P Detailed IM/P2P Statistics Lists the top 100 web domains or hosts by requests, bandwidth, duration, or pages. This report takes more time to generate than the others, as it requires more analysis. Provides the same sort of data as the Web Detailed report for Instant Messaging and Peer-to-Peer (IM/P2P) use, but with fewer entries. For each IM/P2P access, the report lists: Date and time IP address User name Profile Protocol Action Provides the same sort of data as the Web Statistics report for Instant Messaging and Peer-to-Peer (IM/P2P) use. The report can group access incidents by protocol, IP address, or profile and summarize the actions taken (passed or blocked). 11

iprism Reports Choosing report grouping Web Statistics groups: Category Category and user name Category and IP address Category and profile User name User name and category IP address IP address and category Profile Profile and category Web Hourly Statistics groups: Hour Hour and User Name Hour and IP Address Hour and Profile IM/P2P Statistics groups: Protocol Protocol and IP Address Protocol and Profile User name IP Address IP Address and Protocol Profile Profile and Protocol If you chose Web Statistics, Web Hourly Statistics, or IM/P2P Statistics for your report type, use the Grouping tab to organize your report data. For example, if you choose the Web Statistics report type, and then group it by Category, then the report will contain a section on web statistics broken down by filtering category. 12

Creating and editing reports Web Statistics groups If you select the Web Statistics report type, you can group the data in the following ways: Group Category Category and User Name Category and IP Address Category and Profile User Name User Name and Category IP Address IP Address and Category Profile Profile and Category Description Breaks down the report data into the filtering categories that you selected for blocking or monitoring. St. Bernard uses an iguard database to assign web sites to categories such as business, recreation, and questionable. You can then control access to these categories. For each category, breaks out activity by user name. For each category, breaks out activity by IP address. For each category, breaks out activity by profile. Breaks out activity by user name. For each user name, breaks out activity by category. Breaks out activity by IP address. For each IP address, breaks out activity by category. Breaks out activity by profile. For each profile, breaks out activity by category. Web Hourly Statistics groups If you select the Web Statistics report type, you can group the data in the following ways: 13

iprism Reports Group Hour Hour and User Name Hour and IP Address Hour and Profile Description For each hour, shows total usage. For each hour, breaks out activity by user name. For each hour, breaks out activity by IP address. For each hour, breaks out activity by profile. IM/P2P Statistics groups If you select the IM/P2P Statistics report type, you can group the data in the following ways: Group Protocol Protocol and IP Address Protocol and Profile User Name IP Address IP Address and Protocol Description For each IM/P2P access, breaks out activity by protocol. Shows which IM/P2P protocols people are using at your site. IM/P2P protocols include, but are not limited to, AIM, MSMessenger, and Yahoo. For each IM/P2P protocol, breaks out activity by IP address. Shows who is using each IM/P2P protocol. For example, you might find that MSMessenger is very popular, but no one uses Kazaa. For each IM/P2P protocol, breaks out activity by profile. Shows which groups (profiles) are using each IM/P2P protocol. For each IM/P2P access, breaks out activity by user name. Shows which user names are using IM/P2P. For each IM/P2P access, breaks out activity by IP address. Shows which workstations (IP addresses) are using IM/P2P. For each IP address, breaks out activity by protocol. Shows which workstations (IP addresses) are using 14

Creating and editing reports IM/P2P, and indicates the type of use. This tells you if certain workstations have heavy IM/P2P use, and tells you specifically what type of use. Profile Profile and Protocol For each IM/P2P access, breaks out activity by profile. Shows which profiles are using IM/P2P. This may give you ideas on how to refine profile descriptions. For example, you might find that a certain group of people use IM for legitimate work purposes, such as communicating with clients, and decide to authorize that use. For each profile, breaks out activity by protocol. Shows whether profiles have similar or different patterns of IM/P2P use. 15

iprism Reports Choosing report sorting Sorting options: Bandwidth Blocked Category Duration Hits Hour IP Address Overridden Override Initiated Pages Passed Profile Protocol User Name If you chose Web Detailed, Web Statistics, Web Hourly Statistics, or IM/P2P Statistics for your report type, use the Sorting tab to arrange your report data. Note: Some sorting options are group-sensitive. Sorting options 16

Creating and editing reports Sorting options (in alphabetical order) Action Bandwidth Blocked Description Sorts by the action iprism took in response to the access attempt (pass, block, override, override initiated) Sorts by the number of bytes transferred, from most to least Lists incidents where access to a URL has been blocked, before listing successful attempts Benefit Identify the actions being taken Highlights heavy usage patterns Highlights attempts to access prohibited websites Category Sorts by filtering category Shows the types of sites users access Date & Time Duration Hits Sorts by when the access occurred Sorts by the amount of time people spent on a given activity (Internet, IM, P2P), from most to least Note: This is calculated using a heuristic, and is not an absolute measurement Sorts by the number of HTTP requests performed, including images and other requested formats Shows the events as they occurred chronologically Shows where users spend most of their time Identifies the most popular sites Hour Sorts by the hour of day Highlights hourly activity trend(s) IP Address Overridden Override Initiated Sorts by the IP address of the requesting workstation Lists overrides first; that is, incidents where an access event was originally blocked, but then successfully overridden Lists all access attempts that have been blocked and for which users have requested Shows patterns of use for each workstation Shows how many overrides occurred in the system Highlights sites that users particularly want to access; however, not all users have 17

iprism Reports Pages Passed Profile overrides Sorts by the number of HTTP requests performed for actual pages (HTML or plain text) Lists allowed access attempts before listing blocked access attempts Sorts by the name of the active filtering profile that caused the activity to be blocked or monitored the ability to request overrides Identifies the most popular sites Shows the amount of permitted activity going on Shows patterns of use for each profile you defined Protocol Sorts by IM/P2P protocol Shows patterns of use for each IM/P2P protocol Rating URL Sorts by the rating category such as entertainment or business Sorts by the URL being accessed Shows the type of sites users access Shows the sites users access User Name Sorts by user name Shows patterns of use for each individual user Group-sensitive sorting Sorting options vary slightly depending on how you grouped your data. Typically, the first sorting option varies by group, and the remaining sorting options are standard. Web Statistics sorting Group Category User Name and Group-sensitive sorting option Category Standard sorting options Passed 18

