The Logging & Reporting > Web Protection > Web Usage Report page is useful if you want to take a deeper look into your network traffic and your users' web usage.
The collection of web surfing data is session-based. Sophos UTM distinguishes between sessions per user ('How long has this user been surfing?') and sessions per user and domain ('How long has this user been surfing on this domain?'), where the domain is the top-level domain plus one significant level. To achieve good approximations, all data is gathered as follows: each web request is logged by taking the traffic volume and the duration between requests into account. If for a period of five minutes of inactivity no requests are recorded for a session, the session is considered closed. To take into account that users might still view a webpage within five minutes of inactivity, one minute is always added to the Time Spent values. Note further that reporting data is updated every 15 minutes.
Thus, if a user for example switches between two domains for 10 minutes, this will result in a total of 10 minutes for this user but 20 minutes for the domains surfed by this user. However, if the user uses different tabs or browsers to surf on the same domain, this will not influence the result.
When clients try to request invalid URLs, the Web Filter will log the request but will not be able to serve it. Those links will be counted as errors. They are not errors of the reporting or the Web Filter; in most cases, those errors occur because invalid or malformed links are placed in web content by the page creator.
First there is the header bar which consists of the following elements:
Note – When using filters and clicking through reports notice how the Available Reports setting changes automatically. It always reflects the current reporting basis.
Standard: There are several report types available, see below for a detailed description.
Saved Web Reports: Here you can select saved web reports you created in the past.
Next there is the filter bar which consists of the following elements:
You can download the data in PDF or Excel format by clicking one of the corresponding icons on the right of the filter bar. The report is generated from the current view you have selected. Additionally, by clicking the Pie Chart icon you can get a pie chart displayed above the table. If you click the Send icon, a dialog window opens where you can enter one or more email recipients who should receive this report as well as a subject and a message before sending the data. You can also receive saved reports on a regular basis, see section Scheduled Reports for more information.
What is displayed depends on the selected report type and defined filters.
Note – When anonymization is enabled, users are not displayed by their name or IP address but they appear enumerated instead.
Depending on the report type, the table provides different information:
#: Position with regard to traffic caused.
Traffic: Size of traffic caused.
%: Percentage on overall traffic.
Duration: Users report type: time spent by users. Sites report type: total time (sum over all users) spent on the website(s).
Pages: Number of pages (that is, all requests answered with code 200 and content-type text/html) requested.
Requests: Number of web requests for a category, site, domain, or URL.
User: Name of the users who bypassed blocking. If anonymization is enabled, user_# is displayed.
Quotatime Used: The amount of quota time used.
Site: Site for which blocking was bypassed.
Categories: Shows all categories a URL belongs to. With more than one category, clicking the category opens a small dialog field to select one of the categories from before a filter is created based on that category.
Action: Displays whether the website has been delivered to the client (passed), whether it has been blocked by an application control rule, or whether users gained access to a blocked page using the bypass blocking feature (overridden).
Reason: Displays why a website request has been blocked or overridden. Example: A user tries to download an msi file and there is an application control rule which prohibits file transfers, then the cell displays msi for reason. In case of an overridden page, the reason entered by the user is displayed.
Info: If available, this cell displays additional information to why a website request has been blocked, e.g. when a file download was blocked due to its extension then the cell says extension.
Filters are used to drill down the information displayed in the result table. They can be defined in two different ways: either by clicking the Plus icon in the Filter Bar or by clicking into the table.
Via Plus icon: After clicking the green Plus icon in the Filter Bar a small filter box with two fields is displayed. The first field, a drop-down list, lets you choose a report type, for example Category. The second field lets you choose or enter a value for the selected report type, e.g. Adult Topics when Category is selected. Click Save to save the filter and at the same time apply it to the result table.Via table: Clicking into the table opens a dialog window Reporting Direction if there is more than one report type available for the item you clicked. You need to select one of the presented options for filtering. After that the Reporting Direction window closes, the relevant filter is created and displayed in the Filter Bar. The results table now shows the newly filtered results.
Example: The default report of the Web Usage Report is Sites. In the results table you click on any row (e.g. amazon.com). The Reporting Direction window opens and gives you three options: either you want to see information on Domains for the site, on Users who visited the site, or on Categories the site belongs to. You see that several users visited amazon.com and you want to know more about this, so you click the Users box. The window closes. In the Header Bar you see that the report type changed to Users and in the Filter Bar you see that the result table for Users is filtered by the site you selected (amazon.com). Therefore the table shows all users who visited that site and additionally information on their sessions.
Note – Sometimes it makes a difference where you click into a table row as some table cells provide their own filter (see the items with an asterisk (*) in the section Results Table above).
|© 2019 Sophos Limited
|Sophos UTM 9.600