Creating and editing reports Category IP Address and Category Profile and Category Category and User Name User Name Category and IP Address IP Address Category and Profile Profile User Name IP Address Profile Blocked Overridden Override Initiated Hits Pages Bandwidth Duration Web Hourly Statistics sorting Group Hour Hour and User Name Hour and IP Address Hour and Profile Group-sensitive sorting option Hour User Name IP Address Profile Standard sorting options Pass Passed Blocked Overridden Override Initiated Hits Pages Bandwidth Duration IM/P2P Statistics sorting 19

iprism Reports Group Protocol User Name IP Address and Protocol Profile and Protocol User Name Protocol and IP Address IP Address Protocol and Profile Profile Group-sensitive sorting option Protocol User Name IP Address Profile Standard sorting options Passed Blocked 20

Creating and editing reports Choosing report search criteria Use the Criteria tab to specify search options for this report. For example, you could create a report that highlights activity in one particular profile, or that focuses only on a certain set of categories. The default settings include all data. The options on the Criteria tab vary by report type. Select your report type from the following list to learn about the associated search criteria: Web Detailed Web Statistics and Web Hourly Statistics Web Top IM/P2P Detailed IM/P2P Statistics 21

iprism Reports Search criteria for the Web Detailed report type Contents: Action Category Include Media IP Address Range Profile URL Pattern User When you select the Web Detailed report type, you can search on the following criteria. The criteria are additive, meaning that the data in the report reflects all the criteria, not just one. For example, if you restrict the report to a certain range of IP addresses and a given filtering category, then the report will only contain data for activity in that category originating from those IP addresses. It will not contain activity originating from those IP addresses in other categories, or activity in those categories by other IP addresses. Search criteria (in alphabetical order) Action Definition Returns data on the following types of access attempts: 22

Creating and editing reports All (default) Passed: all accesses that are permitted in your system Blocked: all accesses that are blocked in your system Overridden: all accesses that were blocked and then overridden by the user Override Initiated: all accesses that were blocked and to which the user requested access Category Include Media IP Address Range Profile URL Pattern User Returns data on the category or categories you select. The default is all categories. Returns the images, scripts, style sheets, and other things included on the page. Returns data on the range of IP addresses that you enter. The default is all IP addresses. Entering an IP address enables you to get information on a single workstation. Returns data on the following profiles: All (default) Block offensive: profiles that are not allowed to view sites that contain pornography, profanity, violence, bomb-making, and other topics that are deemed offensive Pass all: profiles that are allowed to view any site without restriction (browsing is monitored) (Any user-defined profiles created in your company to which you have access) Does a partial search and returns URLs that match the words you enter. For example, if you enter "playboy.com," it returns all pages in the playboy.com domain. It also includes all substring matches, such as www.playboy.com. Returns data on a certain user name. The default is all users. If you do not know the user name of the person whose activity you wish to check, try entering their IP address. Return to main search criteria topic 23

iprism Reports Search criteria for the Web Statistics and Web Hourly Statistics report type Contents: Category IP Address Range Profile User When you select the Web Statistics or Web Hourly Statistics report type, you can search on the following criteria. The criteria are additive, meaning that the data in the report reflects all the criteria, not just one. For example, if you restrict the report to a certain range of IP addresses and a given filtering category, then the report will only contain data for activity in that category originating from those IP addresses. It will not contain activity originating from those IP addresses in other categories, or activity in those categories by other IP addresses. 24

Creating and editing reports Search criteria (in alphabetical order) Category IP Address Range Profile User Definition Returns data on the category or categories you select. The default is all categories. Searches on the range of IP addresses that you enter. The default is all IP addresses. Entering an IP address enables you to get information on a single workstation if you do not know the user name of the person who uses it. Returns data on the following profiles: All (default) Block offensive: profiles that are not allowed to view sites that contain pornography, profanity, violence, bomb-making, and other topics that are deemed offensive Pass all: profiles that are allowed to view any site without restriction (Any user-defined profiles created in your company to which you have access) Returns data on activity generated by a certain user. The default is all users. If you do not know the user name of the person whose activity you wish to check, try entering their IP address. Return to main search criteria topic 25

iprism Reports Search criteria for the Web Top report type Contents: Action Category Count IP Address Range Profile User When you select the Web Statistics or Web Hourly Statistics report type, you can search on the following criteria. The criteria are additive, meaning that the data in the report reflects all the criteria, not just one. For example, if you restrict the report to a certain range of IP addresses and a given filtering category, then the report will only contain data for activity in that category originating from those IP addresses. It will not contain activity originating from those IP addresses in other categories, or activity in those categories by other IP addresses. Search criteria (in alphabetical order) Definition 26

Creating and editing reports Action Category Count IP Address Range Profile User Returns data on the following types of access attempts: All (default) Passed: all accesses that are permitted in your system Blocked: all accesses that are blocked in your system Overridden: all accesses that were blocked and then overridden by the user Override Initiated: all accesses that were blocked and to which the user requested access Returns data on the category or categories you select. The default is all categories. Select from the following options: Top Domains by Requests (default) Top Domains by Bandwidth Top Domains by Duration Top Domains by Pages Top Hosts by Requests Top Hosts by Bandwidth Top Hosts by Duration Top Hosts by Pages Returns data on the range of IP addresses that you enter. The default is all IP addresses. Entering an IP address enables you to get information on a single workstation. Returns data on the following profiles: All (default) Block offensive: profiles that are not allowed to view sites that contain pornography, profanity, violence, bomb-making, and other topics that are deemed offensive Pass all: profiles that are allowed to view any site without restriction (browsing is monitored) (Any user-defined profiles created in your company to which you have access) Returns data on a certain user name. The default is all users. You may enter multiple user names, separated by commas. If you do not know the user name of the person whose 27

iprism Reports activity you wish to check, try entering their IP address. Return to main search criteria topic 28

Creating and editing reports Search criteria for the IM/P2P Detailed report type Contents: IP Address Range Profile Protocols User When you select the IM/P2P Detailed report type, you can search on the following criteria. The criteria are additive, meaning that the data in the report reflects all the criteria, not just one. For example, if you restrict the report to a certain range of IP addresses and a given protocol, then the report will only contain data for activity in that protocol originating from those IP addresses. It will not contain activity originated from those IP addresses in other protocols, or activity in that protocol by other IP addresses. Search criteria (in alphabetical order) IP Address Range Definition Returns data on the range of IP addresses that you enter. The 29

iprism Reports default is all IP addresses. Entering an IP address enables you to get information on a single workstation. Profile Protocols User Returns data on the following profiles: All (default) BlockIMP2P: profiles that are blocked from using any Instant Messaging or Peer-to-Peer services BlockP2P: profiles that are blocked from using any Peer-to-Peer services PassIMP2P: profiles that are allowed to use Instant Messaging and Peer-to-Peer services (Any user-defined profiles created in your company to which you have access) Returns data on the protocol or protocols you select. The default is all protocols. IM protocols include: AIM MSMessenger Yahoo Google P2P protocols include: Kazaa edonkey BitTorrent Gnutella Filetopia WinMX DirectConnect WASTE itunes Returns data on a certain user name. The default is all users. You may also enter multiple user names separataed by commas If you do not know the user name of the person whose activity you wish to check, try entering their IP address. Return to main search criteria topic 30

Creating and editing reports Search criteria for the IM/P2P Statistics report type Contents: IP Address Range Profile Protocols User When you select the IM/P2P Details report type, you can search on the following criteria. The criteria are additive, meaning that the data in the report reflects all the criteria, not just one. For example, if you restrict the report to a certain range of IP addresses and a given protocol, then the report will only contain data for activity in that protocol originating from those IP addresses. It will not contain activity originating from those IP addresses in other protocols, or activity in that protocol by other IP addresses. Search criteria (in alphabetical order) IP Address Range Definition Returns data on the range of IP addresses that you enter. The 31

iprism Reports default is all IP addresses. Entering an IP address enables you to get information on a single workstation if you do not know the user name of the person who uses it. Profile Protocols User Returns data on the following profiles: All (default) BlockIMP2P: profiles that are blocked from using any Instant Messaging or Peer-to-Peer services BlockP2P: profiles that are blocked from using any Peer-to-Peer services PassIMP2P: profiles that are allowed to use Instant Messaging and Peer-to-Peer services (Any user-defined profiles created in your company to which you have access) Returns data on the protocol or protocols you select. The default is all protocols. IM protocols include: AIM MSMessenger Yahoo Google P2P protocols include: Kazaa edonkey BitTorrent Gnutella Filetopia WinMX DirectConnect WASTE itunes Returns data on a certain user name. The default is all users. You may also enter multiple user names separataed by commas If you do not know the user name of the person whose activity you wish to check, try entering their IP address. 32

Creating and editing reports Return to main search criteria topic 33

iprism Reports Finishing the report Use the Finish tab to save, share, run, or schedule your report. To finish the report: 1. Once you finish creating your report, click the Finish tab. The Finish New Report screen appears. 2. If you plan to save or schedule this report, enter a title in the text box. The title must be unique within this report user account. Other report users may create reports with the same titles. 3. Select Yes or No to indicate whether this report should be shared. If you select Yes, the report will appear the next time other report users log in. 34

Creating and editing reports 4. Select one of the following options for the report: Save this report. I will run it later. Save and run this report now. If you select this option, the Choose Date Range dialog box opens. Save and schedule this report to run at a later date. If you select this option, the Choose Scheduling Options dialog box opens. Run this report now without saving. If you select this option, the Choose Date Range dialog box opens. The report settings will not be saved. If you want to rerun the report, you must redefine it. 5. Click Finish. 35

iprism Reports Editing a report You can edit any of the user-defined reports that have been created on your system. Predefined reports cannot be edited. If you select one, the Edit Report button remains inactive. To edit a report: 1. Click Reports in the Navigation menu. 2. Select a report from the list. The meaning of the columns is as follows: Name: The report title. If this is a user-defined report, you defined the title in the Finish tab of the New Report Wizard. Type: The report type. For more information, see the Choosing a report type section. Owner: The report user who created the report. "Predefined" indicates a report that was built into iprism. 36

Creating and editing reports 3. If you have a long list of reports, you may want to use the Filter box. When you type a string into the Filter box, such as "Statistics," the report list automatically filters down to only those reports that contain the word "Statistics" in the Name, Type, or Owner column. To clear the filter and see the whole list again, click the eraser button ( ) to the left of the box. 4. Click Edit Report. The Editing Report dialog box appears and shows the settings that currently define the report. The contents of the dialog box depend on the report type. The following example shows a Web Statistics report: Note: You cannot edit a predefined report. 5. Type or select new values in any of the rows that you want to change. To learn more about any of the rows, go to: Finishing the report for Report Title and Share Report information Choosing a report type for Report Type information 37

iprism Reports Choosing report grouping for Grouping information Choosing report sorting for Sorting information Choosing report search criteria for Criteria information 6. To exit the Editing Report dialog box and use the New Report Wizard instead, click Use Wizard. If you do this, you must finish editing the report in the wizard, or come back to the Editing Report dialog box from the Reports screen. 7. When you finish editing the report in the Editing Report dialog box, click Save. 38

Creating and editing reports Deleting a report You can delete any of the user-defined reports that have been created on your system. Predefined reports cannot be deleted. If you select one, the Delete Report button remains inactive. When you delete a report, any associated schedules will be deleted also. To delete a report: 1. Click Reports in the Navigation menu. 2. Select a report from the list. The meaning of the columns is as follows: Name: The report title. If this is a user-defined report, you defined the title in the Finish tab of the New Report Wizard. Type: The report type. For more information, see the Choosing a report type section. 39

iprism Reports Owner: The report user who created the report. "Predefined" indicates a report that was built into iprism. 3. If you have a long list of reports, you may want to use the Filter box. When you type a string into the Filter box, such as "Statistics," the report list automatically filters down to only those reports that contain the word "Statistics" in the Name, Type, or Owner column. To clear the filter and see the whole list again, click the eraser button ( ) to the left of the box. 4. Click Delete Report. A confirmation dialog box appears. Note: You cannot delete a predefined report. 5. Click OK to delete the report. Any associated schedules will also be deleted. Warning: There is no undo function. 40

Running and viewing reports Running a report To run a report: 1. Do one of the following: Click Run a report in the Quick start shortcuts on the Welcome page. Use the tabbed interface to choose the report, and then choose the date range. Click Reports in the Navigation menu. Choose a report on the Reports screen, and then click Run Report. Next, the Choose the Date Range dialog box appears. After creating a report, select either Save and run this report now or Run this report now without saving on the Finish tab. iprism opens a Choose the Date Range dialog box for the report you just created. 1. Refer to the following pages for instructions on how to choose a report and choose the date range. 41

iprism Reports Run in Background If you want the report to run in the background and be delivered to you when it is complete, click Run in Background. Run in background reports are one-time reports. They can report against a custom date/time, as apposed to a scheduled report that is run daily, weekly, or monthly. Run in background reports can be delivered via e-mail or ftp, in PDF or CSV formats. Select the date the Run in background report should collect data for, or enter a custom date range. Select the delivery method of the Run in background report. Select the desired format of the Run in background report. Click Run to start running the report. The report will be delivered once it is complete. The Administrator can view the status of the reports scheduled to run in the background in the Schedule screen. The report type is listed as "one-time" as opposed to a periodic report, such as daily, weekly, or monthly. Click the 'Refresh' button to update and view the current status of all scheduled reports. 42

Running and viewing reports Choosing a report to run To choose a report: 1. Do one of the following: Click Run a report in the Quick starts shortcuts section of the Welcome screen. The Choose a Report to Run and View screen appears. Click Reports in the Navigation menu. The Reports screen appears. 43

iprism Reports Note: Although these screens are different in some respects, they both contain a list of reports to choose from, and a filter that lets you narrow down the selection. For the purposes of choosing a report, they work basically the same way. 2. Select a report from the list. The meaning of the columns is as follows: Name: The report title. If this is a user-defined report, you defined the title in the Finish tab of the New Report Wizard. Type: The report type. For more information, see the Choosing a report type section. Owner: The report user who created the report. "Predefined" denotes a report that was built into iprism. 3. To view a subset of the reports, use the Filter box. Type a string into the Filter box, such as "Statistics," to automatically filter the list to show reports that contain that string in any column. To clear the filter and see the whole list again, click the eraser button ( ) to the left of the box. 4. Do one of the following: If you started from the Quick start shortcut, click Next to choose the date range. 44

Running and viewing reports If you started from the Reports screen, click Run & View Report to choose the date range. 45

iprism Reports Choosing the report date range Contents: Today Yesterday Last Week Last Month Custom range To choose a date range: 1. Do one of the following: Click Run a report in the Quick starts shortcuts section of the Welcome screen. Choose a report, and then click Next. Click Reports in the Navigation menu. Choose a report, and then click Run & View Report. Create a report, and then select either Save and run this report now or Run this report now without saving on the Finish tab. Depending on which option you use, the screen you see will be slightly different, but the date options are the same. 46

Running and viewing reports 2. Select from the following options to choose the dates on which you want to report. Click Finish or Run to run the report. Reports may take several minutes to run. Note: If too many users are running reports at the same time, iprism puts your request into a queue and runs it as soon as possible. Today. The report includes information gathered since 12:00 AM on the current day. This is the only date range, other than the custom range, that includes today's data. Yesterday. The report includes information gathered between 12:00 AM and 11:59 PM yesterday. Last week. The report includes information gathered in the last calendar week. For example, if today is Thursday the 21st of April, this report would contain information from 12:00 AM on Sunday the 10th, through 11:59 PM on Saturday the 16th. 47

iprism Reports Last month. The report includes information gathered during the last calendar month. For example, if today is the 21st of April, this report would contain information from 12:00 AM on the 1st of March through 11:59 PM on the 31st of March. The system adjusts for different numbers of days in the month. For example, if today were the 31st of March, the report would begin on the 28th of February. Custom range. Enter a starting and ending date and time. Tip: Summary reports run much faster if you start and end on a day boundary. 48

Running and viewing reports Viewing a report After you run a report, it opens automatically in the iprism Report Viewer. iprism provides column sorting and drill-down functionality. The following image shows the first page of a Web Statistics report. 49

iprism Reports 50

Running and viewing reports Sorting a report In the Report Viewer, click the heading of any column to sort by that column. The current sort column is highlighted. 51

iprism Reports Drilling down in a report Contents: Drill-down options First drill-down level Second drill-down level Multiple tabs iprism text reports provide full drill-down functionality, so you can find out more information about any section of a report. Click any field to see drill-down options for that field. Drill-down options To drill down, click on the item you want to explore. A context menu appears and shows the drilldown options. For example, highlighting the Entertainment category on the sample Web Statistics report shows four drill-down options: User name: Lists each user's accesses to sites in the Entertainment category. IP address: Lists all accesses made to sites in the Entertainment category, by workstation (IP address). Profile: Lists all accesses made to sites in the Entertainment category, by profile. Details: Generates a Web Detailed report on accesses made to sites in the Entertainment category; this may take a while to run. First drill-down level 52

Running and viewing reports Select "entertainment" by User Name to open the following screen. It shows all accesses to entertainment sites, organized by user name. This shows that two users, George and Ross, are accessing the sites. Second drill-down level To find out which sites George is accessing, click his name and select details from the context menu. This generates a detailed report that lists every site in the entertainment category that George has accessed within the report date range. Click any URL to launch a browser window and see the site. 53

iprism Reports Multiple tabs Each drill-down screen opens on a new tab, so that you can easily jump back and forth. Click the X button in the tab itself to delete the tab. Note: If you delete the original report tab, you cannot reopen the report. You must regenerate it. 54

Running and viewing reports 55

iprism Reports Saving a generated report After generating a report, you can save it in PDF, CSV, or CSV w/headings format from the Report Viewer. If you have drilled down in the report, the Report Viewer saves the tab you are currently viewing. To save a report: 1. Click the Save button ( ) in the toolbar of the Report Viewer. 2. In the Save dialog box, enter the name of the report: 56

Running and viewing reports 3. Select the file type and click Save. 57

Scheduling reports Creating a report schedule The iprism scheduling tool lets you specify: When to run a report (daily, weekly, monthly) How to deliver it (email or FTP) How to format it (PDF, CSV, or CSV w/headings) Caution: If you turn the system off without shutting it down, it can affect the database. The database is restored on reboot, but reporting will not function during the restoration. To schedule a report: 1. Do one of the following: Click Schedule a report in the Quick start shortcuts on the Welcome page. The Schedule Report Wizard appears. Use the tabbed interface to choose a report, and then choose scheduling options. Click Scheduler in the Navigation menu, and then click Schedule Report. The Schedule Report Wizard appears. Use the tabbed interface to choose a report, and then choose scheduling options. After creating a report, select Save and schedule this report to run at a later date on the Finish tab. The Scheduling Options dialog box opens. 2. Refer to the following pages for instructions on how to choose a report and choose scheduling options. 58

Scheduling reports Choosing a report to schedule To schedule a report: 1. Do one of the following: Click Schedule a report in the Quick start shortcuts on the Welcome page. Click Scheduler in the Navigation menu, and then click Schedule Report. The Schedule Report Wizard appears. The Welcome tab explains how to use the interface. 2. Read the instructions and click Next. The Choose a Report to Schedule screen appears. 59

iprism Reports 3. Select a report from the list. The meaning of the columns is as follows: Name: The report title. If this is a user-defined report, you defined the title in the Finish tab of the New Report Wizard. Type: The report type. For more information, see the Choosing a report type section. Owner: The report user who created the report. "Predefined" indicates a report that was built into iprism. 4. To view a subset of the reports, use the Filter box. Type a string into the Filter box, such as "Statistics," to automatically filter the list to show reports that contain that string in any column. To clear the filter and see the whole list again, click the eraser button ( ) to the left of the box. 5. Click Next to choose scheduling options. 60

Scheduling reports Choosing scheduling options To choose scheduling options: 1. Do one of the following: Click Schedule a report in the Quick starts shortcuts section of the Welcome screen. Choose a report, and then click Next. Click Scheduler in the Navigation menu, and then click Schedule Report. Choose a report, then click Next. Create a report, and then select Save and schedule this report to run at a later date on the Finish tab. Depending on which option you use, the screen will be slightly different, but the scheduling options are the same. 2. Select one of the following scheduling options: Daily: The report runs between 2 and 11 PM every day. Weekly: The report runs between 2 and 11 PM every Sunday. 61

iprism Reports Monthly: The report runs between 2 and 11 PM on the first day of every month. Note: The report generator stops at 11 PM every day. If scheduled reports are not complete by then, you will see a message saying that the reports did not finish. 3. Select one of the following delivery options: Email: Enter the email address(es) of the person(s) to whom you want to send the report. Separate multiple addresses with a semi-colon. FTP: Fill in the FTP information as follows: FTP Host: Enter the FTP server host name. FTP Directory: Enter the directory on the FTP server. FTP User name and password: Enter a remote user name and password that has permission to connect to the FTP server. Warning: The FTP password you enter here is transmitted over the network "in the clear." Therefore, do not use a privileged account for the FTP dropbox. 4. Select one of the following formatting options: PDF: Saves the report in Portable Document File (PDF) format. CSV: Saves the report as a comma-separated text file, suitable for use in Excel, Crystal Reports, or WebTrends. CSV w/headings: Same as the CSV format, but also includes column name headings in the report. 5. Click Finish or OK. 62

Scheduling reports Editing a report schedule To edit a schedule: 1. Click Scheduler in the Navigation menu. The Scheduler appears. The list on the Scheduled Reports screen shows all the schedules that currently exist in the system. The meaning of the columns is as follows: Report: The report title When: The schedule interval (Daily, Weekly, Monthly) Owner: The user who created the schedule 2. To view a subset of the schedules, use the Filter box. Type a string into the Filter box, such as "Daily," to automatically filter the list to show schedules that contain that string in any column. To clear the filter and see the whole list again, click the eraser button ( ) to the left of the box. 63

iprism Reports 3. Click Edit Schedule. The Editing Reports dialog box appears and shows the settings that currently define the schedule. 4. Type or select new values in any of the rows that you want to change. To learn more about any of the rows, go to Choosing scheduling options. 5. If you want to exit the Editing Report dialog box and use the Schedule Report Wizard instead, click Use Wizard. If you do this, you must finish editing the schedule in the wizard, or come back to the Editing Report dialog box from the Scheduler screen. 6. When you finish editing the schedule in the Editing Report dialog box, click Save. 64

Scheduling reports Deleting a report schedule To delete a schedule: 1. Click Scheduler in the Navigation menu. The Scheduler appears. The list on the Scheduled Reports screen shows all the schedules that currently exist in the system. The meaning of the columns is as follows: Report: The report title When: The schedule interval (Daily, Weekly, Monthly) Owner: The user who created the schedule 2. To view a subset of the schedules, use the Filter box. Type a string into the Filter box, such as "Daily," to automatically filter the list to show schedules that contain that string in any column. To clear the filter and see the whole list again, click the eraser button ( ) to the left of the box. 3. Click Delete Schedule. A confirmation dialog box appears. 65

iprism Reports 4. Click OK to delete the schedule. Warning: There is no undo function. 66

Monitoring in real time Using the Real-time Monitor Web monitor settings: IP Address Range User Profile Action Include Media Category(s) IM/P2P monitor settings: IP Address Range User Profile Action Protocol(s) The Real-time Monitor lets you monitor web, Instant Messaging, and Peer-to-Peer access. It lists all activity on the system that is being monitored. Note: If you are using partitions, the "all profiles" options actually means only the profiles you are able to report on, based on your delegated partition(s). Note: Any activity that is not blocked or monitored, according to the governing profile, will not appear in the Real-time Monitor. To use the Real-time Monitor: 1. Click Real-time Monitor in the Navigation menu. The Real-time Monitor screen appears. This screen displays the current monitor settings, which are described below. 67

iprism Reports 2. Click one of the following buttons. The remaining pages in this section explain how to use each feature. Start Monitoring Edit Monitor Settings Web monitor settings Setting IP Address Range User Definition Shows the range of IP addresses you are monitoring Indicates whether you are monitoring one user or all users 68

Monitoring in real time Profile Action Include Media Category(s) Shows which profiles you are monitoring Shows which actions you are monitoring (all, passed, blocked, overridden, override initiated) If yes, all items accessed are monitored, including non-html pages such as images, style sheets, etc. Shows which filtering categories you are monitoring IM/P2P monitor settings The Real-time Monitor records Instant Messaging (IM) activity at connection and Peer-to-Peer (P2P) activity at startup. Setting IP Address Range User Profile Action Protocol(s) Definition Shows the range of IP addresses you are monitoring Shows which users you are monitoring Shows which profiles you are monitoring Shows which actions you are monitoring (all, passed, blocked) Shows which IM/P2P protocols you are monitoring 69

iprism Reports Starting the Real-time Monitor Monitor fields: Time Type User & IP Address Profile Action Rating/Protocol URL Bandwidth When you start the Real-time Monitor, a tabular screen appears and begins showing the monitored activity on your system. Like reports, the monitor can hold up to 25,000 entries at a time. When it reaches the limit, it deletes the oldest entries to make room for new ones. As activities appear on the monitor, you can see the bar scrolling. To stop the scrolling, doubleclick a site. To restart the scrolling, drag the vertical scroll bar all the way to the bottom. The meaning of the columns is as follows: Setting Definition 70

Monitoring in real time Time Type User & IP Address Profile Action Rating/Protocol URL Bandwidth When the access occurred The type of access: Web, IM (Instant Messaging), or P2P (Peer to Peer) The user name and IP address of the login and computer that initiated the request The profile controlling this access attempt The action iprism took in response to the access attempt (pass, block, monitor, override, override initiated) For internet access, this shows the rating category, such as entertainment or business For IM/P2P, this shows the protocol, such as AIM or Kazaa The URL being accessed The bytes required for this activity The meaning of the summary information at the bottom is as follows: Setting Requests Web IM/P2P Users Passed Blocked Overridden Override Initiated Definition The total number of events currently contained in the RTM Total number of Web events Total number of IM/P2P events The total unique user/ip address combinations contained in the RTM Total number of events passed Total number of events blocked Total number of events overridden Total number of events override initiated 71

iprism Reports Bandwidth The sum total of bandwidth for all events currently contained in the RTM To resize or move any of the columns: Click and drag using your mouse. To open a site: Double-click the URL. To view a subset of the activities: Use the Filter box. Type a string into the Filter box, such as "business," to automatically filter the list to all lines that contain that string in any column. To clear the filter and see the whole list again: Click the eraser button ( ) to the left of the box. 72

Monitoring in real time Editing Real-time Monitor settings To edit Real-time Monitor settings: 1. Click Real-time Monitor in the Navigation menu, and then click Edit Monitor Settings. The Editing Real-time Monitor Settings dialog box appears. 2. Type or select new values in any of the rows that you want to change. To learn more about any of the rows, go to Using the Real-time Monitor. 3. Click OK. 73

Samples Sample Web Detailed report The following image shows a snippet of a Web Detailed report. This report uses the default search criteria, reporting on the entire range of data in the system: The following image shows a snippet of the equivalent CSV file, opened in Excel: 74

Samples 75

iprism Reports Sample Web Statistics report The following image shows the first page of a Web Statistics report. This report uses the default grouping, sorting, and search criteria. This shows a closer view: 76

Samples The following image shows a snippet of the equivalent CSV file, opened in Excel: 77

iprism Reports 78

Samples Sample Web Hourly Statistics report The following image shows the first page of a Web Hourly Statistics report. This report uses the default grouping, sorting, and search criteria. 79

iprism Reports The following image shows a snippet of the equivalent CSV file, opened in Excel: 80

Samples 81

iprism Reports Sample Web Top report The following image shows a snippet of a Web Top report. This report uses the default search criteria, reporting on the entire range of data in the system: The following image shows a snippet of the equivalent CSV file, opened in Excel: 82

Samples 83

iprism Reports Sample IM/P2P Detailed report The following image shows a snippet of an IM/P2P Detailed report. This report uses the default search criteria, reporting on the entire range of data in the system: The following image shows a snippet of the equivalent CSV file, opened in Excel: 84

Samples Sample IM/P2P Statistics report The following image shows a snippet of an IM/P2P Statistics report. This report uses the default search criteria, reporting on the entire range of data in the system: The following image shows a snippet of the equivalent CSV file, opened in Excel: 85

iprism Reports 86

Tutorials What is happening on the network today? Contents: Scenario First step: What's happening on the system today? Second step: Drill down to investigate Third step: Create a local block Scenario This tutorial follows an imaginary iprism administrator, who checks to see what is happening on the network and finds something worth investigating. Note: The data in this scenario is imaginary and unlikely to be duplicated on your system. Follow along with the steps to learn how to perform this sort of investigation, but understand that the reports on your system will contain different data. First step: What's happening on the system today? You are an iprism administrator at an imaginary company. You run the Web Statistics report on a daily basis to get a high-level view of network traffic. The Web Statistics report shows the following information for each category, user name, IP address, profile, or combination thereof: Passed: Number of bytes passed Blocked: Number of bytes blocked Overridden: Number of bytes overridden Initiated: Number of bytes where the user requested an override Hits: Total hits, in bytes (equal to the sum of the previous four columns) Pages: The number of web pages accessed Bandwidth: Total bandwidth used, in bytes Duration: The length of time spent (HH:MM:SS) To run a Web Statistics report: 1. Click Welcome in the Navigation menu if it is not already selected, and then click Run a Report. The Choose Report screen appears. 87

iprism Reports 2. Select the predefined Web Statistics by Category report and click Next. The Choose the Date Range dialog box appears. 88

Tutorials 3. Select the appropriate date range and click Run. After a few moments, the Web Statistics report appears in the viewer. 89

iprism Reports It appears that people are spending an unusual amount of time on sports sites. Second step: Drill down to investigate You can drill down in the text portion of the report to get more data. To find out who's accessing sports sites: 1. Find the "sports" category in the report and click the category name. A context menu appears. 90

Tutorials 2. Select "sports" by Profile. This shows you if a certain group of people are disproportionately accessing this category. 91

iprism Reports The drill-down tab shows you that all the accesses are occurring within the Marketing profile. What are they doing? Is it work-related? Click Marketing and select details from the context menu. This generates a Web Detailed report for the Marketing profile in the Sports category. Note: Had you known this information in advance, you could have gotten the same data by creating a Web Detailed report and using the search criteria to limit the input data to the Marketing profile and Sports category. 92

Tutorials The Detailed report reveals that many individuals are downloading a sports bloopers movie. At 3 MB a pop, this adds up to a significant drain on network bandwidth. You decide that you do not need to block the whole sports category, but you do need to block this URL. Third step: Create a local block iprism lets you create local blocks, where you block a particular site that belongs to a nonblocked category. Similarly, you can create local allows, where you allow sites from blocked categories. To block the sports bloopers site: 93

iprism Reports 1. Either open a browser window, and enter the IP address of your iprism into the URL field (note that if the administrator has changed the default port setting to a value other than 80, you will need to specify a port (for example, 192.168.4.142:81)), -OR- Open the Appliance Manager and go to the Administrator main menu. 2. Click Block/Unblock Site. A login screen appears. 94

Tutorials 3. Log into the system. You do not need to use the master account; any privileged user can do this. The Filter Manager screen appears. 95

iprism Reports 4. Click Block/Unblock Site. 96

Tutorials 5. Enter the URL of the sports bloopers movie, and then click Next. 97

iprism Reports 6. Select a rating for this URL; in this case, Deny Access. Click Next. 98

Tutorials 7. Click Finish. Now the people in Marketing will have to get back to work! 99

iprism Reports Is this employee abusing access privileges? Contents: Scenario First step: Find out the details of Chris's web use Second step: Drill down on suspicious URLs Scenario You have reason to suspect that Chris has pirated software using company machines. This is a serious matter that requires immediate investigation. If it is true, you need documented evidence to present to your Human Resources department for appropriate follow-up. Note: The data in this scenario is imaginary and unlikely to be duplicated on your system. Follow along with the steps to learn how to perform this sort of investigation, but understand that the reports on your system will contain different data. First step: Find out the details of Chris's web use The first step is to run a Web Detailed report for Chris, within the dates when you suspect software piracy may have occurred. This gives you a detailed view of all the accesses during that time. The Web Detailed report lets you get specific information in a number of areas. For each access, the report shows: Date & Time of the access Rating category, such as health, finance, or sports IP address of the machine from which the access occurred; one user might access the web from multiple computers, and therefore have multiple IP addresses User name, which will be the same for all rows in this report URL of the web site the user accessed Profile governing the user's account Action taken by iprism: blocked, passed, overridden, or override initiated Bandwidth required for the access To generate a Web Detailed report: 1. If not already open, launch the iprism Report Manager and log in. 100

Tutorials 2. Click Create a report on the Welcome page. The New Report Wizard appears. 3. Select Create a new report from scratch, and then click Next. 4. On the Type tab, select Web Detailed, and then click Next. 5. On the Criteria tab, set the following options, and then click Next: Click Select beside the Category(s) box. In the Categories dialog box, scroll to the Questionable Activities section and select copyright infringement. Click OK. In the User box, type Chris. This must be a login name that iprism recognizes. For more information, consult the iprism Administrator Guide. Click Next. 101

iprism Reports 6. On the Finish tab, type Chris copyright in the Specify a title box. Select Save and run this report now, and then click Finish. 102

Tutorials 7. In the Choose the date range dialog box, select the Last Month option. Click Run. When the report finishes generating, it appears in the iprism Report Viewer. Second step: Drill down on suspicious URLs Review the Chris_Copyright report. The report shows every web access Chris has made to web sites in the Copyright Infringement category within the specified date range. You can click any URL listed to open that site in a browser window. This enables you to investigate whether Chris has in fact been looking up information on how to evade copyright protection. This information can help your Human Resources department determine whether company policy or copyright law has been violated, and take appropriate action. 103

iprism Reports How are different offices using the network? Contents: Scenario First step: Create a Web Statistics report for each office Second step: Schedule and deliver each report Scenario Your company has three offices: one in San Francisco, one in Los Angeles, and one in San Diego. These offices all use the same iprism. Each office manager needs a weekly report about user activity. Until now, an intern has collected all the data for all three offices, and manually sorted it in a spreadsheet. However, this is time-consuming and error-prone. You decide to use iprism to automatically generate weekly reports for each office and email them directly to the appropriate manager. Note: The data in this scenario is imaginary and unlikely to be duplicated on your system. Follow along with the steps to learn how to perform this sort of investigation, but understand that the reports on your system will contain different data. First step: Create a Web Statistics report for each office You need to create one report for each office. Save time by creating the first report from scratch, and then creating the next two based on the first one. This scenario assumes that you create the San Francisco report first. To create the San Francisco report: 1. If not already open, launch the iprism Report Manager and log in. 2. Click Create a report on the Welcome page. The New Report Wizard appears. 3. Select Create a new report from scratch, and then click Next. 4. On the Type tab, select Web Statistics, and then click Next. 5. On the Grouping tab, select Category, and then click Next. 104

Tutorials 6. On the Sorting tab, accept the default sorting order and click Next. 7. On the Criteria tab, enter the San Francisco office subnet in the IP Address Range boxes. You could also indicate the office by selecting a site-specific Profile. Click Next. 105

iprism Reports 8. On the Finish tab, type Weekly_Stat_SF in the Specify a title box. Select Save this report. I will run it later, and then click Finish. 106

Tutorials To create the other two reports: 1. Click Create a report on the Welcome page. The New Report Wizard appears. 2. Select Create a new report based on a pre-existing report, and select Weekly_Stat_SF from the drop-down list box. 3. Click the Criteria tab. (You do not need to look at any of the other tabs, since the information will be the same.) Enter the Los Angeles office subnet in the IP Address Range boxes. Click Next. 4. On the Finish tab, type Weekly_Stat_LA in the Specify a title box. Select Save this report. I will run it later, and then click Finish. 5. Repeat steps 1 to 4 for the San Diego office, using the appropriate subnet and naming the report Weekly_Stat_SD. 107

iprism Reports Second step: Schedule and deliver each report Follow these steps once for each of the reports you just created: 1. If not already open, launch the iprism Report Manager and log in. 2. Click Schedule a report on the Welcome page. The Schedule Report Wizard appears. Click Next. 3. On the Choose Report tab, select one of the Weekly_Stat reports, and then click Next. 4. On the Schedule tab, complete the following options: Schedule the report to run weekly. 108

Tutorials Email the report to the appropriate office manager. You can also deliver the report via FTP. If you expect the report to be very large, this option ensures that the report will not fail to go through your email server. For more information on FTP settings, see Choosing scheduling options. Format the report as a Portable Document File (PDF), a comma-separated value (CSV) text file, or a CSV w/headings text file, according to the manager's preference. 5. Click Finish. Your reports should now run automatically each week, starting Sunday early morning. iprism emails each report when it finishes running. 109

Support Frequently asked questions Sometimes my reports process slowly. Why does this occur? Usually it is because your report is queued behind someone else's. Two people cannot run the same report simultaneously. If you try to run a report that is already running, iprism queues your request and executes it after the first report concludes. In addition, some reports, such as the Top Accessed report, use a high level of system resources. iprism also queues reports in this instance. Wait a few minutes to allow the system to free up. How many days of information does iprism store? iprism stores up to 120 million records at a time. The amount of time it takes to accumulate this many records may vary from company to company. How many entries can a report hold? No limit is placed on Web Detailed reports when scheduled. Large reports are broken into several smaller documents of a manageable size (65,000 records) before being delivered by Email or FTP. All other report types can hold up to 25,000 entries. 110

Support Troubleshooting The Real-time Monitor is not working and I received the error message, "Unable to receive real-time events." Why? iprism sends access events to the Real-time Monitor using the UDP protocol. If for some reason these messages are not able to reach your workstation, the Real-time Monitor will not function. In many cases this is caused by a firewall, such as Microsoft Windows XP's Firewall, or by a router, configured to not allow UDP packets. You will need to configure your firewall or router to allow the following UDP ports used by the Real-time Monitor: PORT 51231 and PORT 51232. For additional information and help configuring your firewall, please visit St. Bernard Software's knowledgebase at : http://ip4kb.stbernard.com/webhelp/troubleshooting/symptoms/ip0159.htm I did not receive my scheduled report in email. Some email systems limit the size of the attachments you can receive. Some PDF reports are quite large, and may exceed the file size limits. Try any of the following: Edit the schedule so that iprism delivers your reports via FTP rather than email. Edit the schedule so that iprism saves the report in CSV format. Large CSV reports are automatically split up into multiple email messages. Edit your report so that the saved report is smaller. Web Statistics and IM/P2P Statistics typically generate smaller files than the other report types. Ask your system administrator if it is possible to reconfigure the email system to accept larger attachments. The Real-time Monitor is not showing all of the IM/P2P or web activity that I know is occurring. The Real-time Monitor only shows monitored web sites. If your profile does not monitor the web sites you are accessing, they will not appear in the Real-time Monitor or on any reports. When I log in to the Reports Manager, it pauses at 84%. Why? iprism typically pauses at this stage to authenticate Windows domains. Wait a few moments for the system to finish starting up. 111

Glossary A Access Control Lists (ACL): One or more sets of rules within each profile that determine when each set of access restrictions applies. For example, one set might be in force during the workday, and another after hours. C category: A defined type of web site, such as business, recreation, and questionable. St. Bernard assigns web sites to categories in an iguard database, and iprism enables companies to control access to those categories. F filtering category: See category P profile: A configurable element within iprism that determines which categories of web content are available for viewing, which are monitored, and which are blocked. 112

Index 113

iprism Reports A actions monitoring...79 searching by...25, 28, 33, 36 B bandwidth...19 blocked searching by...28, 33, 36 sorting by...19 C categories grouping by...15 monitoring...79 searching by...25, 28, 33, 36 sorting by...19 comma-separated values (CSV)...65, 71 criteria. See search criteria...24 D deleting reports...45 schedules...76 domains...30 drilling down in reports...60 duration...19 E editing Real-time Monitor settings...85 reports...41 schedules...73 emailing reports...71 emails, missing...127 F filtering lists...41 FTP, sending reports via... 71 G grouping reports... 15 group-sensitive... 19 H hits... 19 hosts... 30 I IM/P2P Detailed reports sample... 96 search criteria... 33 IM/P2P Detailed reports... 12 IM/P2P reports protocols... 15 sorting... 19 IM/P2P Statistics reports grouping... 15 sample... 97 search criteria... 36 IM/P2P Statistics reports... 12 include media monitoring... 79 searching by... 25 IP addresses drilling down by... 60 grouping by... 15 limited access to... 2 monitoring... 79 searching by...25, 28, 33, 36 sorting by... 19 M media. See include media... 25 monitor settings... 79 114

Directory N Navigation menu...6 New Report Wizard...9 O overrides searching by...28 sorting by...19 overrides, initiated searching by...28 sorting by...19 P pages...19 passed searching by...28, 33, 36 sorting by...19 permissions report user...2 sharing reports...39 Portable Document Format (PDF)...65, 71 profiles drilling down by...60 grouping by...15 limited access to...2 monitoring...79 searching by...25, 28, 33, 36 sorting by...19 protocols grouping by...15 monitoring...79 searching by...33, 36 sorting by...19 Q Quick start shortcuts...6 R Real-time Monitor data... 82 editing settings... 85 missing data... 127 settings... 79 starting... 82 Real-time Monitor... 79 reports database size... 1 deleting... 45 drilling down... 60 editing... 41 emailing... 71 filtering... 41 finishing... 39 FTP... 71 grouping... 15 maximum days of information... 126 maximum entries... 1 predefined... 41, 45 running... 48 saving... 65 scheduling... 67 search criteria... 24 sharing... 39 sorting... 19, 59 speed... 126 titles... 39 types... 12 viewing... 56 reports... 9 Reports Manager starting... 2, 127 Reports Manager... 6 running reports choosing dates... 53 115

iprism Reports choosing reports...50 running reports...39, 48 S samples IM/P2P Detailed report...96 IM/P2P Statistics report...97 Web Detailed report...86 Web Statistics report...88 Web Top report...94 saving reports...65 scheduling reports choosing a report...68 deleting schedules...76 delivering via email...71 delivering via FTP...71 editing schedule...73 formatting as CSV...71 formatting as PDF...71 intervals...71 scheduling reports...39, 67 search criteria IM/P2P Detailed report...33 IM/P2P Statistics...36 Web Detailed...25 Web Statistics reports...28 Web Top...30 search criteria...24 sharing reports...39 sorting reports...19, 59 T types, report... 12 U URLs searching by... 25 user names drilling down by... 60 grouping by... 15 monitoring... 79 searching by... 25, 28 sorting by... 19 V viewing reports... 56, 59, 60 W Web Detailed reports drilling down to... 60 sample... 86 search criteria... 25 Web Detailed reports... 12 Web Statistics reports grouping... 15 sample... 88 search criteria... 28 sorting... 19 Web Statistics reports... 12 Web Top reports sample... 94 search criteria... 30 Web Top reports... 12 116

118

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback