Cyfin Manual - Center
Contents
1. Groups and IDs Select Browse 28 Groups HE 2 IDs Filter selected Groups IDs E E Enterprise 926 a HI Angelo Jennifer a25 a L Accounting Department 51 Arello Jaclyn jacar En L Drafting Department 46 L Ashton Stephanie sa19 8 Engineering Department 128 Y Backman Daniel danback L Marketing Department 108 v Baines Harold haroldb L Sales Department 100 E Bann Joeseph joeb L Technical Services Department 105 d Banning Payton payton E Ungrouped IDs 387 Baugman Scott Mason smbaugman E VIP 1 x E Bauhaus Michal mb32 gt E Check Uncheck All Groups Check Uncheck All IDs Other options include Expand or collapse groups To expand and view group tiers click the plus icon To expand or collapse all groups click the plus or minus icon next to Groups 107 Cyfin User Guide v 9 2 0 Search for a specific ID If you know the ID names you want to filter you can search for and select them using the Filter selected Group s IDs field Begin typing the ID or name of a user Users with a matching ID or name will be displayed in the IDs box Select the check boxes for the IDs you want Check Uncheck all groups and or all IDs Use the check boxes below the Groups and IDs boxes to select or unselect all groups and IDs displayed The groups and IDs that you have selected will appear on th2. Groups and IDs Select Browse Set Groups HEI 2 IDs Filter selected Groups IDs E E Enterprise 926 a Angelo Jennifer ga25 a L Accounting Department 51 Arello Jaclyn jacar L Drafting Department 46 L Ashton Stephanie sa19 E Engineering Department 128 Y Backman Daniel danback L Marketing Department 108 V Baines Harold haroldb L Sales Department 100 El Bann Joeseph joeb L Technical Services Department 105 Y Banning Payton payton L Ungrouped IDs 387 Baugman Scott Mason smbaugman 5 VIP 1 x Bauhaus Michal mb32 z E Check Uncheck All Groups Check Uncheck All IDs Other options include Expand or collapse groups To expand and view group tiers click the plus icon To expand or collapse all groups click the plus or minus icon next to Groups Search for a specific ID If you know the ID names you want to filter you can search for and select them using the Filter selected Group s IDs field Begin typing the ID or name of a user Users with a matching ID or name will be displayed in the IDs box Select the check boxes for the IDs you want Check Uncheck all groups and or all IDs Use the check boxes below the Groups and IDs boxes to select or unselect all groups and IDs displayed The groups and IDs that you have selected will appear on the Select tab Groups and IDs
3. Enter your logon and click Submit Your password will be reset and you will receive a Password Reset e mail to change your password NOTE If your logon account was created using Active Directory your password cannot be reset with this link Contact your network administrator for assistance Technical Considerations 1 Will you be using an array configuration If you plan to set up an array configuration in your network then you need to do this first before setting up any other features in your product An array configuration allows you to manage several product installations from one primary product that you designate Once the array is configured then you will only need to configure product settings at the primary server You will find the setup instructions for an array in Array Configuration Checklist How will you manage groups and IDs You have two options You can either 1 manage them at the directory source i e Active Directory or 2 manage them inside the product If you choose to manage your groups and IDs at the directory source you will not be able to move or edit them inside the product If you choose to manage your groups and IDs inside the product only new IDs will be imported from your Active Directory or text file No moves or changes at the directory source will be imported Instead these changes will have to be made inside the product To learn more about managing groups and IDs see the Introduction and
4. name or name users matching the wildcard entry but not existing in your groups and IDs will be exported and not be added to your Ungrouped IDs group If the ID is not in your groups and IDs but has data it will be added to your Ungrouped IDs group 11 For Category Selection select the categories that you want to include in your export data To select all categories click the first category in the list box Then scroll down hold down SHIFT and click the last category in the list box To select specific categories click the first category in the list box Then hold down CTRL and click the additional categories you want to export To unselect a category hold down CTRL and click the selected category 12 Click Run Now Depending on how long the export takes to run you may see a progress meter In Firefox a dialog box is displayed allowing you to open or save the file Select what you would like to do with the file NOTE Other browsers may render this dialog box differently 13 If you selected the Schedule option the Schedule and Run and Schedule buttons are available Click Schedule and Run to schedule and save the export Click Schedule to only schedule the export When the export runs at the scheduled time the file will be saved in the directory that you specified 14 Click Back to return to the previous page 81 Cyfin User Guide v 9 2 0 Using Interactive Reports Interactive Reporting allows u
5. 26 Go to Data Management Report Database Configuration Settings High Level Database Current Database Derby Modify Database Low Level Database Wavecrest Database Location C Program Files Wavecrest Cyfin7982 we cf db Notify Admin of Errors Enable Disable Click Modify and a wizard will appear Select Database Manufacturer Manufacturers SQL Server v Select SQL Server as the Database Manufacturer and click Next A screen notifying you how to create a new MSSQL database will appear These will be the same instructions as above Once you have completed them click Next Data Management Enter Database Settings Schema Superiew Server Enterserver Port 1433 UserName sa Password Bulk Insert Folder C Program Files Wavecrest Cyfin7984 welcfidb plugin Browse Back Next 5 Enter the Server Port User Name and Password for your MSSQL database 6 Type in a UNC path for the Bulk Insert Folder and click Next 7 You should get green Ready status indicators If so you can go ahead and click Next Name This Database Configuration Name Database 8 Name the database configuration and click Next A message indicates that the database configuration was saved successfully 9 Click Done Mass Storage Low Level Database With the Data Management Report Database Configuration Settings screen you can choose a location to store the imported data It also le
6. Groups amp Selected Group s IDs Enterprise 926 Allen Jim allen6 a Accounting Department 51 Alravado Alex aa02 E Drafting Department 46 Engineering Department 128 Barrera Jose jb1012 Marketing Department 108 Ben Gay Itzik ibg123 Sales Department 100 Benner Jeff b31 Technical Services Department 105 Bennit Joan jb120 Blackmanton James jimblack Boettcher Francine fb Brady Marsha marsha Brooks Andrew P apb20 Burger Dale db16 Clarkman Kimberly kim Clipper Candice cadice X 2 Under Select Groups or IDs to Delete click the group or ID that you want to delete so that it is highlighted To select consecutive groups or IDs click the first group or ID Then hold down SHIFT and click the last group or ID you want to delete To select nonconsecutive groups or IDs click the first group or ID Then hold down CTRL and click the additional groups or IDs you want to delete To unselect a group or ID hold down CTRL and click the selected group or ID 3 Click Delete to delete the group or ID Move Groups or IDs This page allows you to move one or more groups to another group and move one or more IDs from one group to another group 1 Goto User Management Edit Users Move The Move Groups or IDs page is displayed 36 User Management Select Groups or IDs to Move se Groups amp Selected Group s IDs Enterprise 926 Dimpl
7. MON Morning Filter X Cancel Save Inthe Filter Name field type a name for the filter Select the days and times you want included On in the report and the days and times you want excluded Off in the report You can do this by using the tabs on the left to select the day of the week and clicking the corresponding times to turn them on or off You may also apply a filter to the entire week Click Save to save the filter 12 Under Groups and IDs on the Browse tab choose groups and IDs by selecting their corresponding check box To view IDs in a group click the group name Groups and IDs Select Browse L EE EE D 85 Groups HE E Enterprise 926 Accounting Department 51 Drafting Department 46 E Engineering Department 128 E Marketing Department 108 Sales Department 100 Technical Services Department 105 Ungrouped IDs 387 VIP 1 IDs Filter selected Groups IDs Angelo Jennifer a25 Arello Jaclyn jacar Ashton Stephanie sa19 Backman Daniel danback Baines Harold haroldb Bann Joeseph joeb Banning Payton payton L Baugman Scott Mason smbaugman Bauhaus Michal mb32 E Check Uncheck All Groups o Check Uncheck All IDs 66 Reports Other options include Expand or collapse groups To expand and view group tiers click the plus
8. NOTE Depending on your browser this page may render differently Under Delimiter Character s select the check boxes for the delimiters that you used in your text file Under Column Position Definitions for the two Required fields columns enter column numbers that correspond to the left to right column positioning of those fields in the text file Column numbers range from 1 to 6 If any of the Optional fields columns are used in the text file enter column numbers that correspond to the left to right column positioning of those fields in the text file Column numbers range from 1 to 6 Click the Preview button to check that your data is in the correct columns If it is not double check and reenter your values for Column Position Definitions Preview Formatted Data ID Parent 1 Parent2 Parent3 Parent4 Parent5 Parent6 Full Name E Mail alyce Marketing Department Alyce Mark T minh Marketing Department AYoung Shee Minh alicew Marketing Department Williams Alyce alicia Marketing Department Green Alicia bart Marketing Department Yonkers Ill Bart K When your data is in the correct columns click Import to import your groups and IDs NOTE Configured text file imports will occur at midnight each day CAUTION If you have both a text file and an Active Directory import configured whenever an Active Directory import occurs the text file will also import along with it User Management Synchronize Groups
9. barl Banke Elena dd0055 Bann Joeseph joeb ID Details Banning Payton payton ID Name Click the entry that you want to view The details for the ID are displayed including group location and policy settings 45 Cyfin User Guide v 9 2 0 Enter ID or Full Name ID Name Full Name Location E Mail Address es Abuse Thresholds Change Your Password Banning Payton payton payton Banning Payton Enterprise Technical Services Department Default This page allows you to update the password for your account You are required to do this before using the product in order to change the temporary password assigned by the system You may also use this page to change your password at any time NOTE In an array configuration the administrator password must be made exactly the same on all secondary servers in the array Once you have logged on to the product on the secondary servers you will need to change the default password to match that of the primary The passwords for all products in the array must be the same 1 Goto User Management Logon Accounts Change Password The Change Your Password page is displayed with the Submit button disabled at this point Old Password New Password Confirm New Password Password Strength Complete the Form to Change Your Password Passwords must meet the following criteria Contain atleast 1 of the following special characters amp
10. 2 280 lt 1 MM 1 868 10 Mission Alexandra alexandra 2 46 24 3 328 lt 1 MN 1 828 11 Tuckers Irene irene 3 01 33 3 631 lt 1 MM 1 823 12 Ries Brian brianr 2 18 51 2 777 lt 1 MN 1 437 The blue in the bar graph represents the allowed visits and the red shows where the user exceeded the threshold 108 Settings Interactive Reports This page lets you establish settings for Interactive reports such as how long to keep reports where to store them and a required password that should be changed to retrieve the reports 1 6 Go to Settings Reports Interactive Reports Report Server IP Address 10 10 10 124 Set DNS Host Name Optional Host Name Options Report Expiration 90days e Reports Password eeeee In the IP Address field select the IP address to be used for reporting if a drop down box is present If the IP address is plainly displayed with no available drop down box the product found one NIC IP address and no further action is required This step is optional If you want to identify an additional report server DNS host name enter it in the Host Name field This additional server can be used for internal or external use Example If you have external users you may want them to be able to access Web use reports In this case you would use this field to enter a DNS host name that external computers will recognize Select the Report Expiration using the drop down box Interactive re
11. 24 2013 12 02 25 AM Feb 25 2013 12 00 04 AM Feb 26 2013 12 00 29 AM Feb 27 2013 12 00 00 AM Feb 28 2013 12 00 49 AM Mar 1 2013 12 01 17 AM Mar 1 2013 12 00 58 AM Mar 2 2013 12 00 14 AM Raw Data Stop Time Feb 23 2013 11 59 22 PM Feb 24 2013 11 58 48 PM Feb 25 2013 11 57 07 PM Feb 26 2013 11 59 59 PM Feb 27 2013 11 59 55 PM Feb 28 2013 11 58 20 PM Mar 1 2013 11 59 27 PM Mar 1 2013 11 59 58 PM Mar 2 2013 11 58 23 PM Import Status Old Old Old Old Old Old Old Old 2 If you have more than one data configuration the Choose Configuration field is displayed to allow you to choose a configuration to view Select a configuration or all configurations In the View Last field select the time period of the log files you want to view Select the Import check boxes of the logs that you wish to import If you wish to import all of the logs you can click the Select All button at the end of the log file list 5 Click Submit to import the logs into the database Schedule Data Import This screen lets you schedule the import of log files into the internal database Be sure to enable the Report Database in order to use this feature IMPORTANT Because the process of importing data is memory intensive we recommend increasing the product s memory setting on the Settings Memory screen As a general guideline increase the setting to be approximately half
12. Eet slk International GeneralMotors Figure 1 Example of Groups and IDs Information Field Definitions In this example columns 1 and 2 are devoted to the individual employees and columns 3 6 illustrate the departmental or organizational hierarchy Column 3 is the lowest level in the 116 Appendix A Groups and IDs hierarchy and is the employee s immediate parent organization Columns 4 through 6 represent increasingly higher levels in the organizational hierarchy Hierarchical Considerations Figure 1 illustrates a hypothetical multitiered case involving the maximum number of hierarchical levels four Fewer columns can be used if fewer levels of hierarchy or none at all are needed For example only three columns of data are mandatory for a two level Ds only no full names approach One of the three columns is used for some form of user ID one for the users first level parent s and one for second level parents Such an approach would use columns 1 3 and 4 in Figure 1 Only two fields are mandatory for a single tier approach These are the columns that provide user ID and immediate parent information In Figure 1 these would be columns 1 and 3 However two fields alone cannot support a multi tier approach or provide for full names in reports Column Numbers and Names Wavecrest products do not require that the columns be positioned or named exactly as shown in the example in Figure 1 As long as the proper types of inf
13. If you want to review your policy settings you can do so on the System Status Policy screen Report Links Abuse Thresholds List of all abuse thresholds policies and the users to which they apply Category Classifications List of Web activity categories with their acceptability classifications Groups and IDs List of Groups and IDs authorized for your access account This screen contains links to policy related information that you have set in the product The Abuse Thresholds link indicates how many visits are acceptable before abuse is considered to have occurred The Category Classifications link shows the default acceptability classifications ratings that your organization has assigned to the Web activity categories The Groups and IDs link indicates the groups and users that you can create reports on Array Communication Log The Array Communication Log page displays the messages sent between the servers in your array It shows completed and pending messages If there are no messages the screen will be blank The system automatically assigns priorities and processes the messages in a sequence that reflects those priorities To view messages go to System Status Messages Array Log Update Log The Update Log page displays the dates and times of the URL List and product updates To view this information go to System Status Messages Update Log Event Log The Event Log page shows the product event errors a
14. Manage Users section for User Management What policies do you need to create and how will they apply to your users Your answers to these questions will not only help you when it is time to create your policies but it will also help you determine how to structure your groups and IDs For example you may only need a single policy for the entire Enterprise or several different policies for your different groups and or individual users How you plan to distribute reports will also need to be taken into consideration when setting up your groups and IDs To learn more about what your options are and what decisions you need to make before importing your groups and IDs see Appendix A For instructions on how to create or import your groups and IDs see User Management Will you run reports from raw logs or the Report Database There are several advantages to importing the raw log data into the Report Database The Report Database compresses the log file data which increases the reporting speed dramatically and allows you to use the Dashboard and Interactive Reporting To learn more about the Report Database and for instructions on how to enable it see Report Database Will you apply classification ratings to your categories The product offers three different classification ratings that can be applied to each category They are acceptable unacceptable or neutral You can choose to have these ratings appear in your Web use reports making it eas
15. NOTE If you wish to delete a previously created log file configuration select that log file configuration and click the Delete button 3 Click Next The next page allows you to select your log file type or have the system detect the log file format for you Select Log File Type Selection Manual Analyze Type of Log File Please Select y EAR 4 Inthe Selection field choose one of the following options Manual This option allows you to select the log file type if you know it Inthe Type of Log File drop down box select the type of log file for your server NOTE If you make a mistake the product will realize it in a couple of steps and direct you to try again Data Management Select Log File Type Selection Manual Analyze Type of Log File Please Select D Barracuda Networks D Bloxx Proxy Next Blue Coat Systems CSV Blue Coat Systems SGOS 2 Blue Coat Systems SGOS 3 amp 4 amp 5 Blue Coat Systems Common Format BorderManager BorderWare CacheFlow Appliance Check Point Firewall Check Point Syslog Cisco Content Engine CL Reader CSM Proxy CyberGuard Firewall CyBlock Appliance CyBlock Proxy CyBlock Software Cyfin Proxy Dell PowerApp Cache Analyze This option allows the system to analyze your log files to detect the log file format Select Log File Type Selection Manual Analyze Log File C Logs proxy20150302 bt Inthe L
16. Now option After the report runs you can view save and print it The report is saved with a universally unique identifier UUID in the file name e g 14ec2d98 346f 4cb5 806a f85f7b74f1 e1 html E Mail This option allows you to specify e mail addresses to which you want to send the report In the Recipients field enter a valid e mail address If you wish to send the report to multiple e mail addresses enter the addresses separated by a comma or semicolon with no spaces Duplicate addresses are not allowed The report is sent in the file name format that you specified in Report Options 10 Reports Save This option allows you to save the report In the Save Directory field type the directory path or click Browse to locate the directory The report is saved with the file name format that you specified in Report Options Be aware that you may overwrite a previously run report if saving to the same directory In the Report Format field select HTML or PDF NOTE If you select PDF you will only have the option to get a Read Only report selected in the Report View field below NOTE for Linux Users In order for PDF reports to work on Linux installations the following libraries and all of their dependencies are required X11 libraries Font Configuration libraries Run the following two commands which will install the above libraries if they are not already installed yum install libXrender so 1 yum install li
17. Select Browse SS Groups Search for Groups Q amp IDs Search for IDs ES a Banning Payton payton D Backman Daniel danback Baines Harold haroldb Angelo Jennifer ja25 Ea Remove All Groups Remove All IDs 14 To delete a group or ID click the corresponding red x icon To delete all groups or IDs click the Remove All Groups or Remove All IDs red x icon 15 On the Select tab you may enter an ID in the Search for IDs field If the ID is an IP address or an IP address with a wildcard all user names for that IP address will be reported on except any user names in your VIP group If no user names exist the IP address will be reported on If the ID contains a wildcard e g name or name users matching the wildcard entry but not existing in your groups and IDs will be reported on and not be added to your Ungrouped IDs group If the ID is not in your groups and IDs but has data it will be added to your Ungrouped IDs group 16 Click Run Now 72 Depending on how long the report takes to run you may see a progress meter 17 18 ii Reports f one report was generated it opens in a Report Results page where you can view save and print it f multiple reports were generated depending on how you ran the report a Reports List page is displayed with links Click the link for the report you want to view When you are finished with the report click Back to List to return to the list of reports or cl
18. The deleted report will be removed from the Scheduled Reports list If it exists in the Recently Run Reports list only the name will be removed indicating that it is no longer a scheduled report To create an exact copy of a report click the duplicate icon The Create Report page is displayed where you can make changes to the settings and schedule the report Be sure to enter a different name for the report Reports 6 To sort the list of reports click the column title to sort by that column An arrow is displayed next to the column title when you hover over it indicating that the column is sortable NOTE The Frequency column is sorted using the current date time as the point of reference In ascending order Manually is displayed at the bottom of the list 7 To delete a report click the red x icon on the report line The deleted report will be removed from the Scheduled Reports list If it exists in the Recently Run Reports list only the name will be removed indicating that it is no longer a scheduled report 8 To delete all reports click the Delete All red x icon A dialog box is displayed confirming the deletion of all scheduled reports Click Delete All The reports are deleted and a message indicates that there are no scheduled reports NOTE When all recently run reports and scheduled reports have been removed the Report Selection page will be displayed Run a High Level Summary Report High level reports give su
19. all of them NOTE This field will only show if there is more than one log file type configured in Cyfin 6 Inthe Visits Hits field select whether you want visits only or all hits displayed in the export NOTE Choose Visits Only if you want the export to count and show only true visits i e actual user clicks Doing so will exclude all other types of hits e g banners ads and audio Choose All Hits if you want to show all types of hits solicited or unsolicited 79 Cyfin User Guide v 9 2 0 7 Under Time Frame in the Date Range field select from the following predefined time frames of data Yesterday Previous 24 Hours Last 7 Days Last Week or Last Month or select Custom to set a specific date range All predefined time frames end at 11 59 59 P M except Previous 24 Hours which ends one second before the current hour When scheduling an export the Date Range options are based on the Frequency selection that is they are less than the frequency For example you cannot schedule an export to run daily with a date range of Last Month Select the appropriate date range Custom is only available if the Run Now option was selected or the Frequency field was set to Manually If you selected Custom set a start date time and stop date time The Start and Stop fields show the previous date range that was selected Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the
20. are shared elsewhere across the network enter the UNC path full network path to your log files NOTE In an array configuration remember that secondary servers must share their log folders for the primary server to access the log files across the network Click Next Depending on the type of log file selected previously the Select Log File Date Format page may appear 9 Data Management Select Log File Date Format Log File Date Format US Date Format MM DD YYYY Example 04 26 2009 European Date Format DD MM YYYY Example 26 04 2009 International Date Format YYYY MM DD Example 2009 04 26 For Log File Date Format select an option for the date format of the log files For most proxies this action is not needed and the page will not appear For others such as Microsoft Web Proxy select the correct log file date format i e US European or International Click Next 10 If you selected a syslog type of log file e g SonicWALL Security Appliance you can configure 11 your syslog enabled device to send logs directly to the Cyfin Syslog Server The Information about page appears Information about SonicWALL Security Appliance Syslog Daemon Required SonicWALL Security Appliance log information must be converted via syslog to be readable by Cyfin To use our built in Cyfin Syslog Server click Next Alternatively you may download the Kiwi Syslog Server For more information on how to use a syslog da
21. arrow disappears when you click the year field Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates 12 If you want to filter the days and times to include in the report data use the Filter field and select a filter or select Create new filter You will see a dialog box Filter Name Report Filter A X B or Bon am Manage Monday s Filter Morning Filter Cancel Save Inthe Filter Name field type a name for the filter Select the days and times you want included On in the report and the days and times you want excluded Off in the report You can do this by using the tabs on the left to select the day of the week and clicking the corresponding times to turn them on or off You may also apply a filter to the entire week Click Save to save the filter 13 Under Groups and IDs on the Browse tab choose groups and IDs by selecting their corresponding check box To view IDs in a group click the group name CAUTION You cannot run a User Audit Detail report on the Enterprise group You can run the report on other groups but this means a User Audit Detail report will run on each user in the selected group 71 Cyfin User Guide v 9 2 0
22. before the current hour When scheduling a report the Date Range options are based on the Frequency selection that is they are less than the frequency For example you cannot schedule a report to run daily with a date range of Last Month Select the appropriate date range Custom is only available if the Run Now option was selected or the Frequency field was set to Manually f you selected Custom set a start date time and stop date time The Start and Stop fields show the previous date range that was selected 65 Cyfin User Guide v 9 2 0 11 If you want to filter the days and times to include in the report data use the Filter field and select Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files NOTE In Internet Explorer 10 if you have log files in only the current year the drop down arrow disappears when you click the year field Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates a filter or select Create new filter You will see a dialog box Filter Name Report Filter A sun Manage Monday s Filter
23. can verify that it is working It can also be used to identify users who may be engaging in excessive attempts to visit inappropriate or unauthorized sites This report is also a useful supplementary tool for individual user audits Legal Liability Report Features This report shows Web activity that could lead to legal liability It indicates by user the number of visits to sites in the Anonymous Public Proxy Cults Drugs Gambling Hate and Crime Malware and Pornography categories Information is presented by category and by individual user Individual sites are not separately identified 121 Cyfin User Guide v 9 2 0 Benefits This tightly focused report facilitates analyses investigations and audits related to actual or potential legal liability issues Results can be used to prompt further investigation or trigger immediate corrective action Neutral Visits Report Features This report provides Web use activity only for categories classified as Neutral By category it shows the total number of visits made by individual users Users are identified but individual sites are not Benefits Management can quickly evaluate and see patterns of neutral activity In doing so they can focus on categories one at a time or they can review the consolidated total The results may prompt management to change the rating of one or more categories to Acceptable or Unacceptable Site Analysis Report Features This report depicts a specifi
24. data in the Mass Storage low level database 13 Cyfin User Guide v 9 2 0 With respect to scalability this product can run a report based on 1 GB of data in about the same amount of time required to run a similar report by reading a 1 MB log file With respect to persistence once the configured log file data has been imported into the Report Database you never have to read it again The data remains stored and readily available for future use Another benefit is that the Report Database can hold immense amounts of data for long periods of time This permits the generation of reports from the distant past if necessary Configure Log Files NOTE If Cyfin is keyed as appliance for remote logging this screen will appear differently See Remote Logging This process will configure the product to read your log files You may manually choose your log file type to create a log file configuration if you know it or have the system analyze your log files to detect the log file format It is from these log files that the product generates easy to read reports 1 Goto Data Management Log Data Source Setup Create or Modify Log File Configuration Select Configuration Create new log file configuration e Option Delete 2 Select Create new log file configuration when creating a new configuration Otherwise in the Select Configuration drop down box select a previously created log file configuration that you wish to modify
25. example CyBlock Software to CyBlock Software Transfers across products are not allowed NOTE 1 This feature is not available if you are using the Array feature NOTE 2 When you restore settings the product service automatically restarts 1 Go to Settings Restore Points Manage Choose Restore Point Choose Day to Restore Dec 20 2013 13 53 15 e Choose Restore Type Full Configuration Only 2 Inthe Choose Day To Resiore drop down box select a day from which to restore settings 3 Select the type of restore you would like to perform that is Full or Configuration Only Full This option allows you to transfer configuration settings from one product type to the same product type with the same restore point path on the same computer Configuration Only This option allows you to transfer configuration settings to a different restore point path on the same computer or to a different computer 4 Click Submit At this point the service will automatically restart Download a Restore Point The download feature allows you to download a restore point to a location of your choosing as a backup You can download a restore point from the last 31 days The restore download feature allows you to transfer all configuration settings to another installation of the product Transfers of configuration settings are only supported for the same product type for example CyBlock Software to CyBlock Software Transfers across product
26. hierarchical organizational tree in the product This is done via the User Management menu which contains the Edit Users menu items Add Delete and Move Typically although not necessary the groups in a hierarchical structure consist of the various departments and subdepartments within a company Configure and Populate the Groups Once the design is complete the administrator can configure it in the product and assign users to the various groups e g departments He or she can perform both of these tasks in the User Management screens by following the instructions for data entry Once this is done the administrator or other authorized individual can then request reports Using a High Level Site Analysis Report to Import IDs General Wavecrest s products can run high level reports such as Site Analysis without previously inputting the IDs of the covered users This approach automatically inputs IDs of users that were active during the specified time frame of the requested report This approach has the added benefit of producing a very useful high level screening report while simultaneously entering applicable IDs into the product All users imported in this manner are placed into Ungrouped IDs NOTE To run a User Audit Detail report on a specific ID or IP address the covered user s ID must already be present within the product Methodology Using the Reports Manager screen create and run a manual Site Analysis report As mentioned a
27. icon To expand or collapse all groups click the plus or minus icon next to Groups Search for a specific ID If you know the ID names you want to filter you can search for and select them using the Filter selected Group s IDs field Begin typing the ID or name of a user Users with a matching ID or name will be displayed in the IDs box Select the check boxes for the IDs you want Check Uncheck all groups and or all IDs Use the check boxes below the Groups and IDs boxes to select or unselect all groups and IDs displayed The groups and IDs that you have selected will appear on the Select tab Groups and IDs Select Browse SS Groups Search for Groups A amp IDs Search for IDs Ex a Banning Payton payton a Backman Daniel danback Baines Harold haroldb Angelo Jennifer ja25 Remove All Groups ES Remove All IDs 13 To delete a group or ID click the corresponding red x icon To delete all groups or IDs click the Remove All Groups or Remove All IDs red x icon 14 On the Select tab you may enter an ID in the Search for IDs field If the ID is an IP address or an IP address with a wildcard all user names for that IP address will be reported on except any user names in your VIP group If no user names exist the IP address will be reported on If the ID contains a wildcard e g name or name users matching the wildcard entry but not existing in your groups and IDs will be repo
28. include Expand or collapse groups To expand and view group tiers click the plus icon To expand or collapse all groups click the plus or minus icon next to Groups Search for a specific ID If you know the ID names you want to filter you can search for and select them using the Filter selected Group s IDs field Begin typing the ID or name of a user Users with a matching ID or name will be displayed in the IDs box Select the check boxes for the IDs you want Check Uncheck all groups and or all IDs Use the check boxes below the Groups and IDs boxes to select or unselect all groups and IDs displayed The groups and IDs that you have selected will appear on the Select tab 80 Reports Groups and IDs Select Browse 28 Groups Search for Groups Q amp IDs Search for IDs ES a Banning Payton payton H Backman Daniel danback Ea Baines Harold haroldb ks Angelo Jennifer ja25 ka EE BR zi Ea Remove All Groups Remove All IDs 9 To delete a group or ID click the corresponding red x icon To delete all groups or IDs click the Remove All Groups or Remove All IDs red x icon 10 On the Select tab you may enter an ID in the Search for IDs field If the ID is an IP address or an IP address with a wildcard all user names for that IP address will be exported except any user names in your VIP group If no user names exist the IP address will be exported If the ID contains a wildcard e g
29. logical hierarchical chain of command manner and all groups and subgroups i e organizational units or OUs must have unique identifiers or labels A unique identifier can be a department number or a department name or any other type of designation so long as there are no duplicates in the assigned database OU field In large organizations where like functions in different locations may have the same name e g Sales in Germany and Sales in England the name should be augmented with a prefix or suffix to provide differentiation For example in this case the two functions could be named Ger Sales and Eng Sales Assignment of unique department numbers to the various workgroups is also an effective solution Most directories are already designed in this hierarchically structured manner for related reasons e g group policy administration network security administration and access control In such cases the import feature will work smoothly and quickly For purposes of this discussion we assume a the customer s Active Directory contains such information and b groups will represent departments divisions etc in a hierarchical organization Figure 1 below is a hypothetical illustration of such information Domestic eneralMotors eneralMotors Domestic eneralMotors 25998 av Tom Accounting BuickMfg International GeneralMotors 37494 GIL Ann Production ChevroletMfg International GeneralMotors 26487 Barr Phil
30. of the available memory on the machine NOTE Importing data does not affect the original logs This product only reads log file data it does not modify log files in any way 1 Goto Data Management Report Database Import Schedule 29 Cyfin User Guide v 9 2 0 Configuration Scheduler Enable Disable Log data will be imported daily Hour 12 AM y Import Log Files Last24 Hours e e g Jan 5 2014 12 00 00 A M to Jan 5 2014 11 59 59 P M Select the Enable option to schedule the data import In the Hour fields select the specific hour and time of day to begin importing data If you have large amounts of data you may want to schedule the data import process to run when Web traffic is low 4 Inthe Import Log Files drop down box select if you want to import log files from the ast 24 hours or if you want to import all log files 5 Click Submit to apply your changes View Imported Data This is a display only feature It displays the Report Database s imported log file data For each imported data configuration this screen displays the log file configuration name type of log file and path if applicable For each log file it displays the log file name imported start date time imported stop date time and date imported 1 Goto Data Management Report Database Viewer Display Selection CyBlock Appliance Path C Logs Log Name proxy20130223 bd proxy20130224 bd proxy20
31. report click the duplicate icon The Create Report page is displayed where you can make changes to the settings and schedule the report Be sure to enter a different name for the report 61 Cyfin User Guide v 9 2 0 9 To schedule a report click the calendar icon The calendar icon is available for only unscheduled reports The Create Report page is displayed where you can make changes to the settings and schedule the report To view the report click the view icon If multiple reports were generated depending on how you ran the report a list is displayed with links Click the link for the report you want to view When you are finished with the report click Back to List to return to the list of reports or click Close to close the window To change the view of the recently run reports select Scheduled or Unscheduled in the Filter field The default is A If you selected Scheduled or Unscheduled the last ten scheduled or unscheduled reports will be displayed Recently Run Reports Add New Manual Report Report Type Name Run Date Time Filter Scheduled User Audit Detail User Audit Detail Payton Oct 22 02 06 04 PM Search Terms Audit Detail Search Terms Audit Payton Oct 22 01 21 06 PM Legal Liability Detail Legal Liability Detail Accounting Oct 22 01 20 49 PM Denied Detail Denied Detail Sales Oct 22 01 20 48 PM ES Clear List To clear the list of recently run reports click the Clear List red x icon A di
32. s Contain atleast 1 uppercase and 1 lowercase letter e Contain atleast 1 number Be between 8 and 20 characters long es New password must not match previous password eo Y ec Y Or jp Wesk Medium Strong 2 Inthe Old Password field type the current password for the account 46 User Management 3 Inthe New Password field type the new password for the account As you type the new password a red x will display to the right of the field and change to a green check mark when the password criteria have been met The password must meet the following criteria Contain at least 1 of the following special characters amp Contain at least 1 uppercase and 1 lowercase letter Contain at least 1 number Be between 8 and 20 characters long Must not match previous password 4 Inthe Confirm New Password field retype the new password to confirm it As you type the password a red x will display to the right of the field and change to a green check mark when the confirmation password matches the new password The Submit button will also be enabled 5 The Password Strength indicator evaluates your password s strength automatically and displays how strong your password is from Weak to Strong 6 Click Submit to apply your change Create Logon Account Two types of logon accounts can be issued administrator accounts and operator accounts Administrator account users have full access to and control of the p
33. servers out of an array scenario you will then be able to place the import data where you see fit Setting up an array involves the following steps Designate and set up the primary server Install the product on the primary server Download the URL List Change the default password Configure your network account for the product service Establish memory settings Enable the Report Database Set the import data storage location Designate and set up secondary servers Install the product on the secondary servers Change the default password Configure your network account for the product service Establish memory settings Complete the array setup on the primary server Add secondary servers to the array Configure log files Set up the administrator e mail Import data into the Report Database Create and run a Site Analysis Report NOTE Be sure to complete these steps Click the links above to go to the instructions for a particular step Configure Network Account for Product Service This step is necessary so that the primary server can send log file data to the secondary servers and so that the secondaries can receive log file data from the primary 1 Goto Control Panel open Administrative Tools and then open Services 2 Right click the product name and then select Properties Array Configuration Services Local Name Description Status A Bs Cryptographic Servi Provides th Started Web
34. the changes 8 To delete a URL highlight the URL you would like to delete and then press DELETE Click Submit to apply your changes Display Categories This page lets you select the categories to display on your reports If categories are turned off they do not appear on reports and they are not available as category selections for reports By default all categories are turned on including custom categories Je Go to Categorization Customize Categories The Display Categories page is displayed Select Categories to Be Displayed Categories Select On to Display Agriculture Off 9 On Anonymous Public Proxy Off 0 On Auction Classified of On Banners Ads Off On On Blogs Off Business Services Off On Under Select Categories to Be Displayed apply an Off or On setting to each category by selecting the corresponding option NOTE If you want only a few categories displayed on reports scroll to the bottom of the page and click All Off Then scroll up to select On for those categories that you want to turn on and vice versa Click Submit to apply your changes NOTE If all categories are set to Off the Submit button is disabled 57 Reports Introduction With this product you can get a quick overview of Web activity from the Dashboard run high level and low level reports and schedule reports to run regularly For a complete listing of Wavecrest s
35. to check the category of any URL in the product s URL List To do this enter the URL below and click the Check button The category in the list where the URL was found will be returned For example enter proxy com and then click the Check button Enter URL 2 Inthe Enter URL field type the URL that you want to check Click Check Category information for the URL is displayed Check URL This feature can be used to check the category of any URL in the product s URL List To do this enter the URL below and click the Check button The category in the list where the URL was found will be returned For example enter Groo com and then click the Check button Enter URL Groe com URL Category Match This URL was matched to the following category Category Anonymous Public Proxy URL found in Standard Wavecrest URL List Category Description Sites that provide information on how to bypass filtering or monitoring systems or provide a way to surf anonymously i e access URLs by bypassing a Web filter or monitor Classify Categories By classifying categories you are assigning an acceptability rating to each Web use category Categories can be rated as Acceptable Unacceptable or Neutral in accordance with your organization s Internet usage policy Initially each category has a default classification which you can accept if you like but you will probably want to change some of these to conform to your policy These cla
36. use M Started Bs DCOM Server Proce Provides la Started y Def Watch Started Mi y Click the Log On tab General Log Un Recovery Dependencies Log on as Local System account Allow service to interact with desktop This account ismith yourcompany lan Password vor m m9 m 000 Confirm password vc0000000000000 You can enable or disable this service for the hardware profiles listed below Hardware Profile Service Profile 1 Enabled Enable Select the This account option and enter a valid network account with read and write permissions Click Apply and then OK In the Services window right click the product again and select Restart to restart the service 11 Data Management Introduction Data Management is a key feature of this product With Data Management you can manage your Web use data from your configured log files or import your log files into the optional Dashboard high level and Mass Storage low level databases and manage your data there Even though the databases are an optional feature they must be enabled if you choose to use the Dashboard and Interactive Reporting see Reports It is highly recommended that you use the Report Database if you have large amounts of Web use data Before getting started with Data Management you should have completed the Getting Started Checklist If so you will have alr
37. use the Chart View field to change the metric you are viewing 4 Under Time Frames use the Date Range field to select a different time frame f you selected Custom set a start date time and stop date time The Start and Stop fields show the previous date range that was selected 93 Cyfin User Guide v 9 2 0 5 Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates Click Update Chart to reload the chart Metrics Chart View Visits e Time Frames Date Range Custom X Start Feb 23 2013 FB Hour 12 AM e Stop Mar03 2013 Hour 12 AM e If you want to zoom in click and drag from left to right or from right to left on the chart Click Reset zoom to return to the original view Trend Categories Chart 94 1 2 Go to Reports Dashboard Trend Categories Select a category and the chart will automatically load with the default metric of Visits and time frame of Last Week Reports Categories Chart Selecta Category Social Networking y Metr
38. v Report View Read Only v Abuse Thresholds Disable v Anonymous IDs Disable e Time Frame Date Range Last Week e Oct 12 12 00 00 AM to Oct 18 11 59 59 PM Filter Default e P 3 Under Select When to Run for the Report Options field select Run Now or Schedule Run Now Use this option if you want to run the report at this time The report will be displayed as a recently run report on the Manage Reports page Schedule Use this option if you want to set up the report to run manually at a later time or schedule the report to run automatically at a specific time Select When to Run Report Options RunNow Schedule Name Report Name Frequency Manually Inthe Name field type an appropriate name for the report The name limit is 75 characters Inthe Frequency field select Manually if the report will be run manually at a later time or select the schedule for the report that is Daily Weekly or Monthly f you selected Daily select the specific hour and time of day that you want the report to run daily f you selected Weekly select the day of the week and specific hour and time of day that you want the report to run weekly If you selected Monthly select the day of the month and specific hour and time of day that you want the report to run monthly 4 Under Settings in the Report Delivery field select one of the following options 64 Wait This option is available for only the Run
39. viewing Under Time Frames use the Date Range field to select a different time frame f you selected Custom set a start date time and stop date time The Start and Stop fields show the previous date range that was selected Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates Click Update Chart to reload the chart If you want to view more detailed data on a particular user click the bar for that user A User Audit Detail report will automatically be generated for that user and the time frame you have selected If you want to zoom in click and drag from left to right or from right to left on the chart Click Reset zoom to return to the original view 87 Cyfin User Guide v 9 2 0 Top Groups Chart 88 1 Go to Reports Dashboard Top Groups A chart with your top groups will automatically load with the default metric of Visits and time frame of Last Week Chart Metrics Time Frames Top Groups Sales Sales Department 47 890 visits 47 890 Visits 34 153 13
40. when you go to the job queue the page will be blank and a message indicating the system is currently idle will appear The job queue automatically assigns priorities and performs the jobs in a sequence that reflects those priorities This design ensures that reports are based on the latest available data The job queue runs one job at a time A job that is running will always be at the top of the list anda progress meter will show percent completion When a new job is initiated the product automatically places it in the queue in accordance with its priority Lower priority jobs are bumped down if appropriate 1 To check the job queue go to System Status Job Queue 2 You will see the list of jobs and their status on the page 1 jobs Type Description Percent Owner Delete 1 Report User Audit Detail Parsing proxy20130302 bd war gt low joeb xml ST 99 paytonb al data 3 If you want to delete any of the jobs click the red x icon To delete all jobs in the queue click the Delete All button NOTE Administrators can delete any job in the job queue Operators can delete only the types of jobs that are authorized in their accounts i e typically reports 4 To pause the queue from refreshing click Pause 99 Cyfin User Guide v 9 2 0 NOTE This does not pause the job from running 5 Click Restart to get the queue refreshing itself again and to see the current status of job s running Policy Reports
41. which establishes an Account with Wavecrest or an authorized Managed Service Provider for the Services A Customer is being provided access to the Services by Wavecrest and each is an End User of the Services Devices means Windows or non Windows servers workstations computers tablet computers or any other mobile devices upon which or through which the Services are used and or installed for use by Customers Fees means the fees payable by a Customer for the Services Fees are based on the Term nature of the Services bandwidth storage number of business units number of End Users or Devices and other factors Quotes for Fees are provided by Wavecrest geg A A ee SE Sg ee eegen E EE ebe ETE ln EE Eege Accept If the License Agreement has not been accepted as you scroll down to the bottom of the text the Accept button will become available Click Accept Once the License Agreement is accepted the Accept button will no longer be visible NOTE If the License Agreement is not accepted operator accounts will receive an error message when they attempt to log on Click Print to print the License Agreement You may return to this page at any time to view or print it Appendix A Groups and IDs Introduction to Groups and IDs General Groups and IDs is a feature that is used to input and or import users ID information into the product for subsequent use in reporting and or filtering processes As discussed later th
42. 00 A M or other periods of low Web usage The product default is midnight This way the previous day s data will be available the following morning for report generation The data will be permanently stored within the product to enable generation of a variety of reports daily weekly or monthly Although processing log files is active from the time the Report Database feature is first enabled the product is only designed to automatically retrieve and store future log file data as it is created in daily use It does not automatically go back and retrieve data generated prior to the Report Database being enabled To populate the Dashboard high level and Mass Storage low level databases with past configured log file data you can import these log files into the databases manually This data can then be used to generate reports covering past periods Alternatively you can select to convert all past data on the Schedule screen The primary benefit of using the Report Database is report generation speed When the databases are used a virtually unlimited number of authorized users can generate their own reports in minimal time Currently only administrators can access the Dashboard For example when the Report Database is enabled this product can run a large weekly Site Analysis report in seconds rather than hours and can run a monthly report in minutes rather than days This dramatic reduction is made possible by storing the source
43. 000 1411101001008 901010109101 091010100101 1161010041001 1101410600100 9010011011191 KH IT 2001080141010 0001000101010 XML Database Figure 1 Array Configuration for Cyfin Array Configuration Checklist This checklist covers steps as if you were installing the products for the very first time so it includes a few extra steps for those that may have already configured the product when it was originally installed However you still may want to double check those settings to make sure they are configured to how you want them and to ensure that the product is running seamlessly after setting up the array You will find that some configurations must be done on the primary server and secondary servers before adding your secondaries to the array Before getting started with the product installations be sure to decide which server will be your primary and which servers will be your secondaries If you plan to Cyfin User Guide v 9 2 0 upgrade the software on your primary server uninstall Cyfin or CyBlock Software from your secondary servers and download a new product installation CAUTION If you already have a successful installation in production and are using the Report Database feature it is highly recommended that you save copies of your import data war files to a safe location before continuing If you ever decide to disband an array remember to manually save import data war files to a safe location first After you have taken
44. 130225 bd proxy20130226 bd proxy20130227 bd proxy20130228 bd proxy20130301 tt proxy20130229 tt proxy20130302 tt View last All Type of Log File CyBlock Software Imported Start Time Feb 23 2013 12 01 41 AM Feb 24 2013 12 02 25 AM Feb 25 2013 12 00 04 AM Feb 26 2013 12 00 29 AM Feb 27 2013 12 00 00 AM Feb 28 2013 12 00 49 AM Mar 1 2013 12 00 58 AM Mar 1 2013 12 01 17 AM Mar 2 2013 12 00 14 AM Imported Stop Time Feb 23 2013 11 59 22 PM Feb 24 2013 11 58 48 PM Feb 25 2013 11 57 07 PM Feb 26 2013 11 59 59 PM Feb 27 2013 11 59 55 PM Feb 28 2013 11 58 20 PM Mar 1 2013 11 59 58 PM Mar 1 2013 11 59 27 PM Mar 2 2013 11 58 23 PM Date Imported Feb 4 2014 11 42 08 AM Feb 4 2014 11 42 10 AM Feb 4 2014 11 42 11 AM Feb 4 2014 11 42 13 AM Feb 4 2014 11 42 18 AM Feb 4 2014 11 42 23 AM Feb 4 2014 11 42 30 AM Feb 4 2014 11 42 36 AM Feb 4 2014 11 42 37 AM 2 If you have more than one data configuration the Choose Configuration field is displayed to allow you to choose a configuration to view Select a configuration or all configurations 3 Inthe View Last field select the time period of the imported log files you want to view You can use the Date Imported column to determine when data was imported 30 Delete Data This feature allows you to delete database data manually You can also schedule deletions to occur automatically once a day Data Management NOTE Deleting database data do
45. 23 2015 4 01 20 PM Mar 23 2015 4 01 28 PM Mar 23 2015 4 01 31 PM Delete Log Status Old Old Old Old Old Old Old Old Old If you have more than one data configuration the Choose Configuration field is displayed to allow you to choose a configuration to view Select a configuration or all configurations Select the database data you want to see by using the View Imported Data Older Than field You can use the Date Imported column to determine when data was imported Select the Delete check boxes of the imported data that you want to delete If you want to delete all data click the Select All button at the bottom of the page Click Submit to delete your selections Schedule Daily Data Removal d Go to Data Management Report Database Delete Schedule 31 Cyfin User Guide v 9 2 0 32 Configuration Scheduler Enable Disable Imported logs will be deleted daily Hour 12 AM y Delete Imported Data Older Than 3Months e Preview These Settings Select the Enable option to schedule automatic daily deletions to occur In the Hour fields select the specific hour and time of day to begin deleting data Using the Delete Imported Data Older Than drop down box select what old data you want deleted automatically Click Preview to view the data that will be deleted with these settings Click Back to return to the Schedule Daily Data Removal
46. 231 320 222 930 194 430 177 590 170 720 144 664 121 557 8 MM 305 992 6 MN 233 106 6 MS 231 320 6 MN 222 930 5 A 194 430 5 MA 177 590 4 MN 170 720 4 MU 144 664 3 EN 121 557 The Audit Data Export page allows you to export the details of users Web activity in one or more categories that you select The export file can be used in external applications such as spreadsheets report generators relational databases Every visit made by a user is listed separately in chronological order Information for each visit includes the user name IP address category date time Web site and full URL NOTE The Report Database must be enabled to use the export 1 Goto Reports Manager The Report Selection page is displayed if no recently run or scheduled reports exist NOTE If reports exist the Manage Reports page is displayed Click the green plus icon to go to the Report Selection page 2 Under Forensic Reports click Audit Data Export The Create Report page is displayed 78 Reports Select When to Run Report Options RunNow Schedule Settings Save Directory TEMP Browse Visits Hits Visits Only does not include jpg gif etc e Time Frame Date Range Last Week v Mar 12 00 00 AM to Mar 7 11 59 59 PM Filter Default X 2 3 Under Select When to Run for the Report Options field select Run Now or Schedule Run Now Use this option if you want to run the export at this t
47. 3 12 42 33 AM Sports 14B http espn convfido 1 bid 24 numitm 10 5243393 9974378 sto 14 10 10 30 192 Feb 23 2013 12 42 33 AM Sports 14B http espn convfido 1 bid 24 numitm 10 5243393 9977721 uti 45 10 10 30 192 Feb 23 2013 12 42 35 AM Sports 72K http espn convfido 1 bid 24 numitm 10 5243393 9977226 onli Dashboard Charts The Dashboard allows you to get a quick overview of the Enterprise s Web activity in several different ways The Dashboard consists of three sections Home Provides an overview of the Enterprise s Web activity Top Provides charts on the top users groups categories classifications and sites by visits hits or bytes Trend Provides trends on the users groups categories classifications or traffic you specify Before opening Dashboard charts you must enable the Report Database and import log file data into the Report Database For instructions on using the Report Database see Data Management To open the Dashboard go to Reports Dashboard Home The Dashboard Charts page will open with three overview charts These charts represent data for the entire Enterprise over the last 7 days You will see a Trend Enterprise chart Top Users chart and Top Categories chart Click the bars on the Top Users Visits chart to generate a User Audit Detail report click the bars on the Top Categories Visits chart to generate a Category Audit Detail report If you want to zoom in click and drag from left to righ
48. 401 1 1P Address Neutral 19 30 03 23 401 12 IER 23 401 2 News Neutral 17 20 00 20 800 10 Mn 20 800 3 Search Engines Acceptable 11 45 39 14 113 7 MM 14 113 4 Shopping Unacceptable 9 51 48 11 836 6 MA 11 836 5 Hardware and Software Acceptable 9 13 36 11 072 5 ees 11 072 6 Social Networking Neutral 9 08 12 10 964 5 R gt 10 964 7 Sports Unacceptable 8 44 15 10 485 5 ra 10 485 8 TVNideo Streaming Unacceptable 8 16 36 9 932 5 MU 9 932 9 Financial Neutral 6 48 21 8 167 4 MN 8 167 10 Games Unacceptable 5 52 48 7 056 3 MN 7 056 Run an Audit Detail Report Audit detail reports or low level reports are designed to give detailed information on individual employee Web use These reports show the actual URLs visited This section provides instructions on running a User Audit Detail report but these instructions will work for any audit detail report you wish to run The User Audit Detail report focuses on a single user Every visit made by the user is listed separately in the main body of the report and visits are listed chronologically by date and time NOTE For descriptions of all audit detail reports see Appendix B 1 Goto Reports Manager The Report Selection page is displayed if no recently run or scheduled reports exist NOTE If reports exist the Manage Reports page is displayed Click the green plus icon to go to the Report Selection page 2 Under Recommended Reports or Audit Detail Reports click Use
49. 526 ol Sr Ss y e Feb 23 2013 12 AM Mar 03 2013 12 AM Chart View Visits y Date Range Custom X Start Feb 23 2013 Hour 12 AM Stop Mar 03 2013 A Hour 12 AM Under Metrics use the Chart View field to change the metric you are viewing Under Time Frames use the Date Range field to select a different time frame f you selected Custom set a start date time and stop date time The Start and Stop fields show the previous date range that was selected Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates Click Update Chart to reload the chart If you want to zoom in click and drag from left to right or from right to left on the chart Click Reset zoom to return to the original view Reports Top Categories Chart 1 Go to Reports Dashboard Top Categories A chart with your top ten categories will automatically load with the default metric of Visits and time frame of Last Week Chart Visits Metrics Time Frames 30 000 Social Netwo
50. 8 54 44 AM Shopping 39 2 K http avc convfido 1 3932432 1 a0068071 a 197 10 10 30 166 Feb 23 2013 8 54 47 AM Shopping 43 3 K http avc convfido 1 3932432 1 a1890051 a 198 10 10 30 166 Feb 23 2013 9 07 58 AM Search Engines 7 8K http www yahoo conv 199 10 10 30 166 Feb 23 2013 9 20 27 AM Games 180 B http www games comw 7eklbb aacwg 200 10 10 30 166 Feb 23 2013 9 20 23 AM Games 3 2K http www w games conv 7ekib aacwa 201 10 10 30 166 Feb 23 2013 9 23 43 AM Games 190 B http www games conv 7epcarter recogniti 202 10 10 30 166 Feb 23 2013 9 23 45 AM Games 2 3K http www qames conv 7epcarter recognit 203 10 10 30 166 Feb 23 2013 9 24 29 AM Games 1 3K http www games conv 7epcarter recognit 204 10 10 30 166 Feb 23 2013 9 27 36 AM Games 96 1 K http www w games conv 7epcarter recogniti 205 10 10 30 166 Feb 23 2013 9 34 11 AM Search Engines 20 8 K http google convhome whats cool html 206 10 10 30 166 Feb 23 2013 9 34 15 AM Anonymous Public Proxy 10 4K http www anonymizer conv 207 10 10 30 166 Feb 23 2013 9 35 27 AM Anonymous Public Proxy 8 2K http w ww anonymizer com products ovr 208 10 10 30 166 Feb 23 2013 9 39 55 AM Search Engines 11B http trans qo2net com 2020 channels 209 10 10 30 166 Feb 23 2013 9 40 56 AM Anonymous Public Proxy 9 6K http w w w anonymizer com products netgral 210 10 10 30 166 Feb 23 2013 9 41 04 AM Hardware and Software 199 B http home microsoft conv Run an IT Report The Site Analysis B
51. Choi 92 Trend Groups Chart 93 TrendGategoes E 94 Trend Classifications Ghat viii ri e a 96 Trend Nuel E 97 EE EE E 99 SERVER SUAS ia eessen eene reegen E E lat n ita 99 Server rte un le EE 99 JOD QUES 2h geess egsebees A EE E dr 99 Poley ee 100 Array Communication OG E 100 Cyfin User Guide v 9 2 0 Update EE 100 Event LOG D 100 Profiling LOG E 100 E la E 101 aiaa eln Lett Le 101 Eeer nee 101 Update License IniormatiOM coccion a as 101 Internet COMEN ici beba 102 Set up Administrator E Mail 103 Restore or Download a Restore Pont 104 Restore a Restore Policia ai A EEN dE EH 104 Download a Restore e E 104 Restart OF nee Ui EE 105 Add Secondary Servers to the Array 105 nnert 106 ADUSE Thresholds vemo a cubes sat REESEN EEN a EES SEELEN ewes san a 107 Interactive ee 109 Participate in OtherWise cccccccecceeeeee cesses cence eeeaeeeeeaeeeeeeceaeeeeaaesaeeseaeeecaaeeseaaeseeeeeseeeessaaeeeeaaeesenensaes 109 REPOM ODPIONS EE 110 Help EE 113 o DEE 113 een Ae le le EE 113 Check for Product Updates oooocconcccnncconnccnnncccnoncconannnn noc nn n cnn nan 113 End User LICenSeAGreeiMe E 114 Appendix A Groups and H RE 115 Introduction to Groups and RE 115 Fully Automated Grouping Using Active Directory ooooncccinccinniconoconancccnonccnnnrn canon n nano cc nnn cnn narran 115 How Wavecrest Products Interact with Active Directory oooonnicccnninicnnnnncoccnnnoccccnnncrccnnn narrar cnn 116 Semiautomatic Grouping
52. ClOry cx sis ccpdessetvarsarsecesiaayccesndacteodhayecessiucueeaziecnsdauyeveeudineedsuiewannarieereiias 42 Import Users Fromm Text tile EE 43 Synchronize Groups and IDS With Cyfin 0 00 ceeccececeeeeee cece ee eee eee aeeeeaeeeeeeeecaeeeseaeseeeeeseeeesaeeeeaeseeeeeeaas 45 ei tele OR EE 45 Change Your PaSSword vivia rai ia ee Eed red Rives interes 46 Create LOGOn ACCOU Ms 22 cece reccedesyh id aa di OA Ai ia 47 Modiy ee ele 48 Delete LO Be TEE 49 Ee lee EE 51 o EE 51 URE lee 51 e Dee 51 Table of Contents Download the URL BEE 51 URE le e TEE 52 Check URE iii a diets ancien diate A evi anes ceed ee 53 Glassify Categories sii A eaa E aN EESE a ESAE aSa AE OENAR AC CEAS CRESES 53 Edit URES menea aaee eE aa e EE AEEA N EEEE AE AE EE AAE E 54 Display Calegoles E 57 el 59 laige Dia ita p EAE TE S E A E T E E E A E A T 59 Report Selection caida a 59 MENE PU o aAA aaa aaae r a 60 Recently Run RED OMS asosini a A AAA AA A eg 61 scheduled Reports ivan ide 62 Ruma High Level Summary Repoti ica di 63 Runan Audit Detail Reduir A 68 Run anit REDON E 73 Audit Data EXP EE 78 Using Interactive Reporta isa red 82 Using Report Filters in Audit Reports ooocconnccccnoncconononccnnnnonecnnnnonocnnnnnnecnnnnnnn cnn nnnc cnn nnne cnn rre cnn rnnne cnn 83 Dashboard e CC 85 TOP EE 86 Top Users Chart EE 86 TOP Groups Cada ad a iaa 88 Kelte REEL EE 89 Top AE e ele El 90 TopSites Chalco iia dea Pa 91 Trend Cha Ar ii rin 92 Trend Users
53. L in the List Classify Categories Rate categories for acceptability based on your company s Web usage policy Edit URLs Create an unlimited number of custom categories and populate both standard and custom categories with URLs for tracking Web sites of interest to your company Display Categories Select the categories to display on your reports URL List Location This page is used for Technical Support purposes Standard URL List Location Status Category Resolution is ready File Name C Program Files Wavecrest Cyfin7984 we cfidb plugin data data war Type of Categorization Standard Wavecrest URL List URL List Version If you ever experience difficulties with the Wavecrest URL List Technical Support may ask you to revert to an older version of the list Only if instructed to do so go to Categorization URL List Version and follow Technical Support s instructions Select List Version D List7 List 8 NOTE Use this page only if directed to do so by Technical Support Submit Download the URL List The Wavecrest URL List is updated daily In order to receive these daily updates you must either download the URL List manually or configure the product to download it automatically once a day This step will ensure that you have the latest Wavecrest URL List which will include the most recent categorized URLs and aid in accurate filtering and reporting If you are required to use a proxy f
54. M Mar 2 2013 11 58 23 PM Status valid valid valid valid valid valid valid valid 3 If you have more than one data configuration a data configuration field is displayed to allow you to choose a configuration to view Select a configuration or all configurations 4 Inthe View Last field select the time period of the log files you want to view Data is displayed depending on your selections Below are definitions of the information shown for each log file Log File Configuration Name The name for each configuration appears in the upper left of its displayed listing Type of Log File This is the log file source type Path This is the directory path of the log files Log Name This column shows the name of validated files Start Time This column shows the date and time of the first record in the log file Stop Time This column shows the date and time of the last record in the log file Status This column shows the status of log files for report generation purposes using the three codes defined below Valid Log file can be used to generate reports Invalid Log file has a problem or is not compatible with report request Pending Validity has not yet been determined i e current file has not been read yet Revalidate Log Files This feature requires minimal use and instruction If the product has not had a problem reading your configured log files all log files should be valid and yo
55. Sales Department s domain is SALES the Accounting Department s domain is ACCT and the Engineering Department s domain is ENG The following group import file would result in separate reports for each department or domain SALES Sales Department ACCT Accounting Department ENG Engineering Department 3 The following example illustrates a case in which full names are not used Notice the two delimiters with nothing in between This tells the product that there is no full name smithj Engineering doej Accounting wilsona Sales 4 The following example fits an organization that does not authenticate users at a proxy server ora firewall but has fixed IP addresses and uses full names 123 10 3 8 Meyers Peter Sales New York 123 10 3 9 Ellen Susan Sales California 9 2 3 8 Bene Jorge Sales Brazil 5 The following example fits an organization that subclasses an IP address range for a region or district In this case full names are not used Notice the two delimiters this tells the product that there is no full name 34 5 224 Washington Elementary School 34 5 225 Adams Middle School 34 5 226 Grover High School 6 The following example demonstrates how to set up a group import file for an organization that uses domain names for its workstations In this case full names are not used An example of full domains could be joe eng NY company com eng NY company com Engineering New York eng CA company comJ Engineering C
56. Settings Language English United States y Update Be sure to click Update in every section in which you made changes Help Profiling If you ever experience difficulties that cannot be resolved via online Help Technical Support may ask you to activate the product s profiling mode via the Profiling page When profiling is activated the product will generate a considerable amount of data to help Technical Support resolve the issue Any information sent to Wavecrest will be held in strict confidence and destroyed after the issue has been resolved When the data is generated it will be sent to a special file sprofile htm for subsequent transmission to Technical Support via e mail support wavecrest net If you are ever asked to turn on profiling go to Help Support Profiling and follow Technical Support s instructions Profile Level Level Off y NOTE Profiling can possibly use a considerable amount of disk space Use this page only if directed to do so by Technical Support Category Descriptions This page provides a description of each category as well as a category index for Technical Support purposes Go to Help Category Description The Category Descriptions page is displayed Category Descriptions Name Description Agriculture 1 Sites about farming ranching forestry gardening horticulture etc This includes sites that sell farming or ranching equipment on a large scale It excludes
57. TRL key and click the groups you want imported 41 Cyfin User Guide v 9 2 0 NOTE 1 If you do not highlight any groups all groups and IDs will be imported This is the preferred option if you want all new groups and IDs imported with each import Otherwise only new IDs in your selected groups will be imported and you will have to go back to your import configuration and select any new groups so that they will also be included in the import NOTE 2 If you want to place the users from the unhighlighted groups into Ungrouped IDs select the Place all IDs from unhighlighted groups into Ungrouped IDs check box at the bottom of the screen This option can be helpful i e it will use the Ungrouped IDs group as a holding tank while you decide where to assign certain IDs CAUTION If you select the check box and do not select any groups all IDs will be placed in Ungrouped IDs Remember that if you are managing your groups and IDs outside the product you will not be able to move any of your groups and IDs in the product 11 Once you have selected the groups that you want to import click Next Name This Active Directory Configuration Name Company X 12 In the Name field type a name for this Active Directory configuration and click Next 13 You should see a successful configuration message You now have the option to create another configuration by clicking Done or import groups by clicking the import link Con
58. The report shows only data with URLs containing the entered text Below is an example of a Category Audit Detail report 83 Cyfin User Guide v 9 2 0 84 Report Filters Date Time 1 10 10 20 1 Mar 1 20136 00 25 PM Pornography 61K 10 10 20 1 Mar 1 2013 6 01 07 PM Pornography 4K 10 10 20 1 Mar 1 2013 6 01 34 PM Pornography 12 6 KR http www eb conventrance html 4 10 10 20 1 Mar 1 2013 6 02 29 PM Pornography 427 B www eb inframe3 html 15 10 10 20 1 Mar 1 2013 6 02 46 PM Pornography 6K http www web 10 10 20 1 Mar 1 2013 6 02 46 PM Pornography 282 B d 10 10 20 1 Mar 1 2013 6 03 27 PM Pornography 1 7K RH http www sexyweb corvshowexample html 18 10 10 20 1 Mar 1 2013 6 04 37 PM Pornography 74K http www sexyweb corvcreditd html 19 10 10 20 1 Mar 1 2013 6 05 45 PM Pornography 3 1K H htto www vaprod com 10 10 10 20 1 Mar 1 2013 6 07 04 PM Pornography 3 5K f http www vaprod convpage2 html 11 10 10 20 1 Mar 1 2013 6 07 31 PM Pornography 2 7K H http www vaprod html 12 10 10 20 1 Mar 1 2013 6 08 08 PM Pornography 92K www t 195 html 13 10 10 20 1 Mar 1 2013 6 09 08 PM Pornography 4 2K fl httpo www vgprod comfilthy html 14 10 10 20 1 Mar 1 2013 6 10 30 PM Pornography 6 8K fi httpo www fantasysex comwcancan html 10 10 20 1 Mar 1 2013 6 11 37 PM r au w w adultbox com Below is an example of a Denied Detail report Repot Filters All TV Video Str
59. Use Active Directory This option is only available if an Active Directory configuration exists Click Lookup and the Full Name and E Mail Address fields will be updated with any changes to the Active Directory account name NOTE For the admin account name this option is not available 5 Make your changes to the remaining fields as described in Create Logon Account 6 Click Submit to apply your changes 7 Click Back to return to the list of accounts Delete Logon Account This page allows you to delete previously established administrator or operator accounts NOTE The admin account cannot be deleted Also additional administrators cannot delete their account if they are currently logged on 1 Goto User Management Logon Accounts Delete The Delete Logon Account page is displayed 49 Cyfin User Guide v 9 2 0 50 Select Logon Account to Delete admin g alyce Bob Kal marsha payton 2 To delete an account hover over the corresponding line and click the red x icon A dialog box is displayed confirming the deletion 3 Click OK Categorization Introduction The Categorization features allow you to manage the URL List check the categories of URLs and customize categories In this section you will find instructions on how to Manage the URL List Change version of the list download the list manually or schedule a download and repair the list Check URLs Verify the category of any UR
60. Using a Text File Method 118 Manual Management of Groups and IDS coococinccciniccconiconococonacanancncnn nc cnc nano 120 Using a High Level Site Analysis Report to Import Des 120 Appendix B Report Descriptions ccoo A eege deed 121 Recommended Repo CN 121 High Level Summary REDONS viii oda 121 Acceptable VISITS Repais icreereos iaa E E E 121 All User Summary Report sssessseessesssssrsssrrssrnssunesnuosnuenuossuersnecsnersnersnsressctssctssstasctssctasstesstnnstenseenstenes 121 Custom Categories REDON GE 121 Table of Contents Denied KNIECHT ele 121 Legal Liability REDON E 121 Neutral Visits Repon EE 122 Site Analysis E ln dE 122 TOP USOS REPO EE 122 TOP Web SIGS E 122 Unacceptable Visits Heport scooter da o o 122 Audit EIS Ee 123 Category Audit Detail Report ceecceecceeeeeeeeeeeceeeee eee eeeeaeeeeaeeseneeesaeeeeeaeseeaeeseeeeeseaeeesaeeseeeseenees 123 Category Audit Summary Hepnort cece eeeeaeeeeaeeseceeesaeeeeeaeeeeaeeseneeeseeeeeaeeeeeeseenee 123 Denied Detail Repo a it da a nage 123 Legal Liability Detail REPO a a a NEEN EEN E 123 search Terms Audit Detail Reporta atadas 123 Site Audit Detail Report a did 123 e o er 124 User Audit Detail Repo coincide las dele o ea ci 124 User Audit Summary ROOM lisis re ii 124 e EE 124 Network Information Repollo id AA A a A dd deena E 124 Site Analysis Bandwidth Report iivisccis enna gi date eet ais tivated nye 124 Top Bandwidth Sites Reportin iea ib 124 For
61. WavecrestCyfin Version 9 2 0 Cyfi Employee Forensic Web Use Reporting Tool ce WAVECREST COMPUTING UserGuide www wavecrest net Copyright Copyright 1996 2015 Wavecrest Computing Inc All rights reserved Use of this product and this manual is subject to license Information in this document is subject to change without notice 904 East New Haven Avenue Melbourne FL 32901 USA www wavecrest net Trademarks The following are trademarks registered trademarks or service marks of Wavecrest Computing Inc Wavecrest Computing Inc CyBlock App CyBlock Appliance CyBlock Client CyBlock Cloud CyBlock ISA CyBlock Software Cyfin and OtherWise All other trademarks mentioned are the property of their respective owners Table of Contents o o a OE ERTE E E E T A ETT 1 Ee TEE 1 ENEE E 1 Array Configuration E 1 Data Ma ln 1 Heer MAA E a E E ae 1 eo AAA IN uo o 1 el 2 System StatUS ua rd aida 2 SENINGS tute tati a 2 eil E 2 Helpratd Riet Ee WEE 2 LLOQ EE 3 Forgot PASSWOM asii id 3 RR else ein le TE EE 5 A cacti ees eege lee genee paver E 7 Getting Started Checklist oir ia l o 7 Download and Je tel tie Producir EER ia 7 Array EE MEIER eech anios 9 aige a DTSlar T D A E I a A E 9 Array Contiguration Check et eet efeee ges iia 9 Configure Network Account for Product Genee 10 Data Managome Misseri AAEE AAA ee ee 13 tte e Wis ie E 13 Ho e o 14 Remote Logging EE 18 VIE 19 R
62. We occasionally find that many of the URLs included in the OtherWise data represent the customer s internal intranet and possibly extranet sites Because we cannot access these sites we cannot research and categorize them Consequently we may return a list of these particular sites to the participating customer and suggest that they enter them into one or more custom categories which they can create themselves Cyfin and CyBlock permit the establishment of custom categories which customers can use to track Web use activity involving sites that are of particular or unique interest to them only intranet sites are the most common of such sites Results Customers that use our highly personalized OtherWise service have reported significant reductions in the number and percentage of unidentified Web visits Confidentiality Wavecrest Computing is fully committed and obligated to protecting the privacy and confidentiality of our customers information especially information that pertains to or identifies individual employees or other users whose data flows through our systems Our commitment and assurance are documented and enforced in several ways One of those is close adherence to the provisions of Section A 15 of our End User Sales Agreement quoted below Only authorized Company employees with a need to know use or handle information collected from individual customers Client records are regarded as confidential and will not be divulged to any
63. ability Web activity by user that is visits to only the Anonymous Public Proxy Cults Drugs Gambling Hate and Crime Malware and Pornography categories that pose a legal liability risk Benefits The report provides only Legal Liability Web use This means that smaller more focused reports are available to facilitate analyses investigations and audits related to legal liability issues Search Terms Audit Detail Report Features This report shows search terms that users entered on popular search sites such as Google It includes an option to show prefetched search results that were performed as the user was typing These results are referred to as keystroke searches Benefits This report can be used as a tool to aid in forensic investigations It also indicates the number of search terms entered and can give the details of a user s keystrokes Site Audit Detail Report Features This report focuses on Web activity associated with one or more Web sites Every hit or visit made to the specified URLs is listed separately by user Hits or visits are listed chronologically and information included for each hit or visit consists of the user category and full URL 123 Cyfin User Guide v 9 2 0 Benefits Management has a complete yet concise view of all users that visited the specified Web sites and the resultant activity hits or visits This information can be used for personnel appraisal purposes usage audits etc Site A
64. alifornia drafting company com Drafting Corporate Headquarters 7 The following example could be used for an organization that uses a department number as part of a login name For example the Sales Department has a department number of 2001 and the Marketing Department has a department number of 694 An example of login names for the Sales Department could be joe2001 and jim2001 and the Marketing Department could have users sue694 and alice694 2001 Sales Department 694 Marketing Department 8 Suppose an Internet Service Provider ISP manages Internet activity for many small businesses The following example demonstrates an ISP configuration for delivering a grouped report to each business 45 23 190 Real Secure Systems hotpeppers com Hot Peppers and More 123 45 48 Jacobs Manufacturing 88 1 2 The Graphic Arts Center vbooks com Virtual Books Inc 119 Cyfin User Guide v 9 2 0 Summary As indicated earlier once the import file has been built and the administrator restarts the Wavecrest product server it finds the file automatically and begins to use its information As a result the server automatically duplicates the imported group structure and assigns the IDs to the correct groups Manual Management of Groups and IDs General Manual management of groups and IDs involves manually creating moving renaming deleting and updating groups and IDs In this case the product administrator first configures a
65. alog box is displayed confirming the removal of all recently run reports including any pending reports Click Clear List The list is cleared and a message indicates that there are no recently run reports Scheduled Reports This section shows reports that were scheduled to run automatically at a specific time and those that were set up to run manually as needed An unlimited number of reports can be displayed in this list and are sorted by name in ascending order 1 62 To schedule a new report click the green plus icon to the right of the Frequency column The Report Selection page is displayed where you can select the type of report you want to create Hover over a report line to display available icons You can also hover over the data in the Frequency column to display the next run date time for a report Scheduled Reports Name a Report Type Frequency Denied Detail Sales Denied Detail 5 AM Daily gt 2 B To run a report click the play icon The report runs and is displayed in the Recently Run Reports section with Running in the Run Date Time column indicating that it is processing If there are many reports to be processed you will see Pending indicating that the report is in the queue To edit a report click the pencil icon The Edit Report page is displayed where you can modify the settings of the scheduled report On the Edit Report page a Delete button is available to allow you to delete the report
66. and IDs With Cyfin For CyBlock Appliance customers when the appliance serial number and activation key are entered on the Settings License screen in Cyfin for remote logging this screen becomes available Once you have completed importing or adding your groups and IDs in the CyBlock Appliance interface you can set up the Cyfin interface to automatically synchronize groups and IDs with the appliance This synchronization will happen automatically every hour 1 Go to User Management Import Users Appliance Keyed As Appliance Appliance IP Sync Type the IP address of CyBlock Appliance in the Appliance IP field Click Syne and groups and IDs will synchronize with the appliance and auto sync every hour If you ever need to manually synchronize groups and IDs come to this page and click the Sync button To stop the synchronization remove the CyBlock Appliance IP address from the Appliance IP field and click Sync Search for an ID For any reason if you need to quickly find a group to which an ID is assigned or view the policy settings for a user ID this page will give you a quick view of that information 1 2 Go to User Management Search Users The Search for an ID page is displayed Under Enter ID or Full Name in the Search field begin typing the ID or name of the monitored user Users with a matching ID or name will be displayed in a drop down box ee Enter ID or Full Name Search
67. andwidth report is one of our IT reports These reports which supplement the high level and low level reports cover the areas that IT personnel find useful when monitoring Web usage and network resources This section provides instructions on running a Site Analysis Bandwidth report but these instructions will work for any IT report you wish to run The report is similar to the Site Analysis report but it focuses on bandwidth consumption instead of Web site content It breaks down bandwidth usage first by acceptability classification then by category within each classification and then by user within each category NOTE For descriptions of all IT reports see Appendix B Go to Reports Manager The Report Selection page is displayed if no recently run or scheduled reports exist 73 Cyfin User Guide v 9 2 0 74 NOTE If reports exist the Manage Reports page is displayed Click the green plus icon to go to the Report Selection page 2 Under IT Reports click Site Analysis Bandwidth The Create Report page is displayed Select When to Run Report Options RunNow Schedule Settings Report Delivery Wait Report Format HTML wv Report View Read Only v Anonymous IDs Disable e Time Frame Date Range Last Week v Oct 12 12 00 00 AM to Oct 18 11 59 59 PM Filter Default v E 3 Under Select When to Run for the Report Options field select Run Now or Schedule Run Now Use this option if you wa
68. as already been organized and set up For example many organizations enter their computer users unique identification and security data by department into a database in an Active Directory Server or a Domain Server So long as each database record contains a unique user ID and a unique group department designator the product can import the data en masse into groups and IDs Active Directory The use of directory services for network management purposes is common in larger organizations Microsoft Active Directory AD is a popular example How Wavecrest Products Interact with Active Directory General The groups and IDs import feature is optional functionality lt can be used in conjunction with Active Directory to automatically Import relevant user information from the directory into the product s groups and IDs structure Create a hierarchical groups and IDs tree in the product Assign the IDs to the appropriate groups in the tree Once you have Active Directory configuration s set up the import feature can also be used to manually import IDs into the product immediately CAUTION Using Active Directory to implement automated grouping is a powerful and efficient concept However for the concept to be successful the directory must have fields that contain appropriate employee related information needed by the product e g user ID full name if used and immediate parent organization The fields must be structured in a
69. ately in chronological order Information for each visit includes the user name IP address category date time Web site and full URL Cyfin customers can choose to export a single log file configuration or all log file configurations Benefits The data can be exported to external applications e g spreadsheets report generators and relational databases for analysis and manipulation by management This allows management to identify the most heavily visited sites in a selected category for specific users This information can be used for employee appraisals incident investigations usage audits etc Improve Your Reporting Results Top Noncategorized Sites Report Features This report shows all unidentified hit activity i e all URLs that were routed to the Other category Therefore the report reflects all extraneous images banners ads multimedia items etc as well as bona fide visits For each URL listed the report shows the number of hits and the full domain name Individual user IDs are not shown The list is sorted in descending order by number of hits Hyperlinks to all Web sites are also provided Benefits This report can be used by administrators to help identify sites that are relatively unknown but are of particular interest to the organization These can be reported to Wavecrest for inclusion in the Wavecrest URL List It can also help identify any intranet sites that perhaps should be added to a Company Intranet
70. ation create a new log file storage folder in the desired non default location Click the Browse button This will display available drives and directories Inthe dialog box click the Up one directory icon to locate the parent of the folder you created previously Click the new folder and click OK 5 Click Submit to apply your changes 6 On the Cyfin computer you need to open up the Windows firewall and either disable the firewall or allow an exception for port 7980 this is the communication port the appliance uses to send proxy and protocol data or you can have InstallAnywhere add the exception 7 Now you need to enable remote logging in CyBlock Appliance 8 Goto Data Management Log Data Source Setup in the appliance interface Log Files Log Web Activity Enable Disable Logging Type Local Remote Log Protocol Activity Enable Disable Remote Logging Host Submit 9 For Log Web Activity ensure the Enable option is selected 10 For Logging Type select Remote Additional fields will become available 11 For Log Protocol Activity select Enable to log protocol traffic NOTE To log protocol activity the appliance has to be inline 12 In the Remote Logging Host field type the IP address or host name for the Cyfin computer or click Search to locate it 13 Click Submit 14 If logging does not immediately start you will need to restart the Cyfin service To restart the service g
71. base is enabled 3 Click Submit Settings On this screen you have the ability to configure the Dashboard high level database and Mass Storage low level database The Dashboard high level database is necessary if you want to view Dashboard data and the Mass Storage low level database is essential to using Interactive reports and getting fast 21 Cyfin User Guide v 9 2 0 reports With the Dashboard high level database you have the option to use the default Derby database or configure your own MySQL or MSSQL database Dashboard High Level Database Settings Derby Configuration The following steps to change the default Database Location and Bulk Insert Folder paths are optional Derby is the default database for the Dashboard and no configuration is necessary once you have enabled the Report Database 22 1 To change the default Location and Bulk Insert Folder paths go to Data Management Report Database Configuration Settings High Level Database Current Database Derby Modify Database Low Level Database Wavecrest Database Location C Program Files Wavecrest Cyfin7982 we cf db Notify Admin of Errors Enable Disable 2 Click Modify and a wizard will appear 3 Select Derby as the Database Manufacturer and click Next Select Database Manufacturer Manufacturers Derby 4 A screen notifying you that the next steps are optional will appear If you want to proceed click N
72. bfontconfig so 1 In the Report View field select Read Only or Interactive NOTE The Interactive option is not available if Save was selected for the report delivery NOTE Interactive reports can only be run against data imported into the Wavecrest Database They cannot be used when running reports against the raw log files For steps on how to use the Wavecrest Database and its advantages see Data Management If you have more than one log file type configured in Cyfin the Data Configuration field is displayed to allow you to choose a configuration to include in the report Select a configuration or all configurations In the Abuse Thresholds field select Enable if abuse thresholds are set and you want to display them on the report In the Anonymous IDs field select Enable if anonymous IDs are turned on in the product and you want to display IDs anonymously on the report NOTE This field is not available if the Report View field is set to Interactive NOTE If anonymous IDs are turned off in the product on the Settings Reports Options page existing reports with anonymous IDs enabled will not generate anonymized reports Under Time Frame in the Date Range field select from the following predefined time frames of data Yesterday Previous 24 Hours Last 7 Days Last Week or Last Month or select Custom to set a specific date range All predefined time frames end at 11 59 59 P M except Previous 24 Hours which ends one second
73. bove this approach automatically inputs IDs of users that were active during the specified time frame of the requested report The imported IDs will then remain in the product for subsequent use even after the Site Analysis report is closed NOTE If IDs have been previously inputted running the Site Analysis report will only bring in new IDs These will be placed in the Ungrouped IDs group from where they can be moved to other defined groups if they exist 120 Appendix B Report Descriptions Recommended Reports The reports in this group include Site Analysis and User Audit Detail which are described later in this appendix High Level Summary Reports Acceptable Visits Report Features This report depicts Web use activity only within categories classified or rated as Acceptable By category it shows total number of visits made by individual users Users are identified but individual sites are not Benefits Management can quickly determine the amount of acceptable activity This can be done by individual category or on a Summary basis for all acceptable categories All User Summary Report Features This is a tabular report that depicts each user s activity from a high level acceptability perspective For each user this report shows the download time and total number of visits that have been classified as Acceptable Unacceptable and Neutral Extraneous hits banners ads etc are not counted All users are listed no
74. bution of extraneous undesired information and it helps maintain users privacy Planning Ahead For customers that want to set up a customized grouping arrangement we recommend that management or HR first design the grouping structure This should be done before the network administrator begins the product setup process That way the administrator will have a clear blueprint of management s expectations when he or she starts the setup process Designing the scheme is not difficult There are many models that organizations can choose from The most common grouping scheme is an organization chart Multiple Approaches to the Management of Groups and IDs Wavecrest products offer several alternative ways to set up and manage groups and IDs users These include fully automated partially automated and strictly manual approaches These alternatives are discussed below Fully Automated Grouping Using Active Directory Overview For large ID populations it is best to use automated processes to create groups and assign IDs Wavecrest products provide this capability Our products can import groups and IDs into the product 115 Cyfin User Guide v 9 2 0 from directories databases or spreadsheets on other servers This capability can save extensive amounts of time and manual data entry These savings can be realized if network users information eg employee name employee number organizational affiliation network privileges and user ID h
75. ceive a dialog box asking whether you would like to restart the service Your memory setting change will not take effect until you restart the service 5 Click OK to continue Abuse Thresholds You can create and assign abuse threshold policies to users groups or the entire organization Thresholds show abuse that has occurred based on a customer specified number of allowable Web site visits in a 24 hour period The abuse threshold values are shown via bar graphs in reports 1 Go to Settings Reports Abuse Thresholds Select Policy Available Policies Default X Groups and IDs _ Select Browse SS Groups Search for Groups Q amp IDs Search for IDs Ea Tz E Remove All Groups Remove All IDs Under Select Policy in the Available Policies field select Create new policy to create a new blocking policy or you can choose to modify or delete an existing one After selecting Create new policy enter a policy name in the Available Policies field for example Policy A If you are modifying or deleting a previously created policy its name will appear in this field To rename the policy click the pencil icon To delete the policy click the red x icon next to the field NOTE The Default policy cannot be deleted Under Groups and IDs on the Browse tab choose groups and IDs by selecting their corresponding check box To view IDs in a group click the group name
76. check boxes below the Groups and IDs boxes to select or unselect all groups and IDs displayed The groups and IDs that you have selected will appear on the Select tab Groups and IDs Select Browse SS Groups Search for Groups A amp IDs Search for IDs Ka a Banning Payton payton a Backman Daniel danback Baines Harold haroldb Angelo Jennifer ja25 Remove All Groups ES Remove All IDs 12 To delete a group or ID click the corresponding red x icon To delete all groups or IDs click the Remove All Groups or Remove All IDs red x icon 13 On the Select tab you may enter an ID in the Search for IDs field If the ID is an IP address or an IP address with a wildcard all user names for that IP address will be reported on except any user names in your VIP group If no user names exist the IP address will be reported on If the ID contains a wildcard e g name or name users matching the wildcard entry but not existing in your groups and IDs will be reported on and not be added to your Ungrouped IDs group If the ID is not in your groups and IDs but has data it will be added to your Ungrouped IDs group 14 Click Run Now Depending on how long the report takes to run you may see a progress meter f one report was generated it opens in a Report Results page where you can view save and print it f multiple reports were generated depending on how you ran the report a R
77. custom category A further benefit can be derived from this report by sending it to sites wavecrest net for research by the Wavecrest staff Upon receipt the staff will identify research and categorize the Other URLs and incorporate them into the URL List Inclusion of these URLs in the URL List will greatly improve future reports 125 Appendix C OtherWise Program amp Policy The OtherWise Program What is It OtherWise is a voluntary confidential and free program under which we partner one on one with participating customers to steadily improve the quality coverage and usability of Cyfin or CyBlock The goal is to maximize the number and percentage of Web sites that the software identifies and categorizes Overview of the OtherWise Process How Does OtherWise Work On a voluntary basis participating customers enable the product to automatically send noncategorized site data to Wavecrest headquarters on a weekly basis Customers can select the day of the week and the hour of the day that the data will be processed Our personnel then research identify and categorize the most popular of the unidentified sites and update the Wavecrest URL List categorization database accordingly We update the list daily After the customer downloads the daily list update the sites in question will be identified and categorized NOTE No user names are included in the data sent to Wavecrest Dealing with Intranet and Extranet Sites
78. d stop dates Click Update Chart to reload the chart You can select to compare Denied and Allowed traffic by clicking the corresponding key in the legend With both keys selected the view is all traffic If you want to zoom in click and drag from left to right or from right to left on the chart Click Reset zoom to return to the original view 97 System Status Server Status The Server Status page tells you whether or not the product s application server is ready If the Overall Server Status message is colored yellow or red the Quick Link will take you to the specific screen that relates to the error condition There you can quickly resolve the issue To check your server status go to System Status Server Cyfin Primary System Status Overall Server Status This server is ready Quick Link Dashboard Server Information The Server Information page provides important items of information about the product s application server Included are the type and version of application server type of proxy server or firewall installation directory path virtual memory size license information and report language Several of these informational items are derived from one time setup actions Others were developed during the installation process To view your server information go to System Status Server Information Job Queue The Job Queue page displays a prioritized list of jobs in process If there are no open jobs
79. data will be held in strict confidence Select the day of the week and hour of the day you want your OtherWise data processed and sent to Wavecrest site analysts Your Top Noncategorized Sites report will also be displayed as a recently run report on the Manage Reports page where you can view it 4 Click Submit to save your changes Report Options To let you further customize your reports this page contains several options that will affect how your reports will look and what information will be included on them Click Update to apply your changes in each section 1 2 110 Go to Settings Reports Options Under Audit Report Advanced Options select Include All Groups Users to display a user ID even if there is no data for that ID in a User Audit Detail or Category Audit Detail report The Maximum Hyperlinked URLs field determines whether URLs are hyperlinked in audit detail reports If this field is greater than or equal to the number of report URLs all URLs are hyperlinked If this field is less than the number of report URLs no URLs are hyperlinked Enter a number to display hyperlinked URLs in an audit report Audit Report Advanced Options Include All Groups Users Maximum Hyperlinked URLs 50000 Under Custom Header you can specify a text message to display on reports Create the message as a txt file and take note of the path you decide to use for the file When creating the messag
80. ddress field type the account user s e mail address that will receive reports When creating a report this address is displayed in the Recipients field when the Report Delivery field is set to E Mail 47 Cyfin User Guide v 9 2 0 7 Inthe Home Directory field click Browse to locate the directory that was set up for the account user to store reports in You may also type the directory path When creating a report this path is displayed in the Save Directory field when the Report Delivery field is set to Save 8 Under Select Group s select the groups for which the account user will be authorized to create and view reports and perform other functions if applicable If the account user is an administrator Enterprise is selected as the group and cannot be changed Ifthe account user is an operator any group can be selected NOTE The list box displays the optional user grouping structure created during groups and IDs setup See User Management to learn how to set up groups and IDs Select Group s 28 Expand Collapse amp Enterprise 926 a L Idi Accounting Department 51 L Drafting Department 46 L Engineering Department 128 L Marketing Department 108 L Sales Department 100 L E Technical Services Department 105 L Ungrouped IDs 387 L VIP 1 X Check Uncheck All Groups 9 Click Submit to create the account Modify Log
81. display on the report The default setting is Single line URL which means that URLs will be truncated if they are longer than one line If full URLs are needed you can choose Full URLs This means that the full URL will be shown even if it takes two or three lines to display it Under Time Frame in the Date Range field select from the following predefined time frames of data Yesterday Previous 24 Hours Last 7 Days Last Week or Last Month or select Custom to set a specific date range All predefined time frames end at 11 59 59 P M except Previous 24 Hours which ends one second before the current hour When scheduling a report the Date Range options are based on the Frequency selection that is they are less than the frequency For example you cannot schedule a report to run daily with a date range of Last Month Select the appropriate date range Custom is only available if the Run Now option was selected or the Frequency field was set to Manually f you selected Custom set a start date time and stop date time Reports The Start and Stop fields show the previous date range that was selected Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files NOTE In Internet Explorer 10 if you have log files in only the current year the drop down
82. do not use the Services This Agreement is enforceable against You and any entity on whose behalf the Services are used This includes any business or company for which You are serving as an owner employee representative or consultant The Software and Hardware are the copyrighted and trademarked property of Wavecrest Computing Inc Wavecrest and its licensors and are protected by copyright trademark and other intellectual property laws and treaties Wavecrest together with its licensors owns all right title and interest in and to the Software and Hardware and Wavecrest reserves any rights not expressly granted in this Agreement The Software and Hardware may only be used for lawful purposes Unless otherwise agreed in a written document signed by an authorized representative of Wavecrest the Software and Hardware are licensed to be used exclusively for purposes set forth on the Wavecrest website www wavecrestnet and for no other purpose The Software is not sold Wavecrest permits You to download install use or otherwise benefit from the Software only in accordance with the terms of this Agreement Similarly the Hardware may be licensed for use only with the Software 1 DEFINITIONS Account means the account or accounts created and maintained by a Customer Customer means any individual or entity including without limitation parent subsidiary affiliated company employee or other representative of any of the foregoing
83. during the reporting period by the selected group Each site s category is shown alongside the kilobyte consumption for the site The list is sorted in descending order by the highest bandwidth 124 Appendix B Report Descriptions consumption this enables quick determination of site effect on bandwidth Individual user IDs are not shown on this report Hyperlinks to all visited Web sites are provided to facilitate further analysis Benefits This report quickly identifies the Web sites that consumed the most bandwidth in your network during the reporting period If the consumption is unwarranted you can use this information to prompt deeper investigation or you can include the offending sites in your blocking regimen if you have one of our Web security products Forensic Reports The reports in this group are audit detail reports that could be of interest to corporate IT forensic personnel law enforcement agencies anyone in the legal community and forensic criminal investigators These reports include Denied Detail Legal Liability Detail Search Terms Audit Detail and User Audit Detail which were described earlier in this appendix Also in this group is an export that allows management to export the details of users Web activity Audit Data Export Features The export is available in CSV file format and provides the details of users Web activity in one or more categories that you select Every visit made by a user is listed separ
84. e 2 Click Restart to restart the service for the product You will be prompted twice to confirm the restart Add Secondary Servers to the Array 1 On the primary go to Settings Array CAUTION This screen will be accessible from all of your product installations but only use this screen from the installation on your primary server Do not use this screen on any of your secondary installations 105 Cyfin User Guide v 9 2 0 6 Add an Array Member Array Information Please read before configuring arrays Server Name or IP Port e g MyComputer 7999 or 127 0 0 26 7999 Servers Server Primary This server is ready Server2 Secondary This server is ready Add a secondary server to the array by typing the server name or IP address of the server and the port number to be included in the array for example MyComputer 7999 or 127 0 0 26 7999 Click Add You should immediately see the primary server name or IP address and the secondary server name or IP address listed in the Servers section of the screen Repeat this step until you have added all of your secondary servers to the array NOTE Only one server may be added at a time The service for the secondary server will be restarted after synchronization is complete Now you are ready to begin setting up the product on your primary server Before you do this make sure that all of your secondary servers in the array have a status of This server is ready If
85. e utilize HTML tags if you need them NOTE The default text file path is wc my files db customheader txt In the File Name field click Browse to locate the file that you created You may also type the path Settings Custom Header This product lets you display a custom text message HTML or TXT on every report The message can contain any information that might be helpful to the recipient of the report Examples include suggestions on how to use the report phone numbers for advice or clarification link to an FAQ on your intranet link to your usage policy etc File Name C Program Files Wavecrest Cyfin7984 wc my files db customheader tet Browse 6 For Visit Filter select Enable or Disable f you select Enable a URL visit will not be counted more than once in reports within a specified time period In the Value field type the time period in seconds that you would like this to occur f you do not want to use this feature select the Disable option Enable or Disable the Visit Filter Visit Filter Enable Disable Value 1 7 Under File Name Format you may choose a file name format for e mailing or saving reports The available formats are made up of various combinations of the date time group or ID and report type This format is used if E Mail or Save is selected for the report delivery when creating reports 8 Inthe Select field choose the file name format that you prefer Fil
86. e Name Format Select ReportType_GroupOrlD e g Site_Analysis_Enterprise e Update 9 Under General Advanced Options Check for New Log Files is selected by default This means that before running a report the product will check for any new log files If you want to turn off this feature clear the check box 10 Select Anonymous IDs to display the Anonymous IDs field when creating reports By making this field available you can then choose to show IDs anonymously in any applicable report you are running This option applies to the following reports All High Level Summary Reports excluding Top Web Sites Category Audit Detail Search Terms Audit Detail Site Audit Detail Site Analysis Bandwidth 11 Select Compress Reports for E Mail to compress the report attachment for read only reports in an e mail as a zip file 111 Cyfin User Guide v 9 2 0 General Advanced Options Check for New Log Files V Anonymous IDs Compress Reports for E Mail 12 Under Maximum IDs in the Maximum IDs Displayed Per Table field type the maximum number of IDs that you wish to appear on reports This must be a number between 1 and 250 The default is 25 If the number entered is not in the range the Update button will be disabled Maximum IDs Maximum IDs Displayed Per Table 25 13 Under Language Settings select the language that you want to be used in reports 14 112 Language
87. e Select tab Groups and IDs Select Browse amp amp Groups Search for Groups A IDs Search for IDs ES a Banning Payton payton ES Backman Daniel danback Ka Baines Harold haroldb Angelo Jennifer ja25 Kal ES Remove All Groups E Remove All IDs 5 To delete a group or ID click the corresponding red x icon To delete all groups or IDs click the Remove All Groups or Remove All IDs red x icon 6 In each category field type the number of Web page visits allowed for each category before they are considered abuse in a 24 hour period Set Abuse Thresholds Categories Enter 24 Hour Visit Threshold Agriculture 250 Anonymous Public Proxy 10 Auction Classified 10 Banners Ads 250 Blogs 250 Business Services 500 7 Click Submit to apply your changes The following example shows a report that was run with abuse thresholds enabled Top Users or Workstations Activity 1D Name Download Time Visits 0 5 513 11 026 1 Bann Joeseph joeb 9 11 18 11 026 3 M 7 115 2 Redding Mary B bobbie 5 27 36 6 552 2 MT 4 904 3 Soler Mary Ann mary 4 52 51 5 357 2 MN 4 555 4 Greene Timothy timg 5 58 03 7 161 2 MA 435 5 Brady Marsha marsha 4 26 03 5 321 2 MN 289 6 Bortman Michael mikeb 4 05 33 4911 1 MN 2 853 7 Uart Ann B bobbie91 2 50 51 3 417 1 MN 2 424 8 Brown Douglas dougb 3 10 18 3 806 1 MN 2 370 9 Backman Daniel danback 1 54 00
88. e groups and IDs input import process can be performed manually automatically or in some cases semiautomatically Optionally this feature can also be used to custom group the IDs for more advanced usage Using the Product s Default Grouping Arrangements You may not need or want to group your users in any particular way For example you may always want to see all users in high level reports e g Site Analysis and or you may want to apply policy settings uniformly to all users The core grouping capability is designed to accommodate this universal approach To implement you do not need to take any special measures All users are placed in the Ungrouped IDs group a subgroup of Enterprise and you designate Enterprise as the controlling group for all report formats and policy settings Using the Product With Customer Specified Grouping Arrangements Using the simplified universal approach discussed in the preceding section may not always be satisfactory For example management may want reports that only cover Web usage in particular departments or divisions They may also want reports that cover personnel at specific locations or they may want to see activity by all personnel who have a particular job classification And very importantly they may want reports that show a single user s Web access activity In cases like these user grouping is essential NOTE Although grouping by department is the most popular approach groups can be based o
89. e necessary information Implementing the Active Directory Import Process Some or all of the employee related information discussed above and illustrated in Figure 1 can be imported into the product on an automatic or manual basis In both cases the Active Directory Setup wizard must first be used to configure your domain s NOTE A manual import will occur immediately upon clicking the link placing the IDs into the groupings you specify first using the Active Directory Setup wizard During that setup you have the option to place any IDs into Ungrouped IDs An automatic import will obtain groups and IDs on a scheduled basis If you chose to manage your users outside the product i e at the directory source all groups and IDs will be updated according to your directory source However if you chose to manage users inside the product only new IDs will be imported Using the Product s Active Directory Setup Wizard In order to import Active Directory groups and IDs you must first use the Active Directory Setup wizard to configure your domain s After configuration is complete groups and IDs can be imported automatically into the product on a scheduled basis every 24 hours Each time this occurs the entire groups and IDs tree in the product will be rebuilt according to the hierarchical structure reflected in your specified Active Directory configuration if you chose to manage your users outside the product However if you chose to manage them i
90. e time The Start and Stop fields show the previous date range that was selected 75 Cyfin User Guide v 9 2 0 Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files NOTE In Internet Explorer 10 if you have log files in only the current year the drop down arrow disappears when you click the year field Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates 10 If you want to filter the days and times to include in the report data use the Filter field and select a filter or select Create new filter You will see a dialog box Filter Name Report Filter A X B of Bon sun Manage Monday s Filter MON Morning Filter Cancel Save Inthe Filter Name field type a name for the filter Select the days and times you want included On in the report and the days and times you want excluded Off in the report You can do this by using the tabs on the left to select the day of the week and clicking the corresponding times to turn them on or off You may also apply a filter to the entire week Click Save to sa
91. each group 1 Go to User Management Edit Users Add The Add Group or ID page is displayed Select Group to Add to 8 Groups amp Selected Group s IDs Accounting Department 51 Drafting Department 46 Engineering Department 128 Marketing Department 108 Sales Department 100 Technical Services Department 105 Ungrouped IDs 387 VIP 0 Add Group or ID Type 9 Group mm Group or ID Name Full Name No Full Name allowed for Groups E Mail Address No E Mail allowed for Groups Policies Abuse Thresholds Default e Submit 2 Inthe Groups box select the parent group to which you wish to add the group for example Enterprise NOTE Groups can only be added to other groups A group cannot be added to an ID 3 Under Add Group or ID complete the following fields Type Select the Group option Group or ID Name Type the name of the group you are adding for example Sales Full Name This field will be unavailable because it does not apply to groups E Mail Address This field will be unavailable because it does not apply to groups 4 Inthe Abuse Thresholds field select a policy to apply to the selected group or ID See Abuse Thresholds 34 5 Click Submit to add the new group User Management 6 To add an ID to a group select the group in the Groups box to which you wish to add the ID NOTE IDs can only be added to groups An ID cannot be add
92. eady configured your log files Of course you can always come back to the log file configuration instructions in this section if you need to change or add a configuration In managing your log file data this section will show you how to Set up Log File Configurations Configure the product to locate and read your log files View Log Files View your configured log files Revalidate Log Files Revalidate any invalid log files Once you have configured your log files you can begin using the Report Database Log file data can be imported into the databases where it is compressed This will reduce report generation time by more than 95 percent compared to methods that generate reports by reading log files directly This section will show you how to Enable the Report Database Turn on the Dashboard high level and Mass Storage low level databases Configure Dashboard Database Keep the default Derby database or configure MySQL or MSSQL Import Log File Data into the Database Manually import configured log file data or schedule the import to occur daily View Data View the imported data Delete Data Delete data from the database To use the Report Database you must first enable it Once enabled the product automatically retrieves the previous day s raw log file data and stores it in the database It does this on a daily scheduled basis This process could be scheduled for example between 1 00 A M and 4
93. eaming Williams Alyce alicew ount Extra ID Date Time Category Name Size Web Page 1 10 10 30 54 Feb 23 2013 11 40 45 AM TV Video Streaming 1 6K D http hulu convlibrary 12 10 10 30 54 Feb 23 2013 11 47 39 AM TV Video Streaming 1 6K D http hulu comllibrary B 10 10 30 54 Feb 23 2013 11 47 45 AM TV Video Streaming 1 6K fi D htto hulu convlibrary 4 10 10 30 54 Feb 23 2013 3 05 57 PM TV Video Streaming 1 6K fi D http hulu comlibrary 15 10 10 30 54 Mar 1 2013 10 10 42 AM TV Video Streaming 1 6K D http hulu com library E 10 10 30 54 Mar 1 2013 11 31 26 AM TV Video Streaming 1 6K D http hulu convlibrary aac 17 10 10 30 54 Mar 1 2013 11 32 14 AM TV Video Streaming 1 6K fi D http hulu corvlibrary aac Kircalli Carmen carmenk ount Extra ID Date Time Category Name Size Web Page 1 10 10 20 144 Feb 28 2013 1 45 07 PM TV Video Streaming 16K D http hulu comllibrary Ramos Carmen ciramos ount Extra ID Date Time Category Name Size Web Page 1 10 10 30 31 Mar 1 2013 9 00 02 AM TV Video Streaming Hit 1 6K fi D http hulu convlibrary 962xfirm 9620 103 2 10 10 30 31 Mar 1 2013 9 00 15 AM TV Video Streaming Hit 1 6K fi D http hulu corvlibrary 962xfirmv9620 103 3 10 10 30 31 Mar 1 2013 9 00 22 AM TV Video Streaming Hit 1 6K D http hulu convlibrary 962xfirm 9620_103 For Search Terms Audit Detail the following filters are available The user filter field shows the selection AN and all users in the r
94. ect the specific hour and time of day for the start and stop dates Click Update Chart to reload the chart 91 Cyfin User Guide v 9 2 0 4 If you want to zoom in click and drag from left to right or from right to left on the chart Click Reset zoom to return to the original view Trend Charts Trend charts allow you to view a selected user group category or classification or traffic data in hourly or daily increments for the specified time frame i e yesterday previous 24 hours last 7 days last week or last month Trend Users Chart 1 Goto Reports Dashboard Trend Users 2 Inthe Enter ID or Full Name field type the ID or full name of the person you want to report on As you type you will begin to see a selection of IDs and names If you see the ID or name that you are looking for you can select that user Select a User Enter ID or Full Name Banning Payton payton y Chart Trend payton Date Mar 01 13 payton 1 233 Visits Feb 23 2013 12 AM Mar 03 2013 12 AM Metrics Chart View Visits X Time Frames Date Range Custom X Start Feb23 2013 Hour 12 AM Stop Mar 03 2013 ES Hour 12 AM Update Chart 3 Under Metrics use the Chart View field to change the metric you are viewing 4 Under Time Frames use the Date Range field to select a different time frame f you selected Custom set a start date time and stop date time The Start and Stop fields show the
95. ed set of Web site visits by user group or Enterprise from the following different perspectives Total visits by classification Acceptable Unacceptable Neutral Total visits by category Shopping Pornography etc Total visits by user per category NOTE Individual sites are not identified in this report Hourly visits Hourly kilobytes read Benefits The Site Analysis report looks at the same visits from the different perspectives i e acceptability category volume and user visits within categories It can be used by all levels of management and by network administrators to perform audits and analyses of activity in either broad or focused areas Top Users Report Features This report lists the most active users in terms of visits hits and bytes read If Abuse Thresholding is enabled it will also show the user names that go over the threshold settings Benefits This report can be used by administrators to get a quick summarized look at Internet activity on the network It lists the users with the highest volume of activity be it acceptable or otherwise This report is an excellent screening tool and can be used to prompt drilldown and further investigation Top Web Sites Report Features This report shows by Web site the number of visits made during the reporting period Each site s category is shown alongside the number of visits made The list is sorted in descending order by the number of visits th
96. ed to another ID Technical Services Department 105 Ungrouped IDs 387 VIP 1 Select Group to Add to SS Groups amp Selected Group s IDs Enterprise 926 Allen Jim allen6 a Accounting Department 51 Alravado Alex aa02 E Drafting Department 46 Auld Joeseph joeauld Engineering Department 128 Barrera Jose jb1012 Marketing Department 108 Ben Gay Itzik bg 123 Benner Jeff b31 Bennit Joan b120 Blackmanton James jimblack Boettcher Francine fb Bradley Thomas tombrad Brady Marsha marsha Brooks Andrew P apb20 Burger Dale db16 Clarkman Kimberly kim Clipper Candice cadice Add Group or ID Type Group ID Group or ID Name Full Name E Mail Address 7 Under Add Group or ID complete the following fields 8 Complete the remaining fields as described above 9 Click Type Select the ID option Group or ID Name Type the ID name for example bsmith Full Name Type the full name of the person you are adding E Mail Address This field is not being used at this time Submit to add the new ID Delete Groups or IDs This page allows you to delete one or more groups or IDs Each deletion of a group or ID is performed one at a time 1 Goto User Management Edit Users Delete The Delete Groups or IDs page is displayed 35 Cyfin User Guide v 9 2 0 Select Groups or IDs to Delete Ungrouped IDs 387 VIP 1 22
97. eft to right or from right to left on the chart Click Reset zoom to return to the original view Top Classifications Chart 1 Goto Reports Dashboard Top Classifications A chart with the three classifications will automatically load with the default metric of Visits and time frame of Last Week Chart Top Classifications e gt A E Feb 23 2013 12 AM Mar 03 2013 12 AM Metrics Chart View Visits e Time Frames Date Range Custom X Start Feb 23 2013 Hour 12 AM Stop Mar 03 2013 A Hour 12 AM Under Metrics use the Chart View field to change the metric you are viewing Under Time Frames use the Date Range field to select a different time frame f you selected Custom set a start date time and stop date time The Start and Stop fields show the previous date range that was selected Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates Click Update Chart to reload the chart 90 Reports Top Sites Chart The Top Sites chart all
98. elect Properties Select the Security page Under the Server authentication section select SQL Server and Windows Authentication mode and then click OK Create Database Superview 1 2 Right click Databases under your SQL Server node in the Object Explorer and select New Database In the New Database pop up window enter the database name Superview and then click OK Configure User Permissions 1 2 In your SQL Server node expand Security in the Object Explorer until you see Logins Right click Logins and select New Login 25 Cyfin User Guide v 9 2 0 In the Login New popup window enter wavecrest for the Login name 4 Select the SQL Server Authentication option and enter a Password and Confirm Password Uncheck User must change password at next login Enforce password policy and Enforce password expiration 6 Select the Server Roles page and ensure public sysadmin and bulkadmin are selected 7 Select the Status page and ensure Login is enabled and click OK 8 Close or minimize the Microsoft SQL Server Management Studio Allow TCP IP 1 Open Microsoft SQL Server 2008 Configuration Tools SQL Server Configuration Manager Expand SQL Server Network Configuration and click Protocols for MSSQLSERVER If TCP IP is not enabled right click and set it to Enabled Restart the SQL Server by selecting the server icon and clicking Restart for this change to take effect Connect to MSSQL Database 1
99. emon with this product click here Make any needed adjustments and then proceed with configuring your log files selecting SonicWALL Security Appliance as your log file type Click Next to use the Cyfin Syslog Server The Select Log File Directory page appears Select Log File Directory Directory C Program Files Wavecrest Cyfin7984 weicflog Syslog Server V Enable Syslog Server Port Type 9 UDP TCP Listening Port 1455 12 On the Select Log File Directory page complete the following fields Select Enable Syslog Server For Port Type select UDP or TCP for the Internet protocol you want to use Inthe Listening Port field the default port number is 1455 You may change this number if necessary Click Next 13 The product will locate and validate your log files You should see a progress meter and a message indicating success on this page 17 Cyfin User Guide v 9 2 0 Log File Validation Information Time of activity 00 00 03 vos DEEN Type of Log File CyBlock Appliance Path C Logs Current File All files have been checked Valid Files 9 Status Validation process complete Click Next Button to continue 14 When you see the green colored success message click Next NOTE If there was a problem finding log files or validating them an error message will appear with helpful information and direct you to click the Back button to make a change Name This Log F
100. ense ee 125 Audit Data Ge EE 125 Improve e Igel E 125 Top Noncategoriz d Sites Reports ssiccievikinadaskiesetna sn a des 125 Appendix C OtherWise Program 8 Policy AA 127 The OtherWise Program What iS li 127 Overview of the OtherWise Process How Does OtherWise Work 127 Dealing with Intranet ang Extranet Sites cirio a dese Nee dE SNE 127 oo oo O 127 Confidentiality aci A A a 127 Your Part in the OtherWise Program 128 Introduction Welcome to Cyfin Cyfin is an advanced forensic log file analyzer providing employee Web use forensic reports that dramatically reduce the time to create and analyze terabytes of data It supports a wide variety of gateway devices and log file formats Comprehensive yet easy to use its highly accurate and actionable reports also include extremely detailed user audits and high level multi aspect manager ready summaries This manual covers detailed instructions for all of Cyfin s features It is up to you the administrator whether to use the basic or advanced functionality of Cyfin s features Organization The documentation follows the menu structure which is organized for ease of setup and use of the product However you can always start with using the basic setup of the product covered in the Getting Started Checklist and later use the more advanced features when you are ready You do not have to read each section from beginning to end You are welcome to skip around to find instructions for t
101. enter a password to retrieve the report The default password is password This password can be changed on the Settings Reports Interactive Reports screen WavecrestCyfin Forgot password 3 In addition to viewing the report you can save and print it The report is saved with a universally unique identifier UUID in the file name e g 14ec2d98 346f 4cb5 806a f85f7b74f1e1 html 4 If you received a Site Analysis report it would appear like the report below 82 Reports ID Name Download Time Visits 0 5 513 11 026 1 Bann Joeseph joeb 9 11 18 11 026 5 x 11 026 2 Greene Timothy mo 5 58 03 7 161 3 MY 7 161 3 Redding Mary B bobbie 5 27 36 6 552 3 MM 6 552 4 Soler Mary Ann mary 4 52 51 5 857 2 MN 5 857 5 Brady Marsha marsha 4 26 03 5 321 2 MN 5 321 6 Bortman Michael mikeb 4 05 33 4 911 2 MN 4 911 7 Banning Payton payton 3 44 21 4 487 2 MN 4 487 8 Brown Douglas dougb 3 10 18 3 806 1 MN 3 506 9 Tuckers lrene irene 3 01 33 3 631 1 MN 3 631 10 Clipper Candice cadice 2 55 45 3 515 1 MB 3 515 11 Uart_Ann B bobbie91 2 50 51 3 417 1 MN 3 417 12 Mission Alexandra alexandra 2 46 24 3 328 1 MN 3 328 5 From here you may decide that you want to get more details on a user s Web activity Click the ID name By clicking the ID name you have submitted a request to get a User Audit Detail report on that particular user The below progress meter will appear Report Progress T
102. eport When you make a selection the report shows only data for that user In the text field enter a search term or search term phrase to filter on The report shows only data with the entered search term or search term phrase Below is an example of a Search Terms Audit Detail report Report Filters All free Alyce Mark T alyce ount Extra ID Date Time Search Engine Size Terms 1 10 10 20 1 Mar 1 2013 6 40 51 PM Google 14 7K free adult Levitt Mark mi18 O Extra ID Date Time Search Engine Size Terms 1 10 10 20 152 Mar 1 2013 4 24 20 PM Yahoo 7K free stuff Barrol Thomas V tom ount Extra ID Date Time Search Engine Size Terms 1 10 10 20 89 Feb 24 2013 9 06 47 PM Yahoo 5 7K nude free Reports 3 For User Audit Detail the following filters are available The IP address filter field shows the selection All and all IP addresses in the report for the user When you make a selection the report shows only the data for that IP address If there is only one IP address associated with the user the filter field will not be displayed The category filter field shows the selection AN and all categories in the report Inthe text field enter the URL text to filter on You do not have to type the full URL The report shows only data with URLs containing the entered text Below is an example of a User Audit Detail report Audit Detail For ID Technical Services Department Greene Timothy timg R
103. eport Filters 10 10 30 192 All Greene Timothy timg lCount Extra ID Date Time Category Name Size Web Page 1 10 10 30 192 Feb 23 2013 12 42 19 AM Sports 28K http espn convfido 1 bid 24 numitm 10 2622209 9963045 2 10 10 30 192 Feb 23 2013 12 42 21 AM Sports 8 2K http s com fido 1 bid 24 1966609 9960044 cities B 10 10 30 192 Feb 23 2013 12 42 22 AM Sports 269 B http espn cormfido 1 bid 24 numref 5 14942209 1 index 4 10 10 30 192 Feb 23 2013 12 42 23 AM Sports 14B http espn convfido 1 bid 24 numitm 10 numref 5 14942209 94 5 10 10 30 192 Feb 23 2013 12 42 24 AM Sports 14B http espn com fido 1 bid 24 numitm 10 numref 5 14942721 94 6 10 10 30 192 Feb 23 2013 12 42 24 AM Sports 269B f http espn com fido 1 bid 24 numref 5 14942721 1 index 17 10 10 30 192 Feb 23 2013 12 42 25 AM Sports 254B fi http espn convfido 1 bid 24 numref 5 14943233 1 index 18 10 10 30 192 Feb 23 2013 12 42 26 AM Sports 14B http espn convfido 1 bid 24 numitm 10 numref 5 14943233 99 19 10 10 30 192 Feb 23 2013 12 42 27 AM Sports 258B fi http espn com fido 1 bid 24 numref 5 14942465 1 index 10 10 10 30 192 Feb 23 2013 12 42 28 AM Sports 16 9K fi http espn convfido 1 bid 24 numitm 10 numref 5 14942465 94 11 10 10 30 192 Feb 23 2013 12 42 30 AM Sports 6 3K http espn convfido 1 bid 24 numitm 10 5243393 9965732 s0 12 10 10 30 192 Feb 23 2013 12 42 32 AM Sports 14B http espn convfido 1 bid 24 numitm 10 5243393 99 3 13 10 10 30 192 Feb 23 201
104. eports List page is displayed with links Click the link for the report you want to view When you are finished with the report click Back to List to return to the list of reports or click Close to close the window 15 If you selected the Schedule option the Schedule and Run and Schedule buttons are available Click Schedule and Run to schedule and deliver the report Click Schedule to only schedule the report 16 Click Back to return to the previous page 77 Cyfin User Guide v 9 2 0 Below is an example of a Site Analysis Bandwidth report Time To Create Report Data Source Total IDs With Visits Total Visits Hits Total Kilobytes Total Denied Visits Total Legal Liability Visits Hits Program Downloads Hits Kilobytes 189 929 457 427 3 930 258 593 4 554 18 806 1 861 1 241 639 Bytes Read By Classification Kilobytes Read 0 891 671 1 783 343 1 783 343 45 MN 1 783 343 1 275 011 32 MA 1 275 011 871 904 22 MS 871 904 3 930 258 Bytes Read By Category Category Name Kilobytes Read 0 300 423 600 846 1 Hardware and Software Acceptable 2 Search Engines Acceptable 3 Internet Services Acceptable 4 1P Address Neutral 5 News Neutral 6 Games Unacceptable 7 TViVideo Streaming Unacceptable 8 Education Neutral 9 Radio Audio Streaming Unacceptable 10 Anonymous Public Proxy Unacceptable Audit Data Export 600 847 16 MI 600 547 305 992 233 106
105. er Login Distinguished Name and Password To import from Active Directory using an SSL connection select the SSL Connection check box Click Next Both Connection Status and Authentication Status indicators should appear green on the Active Directory Test Results screen If both are green click Next If either status is red click Back and double check your Directory Setup settings Select Naming Context Valid Naming Contexts DC Wavecave DC lan e Select the Valid Naming Contexts and click Next Type of Grouping Group Type Company 9 Department Fields ou Permission Group D No Grouping Select the proper grouping type such as Department or OU and click Next User Management Select Groups Use Groups DepartmentA a Marketing Marketing and Sales Quality Assurance Sales Support Technical Technical Support Place all IDs from unhighlighted groups into Ungrouped IDs If you selected Fields you will see the Map Fields to Groups screen Enter the name of each field To add a new field click the green plus icon Map Fields to Groups Type in field names for group location Fields Enterprise L E Place users that do not contain all configured fields into Ungrouped IDs 10 On the Select Groups screen select the groups to be imported by clicking them so they are highlighted If you want to select multiple groups hold down the C
106. es not affect logs or log file data Wavecrest products only read and process log file data they do not delete alter or distort log files in any way CAUTION If you delete data from the database you will not be able to generate Dashboard drill down reports on that data The product will try to reimport that data from available log files 1 5 Go to Data Management Report Database Delete Manual Display Selection View Imported Data Older Than All D Indicates that the raw log file configuration is unavailable CyBlock Appliance Type of Log File CyBlock Software Path C Logs Log Name Imported Start Time proxy20130223 bd Feb 23 2013 12 01 41 AM proxy20130224 tt Feb 24 2013 12 02 25 AM proxy20130225 tt Feb 25 2013 12 00 04 AM proxy20130226 bd Feb 26 2013 12 00 29 AM proxy20130227 bd Feb 27 2013 12 00 00 AM proxy20130228 bd Feb 28 2013 12 00 49 AM proxy20130301 tt Mar 1 2013 12 00 58 AM proxy20130229 tt Mar 1 2013 12 01 17 AM proxy20130302 t Mar 2 2013 12 00 14 AM SelectAll Deselect All Imported Stop Time Feb 23 2013 11 59 22 PM Feb 24 2013 11 58 48 PM Feb 25 2013 11 57 07 PM Feb 26 2013 11 59 59 PM Feb 27 2013 11 59 55 PM Feb 28 2013 11 58 20 PM Mar 1 2013 11 59 58 PM Mar 1 2013 11 59 27 PM Mar 2 2013 11 58 23 PM Date Imported Mar 23 2015 4 00 51 PM Mar 23 2015 4 00 54 PM Mar 23 2015 4 00 55 PM Mar 23 2015 4 00 57 PM Mar 23 2015 4 01 04 PM Mar 23 2015 4 01 11 PM Mar
107. ext Enter Database Settings Schema Superview Database Location C Program Files Wavecrest Cyfin7982 welcfidb Bulk Insert Folder C Program Files Wavecrest Cyfin7982 wclcfidb plugin Browse 5 Change the Database Location and or Bulk Insert Folder location and click Next 8 Data Management Test Results Location Ready Bulk Insert Folder Ready You should get green Ready status indicators If so you can go ahead and click Next Name This Database Configuration Name Database Name the database configuration and click Next A message indicates that the database configuration was saved successfully Click Done MySQL Configuration The initial below instructions are for creating a new MySQL database If you already have a MySQL Server database created you may proceed to Connect to MySQL Database Allocate Memory to Database 1 3 Go to the C Program Files MySQL MySQL Server 5 x folder and open the file my ini in Notepad This could also be called my cnf on some systems Edit the file by changing the innodb_buffer_pool_size near the bottom of the file value to 50 of your RAM This is the recommended minimum For example if your computer has 2G of RAM and you wish to allocate half of that to running the MySQL Server set innod_buffer_pool_size 1024M Save the file Create Database NOTE See optional GUI instructions for the MySQL Query Browser below Option A ile Open
108. figuration Completed Active Directory configuration saved successfully Click Done to add another or import Groups and IDs now Import Users From Active Directory This page allows you to import your Active Directory groups and IDs manually or schedule an import on an hourly basis or at a specific hour every 24 hours 42 To import users from your Active Directory configurations go to User Management Import Users Active Directory Import User Management Manually Import Active Directory Import Groups and IDs Start Import Schedule Active Directory Automatic Update No v Frequency Specific Hour e Hour 12 PM y E Mail Confirmation Yes When Errors e 2 To receive an e mail confirmation of a manual import make a selection in the E Mail Confirmation field and click Submit 3 To import the groups and IDs manually click Start Import If your import is successful you should receive the following message Importing Active Directory Import Progress Users have been imported Click here to Description verify your Groups and IDs Progress 100 Close Cancel 4 Click the link to view all of your imported groups and IDs or close the window Every time you want to update your groups and IDs you will need to click Start Import unless you schedule daily updates 6 To schedule an import in the Automatic Update field select Yes If you ever want to stop the scheduled import you wi
109. group must be different from the group to be moved Also a parent group such as Ungrouped IDs cannot be moved into one of its subordinate child groups for example a newly created group under Ungrouped IDs named Sales 4 Click Submit to move the group or ID Modify Group or ID 1 Goto User Management Edit Users Modify The Modify Group or ID page is displayed 37 Cyfin User Guide v 9 2 0 Select Group or ID to Modify Z Groups amp Selected Group s IDs Enterprise 926 a Coftus Tyler tyler a Accounting Department 51 Cross Rick rcross Drafting Department 46 Diamond Corey coreyd Engineering Department 128 Dimplish Hedi N hedi el Marketing Department 108 DuCharme Phil pd15 Sales Department 100 Dugy Claude cdug Technical Services Department 105 Farmhisel Katherine kfarm Ungrouped IDs 387 Forte Jojo jojo VIP 1 Foshi Kirti kirti Gallows Lynn lynng Gambone Claudia cg22 Gettys Isabelle isabelle Gipple Linda linda X Goodman Daniel dang v Rename Group or ID Group or ID Name debbie Full Name Franklin Debbie E Mail Address 2 Under Select Group or ID to Modify click the group or ID that you want to modify so that it is highlighted NOTE When changing group policies subgroups are not affected it only changes the policy for IDs in the selected group Therefore if you want to change a policy for a group s subgroups you must c
110. guration 2 Select Inside the Product or Outside the Product 3 Click Submit to apply your change Active Directory Setup If you have not completed the Manage Users section do so first before getting started with importing groups and IDs There are two ways to import your groups and IDs You can configure to import your groups and IDs from 1 Active Directory or 2 a text file If you choose to import from Active Directory you have the option of creating a scheduled import to occur once every 24 hours 1 To create an Active Directory configuration to be imported go to User Management Import Users Active Directory Setup Create or Modify Active Directory Configuration Select Configuration Create new configuration e Delete Leave the default selection set at Create new configuration and click Next NOTE If you ever want to make changes to any of your configurations use the drop down arrow select the configuration that you want to change and click Next Make your changes where needed Make sure you go through the entire wizard to submit your changes Now you must configure the connection to your Directory Server 39 Cyfin User Guide v 9 2 0 40 Directory Setup Directory Server server company com Login Distinguished Name DOMAIN Administrator Password Optional Setup SSL Connection Enter your appropriate information in the following fields Directory Serv
111. hange the policy for each subgroup 3 Under Rename Group or ID make changes to the group name or ID name and person s full name as necessary If modifying a group the Full Name and E Mail Address fields will be unavailable because they do not apply to groups 4 Make your changes to the remaining fields as described in Add Group or ID 5 Click Submit to apply your changes Manage Users Before you begin importing groups and IDs you must decide where you want to modify your groups and IDs Inside the Product or Outside the Product Both options are discussed below Inside the Product Default This option lets you add delete move or modify groups and IDs within the product after an import from Active Directory or a text file Each time groups and IDs are imported whether manually or scheduled from Active Directory or a text file only new groups and IDs will be imported The new groups and IDs imported will be based on your selected groups in your import configuration setup Your existing groups and IDs will not be modified NOTE If you wish to have any users in the VIP Group you MUST use this option Outside the Product This option will not let you add delete or move groups and IDs within the product It will not let you rename a group or ID in the product All of these changes must take place in the directory from which you are importing groups and IDs Each time groups and IDs are imported whether manually or scheduled f
112. he features that are important for your organization s use Some of the key things you will find instructions for in this manual are how to Run summarized and detailed reports Classify categories based on your company s Internet usage policy Set abuse thresholds Increase reporting speed with the optional internal database Getting Started This section is a checklist of all the basic setup steps you need to complete to get the product up and running This includes installing the product configuring your log files downloading the URL List and running reports Array Configuration This section describes array configurations and provides a checklist of the basic setup steps you need to complete to get the array up and running Data Management The reporting feature of this product is dependent on the log files This section covers instructions on viewing your log files and managing the product s Report Database The Report Database compresses log files allowing for faster reporting and long term storage User Management In this section you will learn about the product s core grouping structure and the ways that you can use grouping This includes adding your groups and IDs as well as importing them from a text file or Active Directory Even if you do not want to use grouping you will want to read the Introduction to this section as you will still need to understand the core grouping structure and how to import or add ID
113. he report also provides a summary total of visits to the category Benefits This report is very useful for identifying the most active users and the most heavily visited sites and pages in a selected category This makes it an excellent tool for conducting detailed audits and investigations of possible misuse of Web access resources Category Audit Summary Report Features This report provides a synopsis of users Web activity in a single category that you select It lists all visited URLs and the number of visits to each but does not list individual users A hyperlink to each domain is provided Benefits This report is very useful for a quick look determination of whether or not Web access abuse is taking place in a particular category e g Pornography Denied Detail Report Features This report shows the specific URLs to which users were denied access by user Each attempt is displayed in the category attempted Denied attempts for a Web page can signify the user may not be authorized to receive the page the page may not have been found by the Web server or the page may have been blocked for access Benefits If you have Web filtering enabled this report can verify that it is working It also indicates the number and type of blocked attempts e Denied Failed and Unknown and is a very useful supplementary tool for individual user audits Legal Liability Detail Report Features This report shows the specific URLs of legal li
114. heduled reports including running editing duplicating scheduling and deleting Run Reports Covers how to manually run three different types of reports High Level Summary Audit Detail and IT Export Data Covers how to export data to other applications Use Interactive Reports Covers how to retrieve and use Interactive reports View Dashboard Charts Provides Top and Trend charts of Web activity by visits hits or bytes and by users groups categories and classifications Typically you will manually run reports that are not needed on a regular basis Otherwise we suggest that you set reports to run automatically by scheduling them This will save a tremendous amount of time Another way to save time especially for IT administrators is to assign operator accounts Individuals with operator accounts can access the product but only a limited menu that lets them run reports on the groups and users that they have been authorized to review To read how to set up operator accounts see Create Logon Account In addition you can use the Interactive Reporting feature With Interactive reports report recipients can quickly drill down from higher level reports to more detailed audit reports on a specific user category or classification rating without having to go back in the product to run a manual report Report Selection 1 Goto Reports Manager The Report Selection page is displayed if no recently run or scheduled report
115. ick Close to close the window If you selected the Schedule option the Schedule and Run and Schedule buttons are available Click Schedule and Run to schedule and deliver the report Click Schedule to only schedule the report Click Back to return to the previous page Below is an example of a User Audit Detail report The data may be filtered by IP address if more than one exists for the user by category and by URL The Size column shows the number of bytes received from the Internet in response to Web requests It includes all content i e the payload that was used to render the Web site but does not include the accompanying HTTP header information HTTP headers contain information about the request or response that allows servers to provide the right data and browsers to render the content properly Occasionally servers can respond with only HTTP headers to inform the browser that there is no content These visits show as zero bytes 0 B in the Size column While there is no payload for these requests they are valid entries in the report because the browser requested the data and received a valid HTTP response 193 10 10 30 166 Feb 23 2013 8 54 38 AM Shopping 1K http qve com fido 1 1311745 1 24 24ind 194 10 10 30 166 Feb 23 2013 8 54 40 AM Shopping 893 B http qve com fido 1 1311745 1 24 24nya 195 10 10 30 166 Feb 23 2013 8 54 42 AM Shopping 1K http aqve com fido 1 1311745 1 24 24co 196 10 10 30 166 Feb 23 2013
116. ics Time Frames Trend Social Networking Date Mar 01 13 Social Networking 7 682 Visits Feb 23 2013 12 AM Mar 03 2013 12 AM Social Networking Chart View Visits v Date Range Custom X Start Feb 23 2013 Hour 12 AM Stop Mar 03 2013 EZ Hour 12 AM Update Chart Under Metrics use the Chart View field to change the metric you are viewing Under Time Frames use the Date Range field to select a different time frame f you selected Custom set a start date time and stop date time The Start and Stop fields show the previous date range that was selected Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates Click Update Chart to reload the chart If you want to zoom in click and drag from left to right or from right to left on the chart Click Reset zoom to return to the original view 95 Cyfin User Guide v 9 2 0 Trend Classifications Chart 1 Goto Reports Dashboard Trend Classifications When this screen opens a chart will automatically
117. ile Configuration Status Log File configuration was successful Name CyBlock Appliance 15 When valid log files have been configured the next step is to name the configuration This is helpful for identification purposes especially if you add more log file configurations later 16 After typing in a name for your new log file configuration click Next NOTE If you do not name the configuration and just click Next the product will name the configuration the same as your log file type 17 Click Done to add another configuration NOTE If you modified a previous configuration you must go to Data Management Log Data Source Revalidate to validate your log files Remote Logging Remote logging is an option that uses Cyfin as the remote host from which reports on these logs can be run Remote logging requires you to install Cyfin and enter the appliance serial number and activation key on the Settings License screen in Cyfin e Go to Data Management Log Data Source Setup in the Cyfin interface Log Files Accept CyBlock Appliance Logs Enable 2 Disable Log File Storage Location C Program Files WavecrestiCyfiniwe cfllog Browse Submit Select the Enable option so that Cyfin will receive the incoming logs from the appliance Data Management In the Log File Storage Location field leave the default path for logging if possible 4 However if you want to change the log file storage loc
118. ime The export will be displayed in the Recently Run Reports section on the Manage Reports page and can be saved by clicking the view icon Schedule Use this option if you want to set up the export to run manually at a later time or schedule the export to run automatically at a specific time Select When to Run Report Options Run How Schedule Name Report Name Frequency Manually Inthe Name field type an appropriate name for the export The name limit is 75 characters Inthe Frequency field select Manually if the export will be run manually at a later time or select the schedule for the export that is Daily Weekly or Monthly f you selected Daily select the specific hour and time of day that you want the export to run daily f you selected Weekly select the day of the week and specific hour and time of day that you want the export to run weekly If you selected Monthly select the day of the month and specific hour and time of day that you want the export to run monthly The export will be displayed in the Scheduled Reports section on the Manage Reports page 4 Under Settings in the Save Directory field type the directory path or click Browse to locate the directory in which to save the file The csv file is compressed and saved as a zip file 5 Inthe Data Configuration field you can choose to select a single data configuration to include in the export or you can choose to include
119. ime of Activity 00 00 01 Currently Collecting Data Status User Audit Detail Parsing Proxy20130226 Txtwar gt High xml Data 6 All reports will be displayed as recently run reports on the Manage Reports page Using Report Filters in Audit Reports In audit detail reports report filters allow you to filter data by user IP address category search term and URL The filters are located in the Audit Detail section of the report If only one user or one category exists in the report the corresponding filter field will not be displayed For example a Category Audit Detail report provides data on one category at a time and therefore the category filter field will not be displayed NOTE The number of URLs in the report may affect the speed at which data is retrieved Please wait while the data is loading NOTE This feature is only available for any of the English language report settings 1 For Category Audit Detail Denied Detail Legal Liability Detail and Site Audit Detail the following filters are available depending on the report The user filter field shows the selection All and all users in the report When you make a selection the report shows only data for that user The category filter field shows the selection A and all categories in the report When you make a selection the report shows only data for that category Inthe text field enter the URL text to filter on You do not have to type the full URL
120. is enables quick determination of site popularity Individual user IDs are not shown on this report but hyperlinks to all visited Web sites are provided to facilitate further analysis Benefits This report highlights the Web sites that were most visited during the reporting period If these visits are inappropriate you can use this information to prompt deeper investigation You may also consider including the offending sites in your blocking regimen if you have one of our Web security products Unacceptable Visits Report Features The report depicts Web use activity only within categories classified as Unacceptable By category it shows the total number of visits made by individual users Users are identified but individual sites are not 122 Appendix B Report Descriptions Benefits Managers and administrators can quickly evaluate and see patterns of unacceptable activity by user and category The latter can be done by individual category or at a higher level by a consolidation of all unacceptable categories If excessive unacceptable activity is indicated the reviewer can quickly drill down to other reports for further detail Audit Detail Reports Category Audit Detail Report Features This report provides a detailed analysis of users Web activity in a particular category that you select e g Pornography For each visitor to that category all URLs including sub pages as well as home pages sites are listed separately T
121. ish Hedi N hedi a Accounting Department 51 DuCharme Phil pd15 Drafting Department 46 Dugy Claude cdug Engineering Department 128 Farmhisel Katherine kfarm Marketing Department 108 Forte Jojo jojo E Sales Department 100 Foshi Kirti kirti Technical Services Department 105 Ungrouped IDs 387 Gallows Lynn lynng VIP 1 Gambone Claudia cg22 Gettys Isabelle isabelle Gipple Linda linda Goodman Daniel dang Goodridge Marianne mgood Griswold Matthew mattgris Harrison Graham P gpharr k Select Destination Group SS Groups Enterprise 926 Accounting Department 51 Drafting Department 46 Engineering Department 128 Sales Department 100 Technical Services Department 105 Ungrouped IDs 387 VIP 1 2 Under Select Groups or IDs to Move click the group or ID that you want to move so that it is highlighted To select consecutive groups or IDs click the first group or ID Then hold down SHIFT and click the last group or ID you want to move NOTE To select nonconsecutive groups or IDs click the first group or ID Then hold down CTRL and click the additional groups or IDs you want to move To unselect a group or ID hold down CTRL and click the selected group or ID Do not select Enterprise lt cannot be moved or made subordinate to another group 3 Under Select Destination Group click the group to which you want to move your previously selected group or ID NOTE The destination
122. isions of the Privacy Act and our End User Sales Agreement are included in Wavecrest administrative and personnel policies Our staff is oriented and trained in these policies and the processes that are designed to implement and enforce them Willful violation of these policies is cause for immediate termination and depending on the circumstances possible criminal or civil legal action In our history this has never been necessary and no customer has ever informed us of any issues in this regard Your Part in the OtherWise Program If you choose to participate it s easy Simply enable OtherWise on the Settings Reports OtherWise screen The product will then send us noncategorized site data on a weekly basis automatically You can accept the default day time the report will run or you can set your own weekly schedule As mentioned above we may return a list of local intranet sites that we were unable to access for categorization purposes If you wish to track your users activity to these sites you can enter them into one or more custom categories and the traffic will be identified in subsequent reports 128 WavecrestCyfin C ECT WAVECREST COMPUTING Wavecrest Computing 904 East New Haven Avenue Melbourne FL 32901 toll free 877 442 9346 voice 321 953 5351 fax 321 953 5350 All information subject to change without notice www wavecrest net Copyright 2015 Wavecrest Computing Incorporated All rights re
123. ith the correct authentication credentials and then click Submit Set up Administrator E Mail This page allows the Administrator to receive all product e mail messages e g error messages fault indicators and URL List download notifications 1 Go to Settings E Mail Configure E Mail Settings Administrator s Address firstlast company com Server Name mailserver company com Server Port 25 Does Server Require Authentication Yes No E Mail User Name E Mail Password ee Use Server Alias in E Mail server alias Test These Settings Test 103 Cyfin User Guide v 9 2 0 2 Fill out the screen with the Administrator s e mail information If the e mail server requires authentication enter the user name and password for the e mail server logon account Click the Test button to make sure the product is communicating with the e mail server If it is successful then click Submit to save the configuration Restore or Download a Restore Point Restore a Restore Point The restore feature allows you to go back to or restore the previous configuration settings in your product from a previous day You can restore settings up to 31 days back The backup is done nightly and only keeps the last 30 days The restore download feature allows you to transfer all configuration settings to another installation of the product Transfers of configuration settings are only supported for the same product type for
124. lect to compare Acceptable Unacceptable and Neutral classifications by clicking the corresponding 96 key in the legend 5 Reports If you want to zoom in click and drag from left to right or from right to left on the chart Click Reset zoom to return to the original view Trend Traffic Chart 1 Go to Reports Dashboard Trend Traffic Chart Trend Traffic 400 000 Date Mar 01 13 Denied Traffic 656 Hits 300 000 Allowed Traffic 287 876 Hits 200 000 100 000 Feb 23 2013 12 AM Mar 03 2013 12 AM Denied Traffic Allowed Traffic Time Frames Date Range Custom e Start Feb 23 2013 Hour 12 AM Stop Mar 03 2013 ES Hour 12 AM Update Chart 2 Under Time Frames use the Date Range field to select a different time frame 3 f you selected Custom set a start date time and stop date time The Start and Stop fields show the previous date range that was selected Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start an
125. ll need to return to this page and change the Automatic Update field to No 7 Inthe Frequency field select Hourly or Specific Hour if you want to schedule imports to occur every hour or at a certain hour respectively 8 If you selected the Specific Hour option in the Hour fields select the specific hour and time of day that you want the import to occur every 24 hours For both Hourly and Specific Hour options the import will take place at the top of the hour 9 Inthe E Mail Confirmation field select whether or not you wish to receive an e mail for the import 10 Click Submit to save your changes Import Users From Text File This page allows you to import your groups and IDs from a text file Your text file should be no greater than 1 MB in size For instructions on creating your text file see Appendix A 43 Cyfin User Guide v 9 2 0 44 1 Go to User Management Import Users Text File Select a Text File Browse Delimiter Character s Choices V Pipe Comma E Tab Space El Other Column Position Definitions Required 1D d Parent1 3 Optional FullName 5 E Mail Parent 2 Parent 3 Parent 4 Parent 5 Parent 6 Preview Formatted Data ID Parent1 Parent2 Parent3 Parent4 Parent5 Parent6 FullName E Mail Upload file to preview Preview Import Under Select a Text File type the file name or click the Browse button to locate the file you want to import
126. load showing you Acceptable Unacceptable and Neutral visits for the Last Week time frame Chart Trend Classifications 40 000 Date Mar 01 13 Acceptable 28 650 Visits Ste Unacceptable 34 942 Visits Neutral 16 543 Visits W A 20 000 gt 10 000 o gt Ned Ned De E gt E E q q L ae UN dr OS Da amp amp 2 amp S rod e E Feb 23 2013 12 AM Mar 03 2013 12 AM Acceptable Unacceptable Neutral Metrics Chart View Visits m Time Frames Date Range Custom X Start Feb 23 2013 A Hour 12 AM e Stop Mar03 2013 PS Hour 12 AM v Update Chart 2 Under Metrics use the Chart View field to change the metric you are viewing 3 Under Time Frames use the Date Range field to select a different time frame f you selected Custom set a start date time and stop date time The Start and Stop fields show the previous date range that was selected Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates Click Update Chart to reload the chart 4 Youcan se
127. lyzing evaluating or investigating an individual user s Web activity IT Reports Network Information Report Features This report depicts total visits per classification total visits per category hourly total visits and total kilobytes read It also shows download times see definition in the appendix to the report No individual IDs or sites are identified in this report Benefits This report is a powerful tool for network administrators It serves as a valuable aid for managing and controlling bandwidth usage By not showing users it keeps the focus on bandwidth usage via visits hits and bytes making it easier for administrators to quickly identify potential network performance problems Site Analysis Bandwidth Report Features Similar in structure to Site Analysis report this report focuses on bandwidth consumption instead of visits It breaks down bandwidth usage first by acceptability classification then by category within each classification and then by user within each category Benefits This report provides IT personnel with a comprehensive categorized picture of how and when Web access is being used and it does so while identifying the most active users in each category This data is very helpful for managing bandwidth usage and advising management on corrective measures Top Bandwidth Sites Report Features This report shows by kilobytes category and actual URL the top bandwidth consuming site visits made
128. mmarized information on employee Web use They give you the information needed to locate problem areas but do not show the actual URLs visited The audit detail or low level reports give full URLs This section covers how to run a Site Analysis report one of our recommended reports but these instructions will work for any high level report you wish to run This report depicts the same Web site visits in three different ways a Total visits by acceptability classification acceptable unacceptable neutral Total visits by content category Shopping Pornography etc Total visits by user per category If this report is being run against raw log files it is recommended that you import your log files into the Wavecrest Database This will increase reporting speed and allow you to use Interactive reports See Data Management for using the Wavecrest Database NOTE For descriptions of all high level reports see Appendix B 1 Goto Reports Manager The Report Selection page is displayed if no recently run or scheduled reports exist NOTE If reports exist the Manage Reports page is displayed Click the green plus icon to go to the Report Selection page 2 Under Recommended Reports or High Level Summary Reports click Site Analysis The Create Report page is displayed 63 Cyfin User Guide v 9 2 0 Select When to Run Report Options RunNow Schedule Settings Report Delivery Wait Report Format HTML
129. n any characteristic or parameter that applies to the users in the workforce e g job title salary level and work location All groups must contain at least one user in order to be reported on Augmenting the Core Grouping Arrangement The groups and IDs core grouping capability can be easily augmented to accommodate a variety of requirements to monitor and or control Web activity by groups or users To take advantage of this capability the overall user ID population must be subdivided into logically structured groups This will take the form of a hierarchical structure under Enterprise Customized User Grouping Wavecrest products were designed with customized user grouping in mind Our products enable you to input or import the user population If desired the user population can be subdivided into a single or multi tiered hierarchical grouping structure This capability lets you set up apply and monitor different policies for different organizational units i e divisions departments geographic areas individual users etc It also lets you a use block allow settings to govern Web access Wavecrest s CyBlock products only b vary report formats for different recipients and c restrict the distribution of group level or individual user reports on a need to know basis Such restriction increases managerial efficiency by segmenting the reports and providing recipients with only the information they actually need It also prevents distri
130. nd messages on various processes such as scheduling reports importing data and updating the URL List It is used by Technical Support for troubleshooting purposes To view this information go to System Status Messages Event Log Profiling Log The Profiling Log page shows debugging information from the profile file related to the product It is used by Technical Support for troubleshooting purposes To view this information go to System Status Messages Profiling Log 100 Settings Introduction This section provides instructions on performing certain administrative tasks and setting up various features in the product such as License information Internet connection to Wavecrest download servers Product e mail address Restore points Report options Array setup Memory settings Secure Browser Interface This page allows you to create a secure connection HTTPS to your browser interface 1 7 Go to Settings Secure Interface Settings HTTP Enable Disable Port 7983 HTTPS Enable Disable Port 8983 Force HTTP to HTTPS Redirect Enable Disable For HTTP the Enable option is selected by default Select Disable to not use an HTTP connection The Port field is populated with the current interface port You may enter another available port For HTTPS select Enable to use a secure browser connection The Port field is populated with a recommended interface port You may e
131. nd will close when the list is fully downloaded To download the list daily select the Daily option NOTE If you ever want to disable the scheduled download change the Download field to Manual This will turn off the automatic update Inthe Hour fields select the specific hour and time of day that you want the automatic update to occur The list will be downloaded within the scheduled hour In the E Mail Confirmation field select whether or not you wish to receive an e mail confirming that the URL List download was successful Click Download and Schedule to download the list and schedule it to be downloaded daily Click Schedule to only schedule the list to be downloaded daily URL List Repair If you ever experience difficulties with the Wavecrest URL List Technical Support may ask you to repair the list Only if instructed to do so go to Categorization URL List Repair and follow Technical Support s instructions 52 Categorization Repair Current URL List NOTE Use this page only if directed to do so by Technical Support Check URL This feature can be used to check the category of any URL in the Wavecrest URL List It is particularly useful after you create a custom category because you can verify that the URLs you entered in the custom category have been correctly assigned to that category 1 Go to Categorization Check URL The Check URL page is displayed Check URL This feature can be used
132. nside the product only new users will be imported For step by step instructions for the wizard see Import Users From Active Directory Manual Import When a manual import occurs IDs will be imported into the product immediately The process will import groups and IDs per your specified configuration If you chose to manage your users outside the product all groups and IDs will be updated according to the directory source However if you chose to manage users inside the product only new IDs will be imported 117 Cyfin User Guide v 9 2 0 Semiautomatic Grouping Using a Text File Method General If Active Directory is not available groups and IDs information can be imported from any database or spreadsheet that contains the proper data i e user ID and organizational assignment information Personnel records in HR or payroll records in Finance may suffice In brief the data is exported from the source to an import file in the Wavecrest product Methodology for Exporting the Data Into the Import File Listed below are the basic steps for creating an import file and exporting the required data into it The more complex steps are discussed in more detail later 1 Select your data source e g spreadsheet database or table 2 Ensure that the data source contains as a minimum a column for user ID a column to accommodate an optional full name for each ID and at least one parent column If the parents have higher level parent
133. nt to run the report at this time The report will be displayed as a recently run report on the Manage Reports page Schedule Use this option if you want to set up the report to run manually at a later time or schedule the report to run automatically at a specific time Select When to Run Report Options RunNow Schedule Name Report Name Frequency Manually Inthe Name field type an appropriate name for the report The name limit is 75 characters Inthe Frequency field select Manually if the report will be run manually at a later time or select the schedule for the report that is Daily Weekly or Monthly f you selected Daily select the specific hour and time of day that you want the report to run daily f you selected Weekly select the day of the week and specific hour and time of day that you want the report to run weekly If you selected Monthly select the day of the month and specific hour and time of day that you want the report to run monthly 4 Under Seitings in the Report Delivery field select one of the following options Wait This option is available for only the Run Now option After the report runs you can view save and print it The report is saved with a universally unique identifier UUID in the file name e g 14ec2d98 346f 4cb5 806a f85f7b74f1e1 html E Mail This option allows you to specify e mail addresses to which you want to send the report In the Recipients field en
134. nter another available port You can enable both HTTP and HTTPS connections to test that the certificate file is correct If both HTTP and HTTPS are enabled the Force HTTP to HTTPS Redirect field becomes available Select Enable to redirect HTTP communication to HTTPS Click Submit A dialog box appears indicating that changing secure browser settings will result in an automatic service restart Click Continue to restart the service Update License Information This page allows you to enter your product license after you purchase the product or renew your product license If at any time you want to contact Sales click the Sales link to send an e mail NOTE The default evaluation key is valid for 30 days after installation 1 Go to Settings License The Update License Information page is displayed 101 Cyfin User Guide v 9 2 0 6 License Details Contact Sales for any questions regarding your license Organization Name Your Company Name Goes Here Server Alias Name Cyfin Serial Number 123 Activation Key 6AZ1 9AA9 22A1 0FC6 57Z0 Key Status Evaluation Key is OK In the Organization Name field type the organization name that you would like to use In the Server Alias Name field type the server name or IP Address that the product will use NOTE This is merely the server s friendly alias name It has no bearing on product actions In the Serial Number field type your serial number if you ha
135. nts see Create Logon Account Getting Started Getting Started Checklist This checklist is provided for getting the product up and running It involves the following steps Download and Install the Product A wizard will guide you through the process Download the URL List Complete this step so that you can run reports Change the Default Password Change the Administrator password Set Up Memory Settings Select the amount of memory needed Configure Log Files Specify what type of log files you have and where they are stored Set Up Administrator E Mail Receive reports and status updates via e mail Participate in OtherWise Optimize categorization results Create and Run a Site Analysis Report Create a high level summary report one that is useful for identifying suspect areas NOTE Be sure to complete these steps Many of these steps are mandatory to get the product up and running properly Click the links above to go to the instructions for a particular step Most of these instructions are located in other sections of the manual CAUTION If you plan on having an array configuration skip this checklist and instead go to the Array Configuration Checklist Download and Install the Product In this step you will download the product and start a wizard to install the product Is Download the product 2 Double click the executable file and follow the wizard s on screen instructions 3 After a few clicks you
136. o select the database location 3 For Notify Admin of Errors select the Enable or Disable option to choose whether or not to receive e mail notification regarding imported data errors 4 Click Submit to apply your settings Import Log File Data This page lets you manually import configured log files into the Report Database When logs are available the screen lists them and provides check boxes for selecting the logs you want to import You can also configure the product to import the data automatically on a daily basis IMPORTANT Because the process of importing data is memory intensive we recommend increasing the product s memory setting on the Settings Memory screen As a general guideline increase the setting to approximately half of the actual available memory on the computer NOTE Importing data does not affect the original logs This product only reads log file data it does not modify log files in any way 1 Goto Data Management Report Database Import Manual A list of logs available for importing will appear 28 Data Management Display Selection CyBlock Appliance Path C Logs Log Name proxy20130223 tt proxy20130224 tt proxy20130225 bd proxy20130226 bd proxy20130227 bd proxy20130228 bd proxy20130229 tt proxy20130301 tt proxy20130302 tt SelectAll DeselectAll View last All X Type of Log File CyBlock Software Raw Data Start Time Feb 23 2013 12 01 41 AM Feb
137. o to Control Panel Administrative Tools Services select Cyfin and click Restart View Log Files This screen displays the log files that have been configured The product uses these log files to produce reports For each log file configuration this screen displays the log file configuration name type of log file and path if applicable For each individual log file it displays the log name start time stop time and status 1 Goto Data Management Log Data Source Viewer and the log files will appear on the opened page 19 Cyfin User Guide v 9 2 0 Display Selection 9 Valid Logs Only View Last All X CyBlock Appliance Type of Log File CyBlock Software Path C Logs Log Name proxy20130223 tt proxy20130224 tt proxy20130225 tt proxy20130226 tt proxy20130227 tt proxy20130228 tt proxy20130301 tt proxy20130229 tt proxy20130302 tt 2 Under Display Selection select an option to view valid logs only invalid logs or all logs Invalid Logs Only All Logs Start Time Feb 23 2013 12 01 41 AM Feb 24 2013 12 02 25 AM Feb 25 2013 12 00 04 AM Feb 26 2013 12 00 29 AM Feb 27 2013 12 00 00 AM Feb 28 2013 12 00 49 AM Mar 1 2013 12 00 58 AM Mar 1 2013 12 01 17 AM Mar 2 2013 12 00 14 AM Stop Time Feb 23 2013 11 59 22 PM Feb 24 2013 11 58 48 PM Feb 25 2013 11 57 07 PM Feb 26 2013 11 59 59 PM Feb 27 2013 11 59 55 PM Feb 28 2013 11 58 20 PM Mar 1 2013 11 59 58 PM Mar 1 2013 11 59 27 P
138. og File field click Browse to locate your log files and select one file Click Next The results of the analysis are displayed 15 Cyfin User Guide v 9 2 0 Log File Analysis IronPort Date URL User IP Address Bytes Result Code Mar 1 2015 11 00 14 PM http www confn com images left_banner gif 1 2 3 1 0 success Squid Proxy Date URL User IP Address Bytes Result Code Dec 31 1969 07 00 01 PM http www confn com images left_banner gif HTTP 1 0 BOB D unknown 9 CyBlock Software Date URL User IP Address Bytes Result Code Mar 2 2015 12 00 14 AM http Awww cnnfn com imagesi left_banner gif BOB 1 2 3 1 0 success Blue Coat Systems Common Format Date URL User IP Address Bytes Result Code Mar 1 2015 11 00 14 PM http Awww confn com images left_banner gif BOB 1231 0 success Select the log file type that matches your log files If no results are found a link will be displayed for you to upload your log file for analysis by Technical Support When you have made your choice click Next Select Log File Directory Directory C Program Files Wavecrest Cyfin7984 weicfilog Browse If you selected Analyze the Directory field displays the path to which you browsed Otherwise if you selected Manual you need to direct the product to where your log files are located If the log files are local to the computer or on a mapped drive click Browse to locate the folder containing them If the log files
139. ogram Files Wavecrest Cyfin7982 wc cf db Notify Admin of Errors Enable Disable Click Modify and a wizard will appear Select Database Manufacturer Manufacturers MySQL X Select MySQL as the Database Manufacturer and click Next A screen notifying you how to create a new MySQL database will appear These will be the same instructions as above Once you have completed them click Next 9 Data Management Enter Database Settings Schema Superview Server Enter server Port 3306 User Name root Password Bulk Insert Folder C Program Files Wavecrest Cyfin7984 welcfidb plugin Back 1 Next Enter the Server Port User Name and Password for your MySQL database Type a UNC path for the Bulk Insert Folder field and click Next You should get green Ready status indicators If so you can go ahead and click Next Name This Database Configuration Name Database Name the database configuration and click Next A message indicates that the database configuration was saved successfully Click Done MSSQL Configuration The initial below instructions are for creating a new MSSQL database If you already have a MSSQL Server database created you may proceed to Connect to MSSQL Database Set Up SQL Server Authentication Y 2 3 4 9 Open the SQL Server Management Studio Login to your SQL server Right click your SQL Server node instance in the Object Explorer and s
140. on Account This page lets you modify a previously established administrator or operator account 1 2 48 Go to User Management Logon Accounts Modify The Modify Logon Account page is displayed Select Logon Account to Modify admin a alyce Bob marsha payton Click the account you wish to modify User Management Selected Account Information Account Name admin Authentication Use Current Generate New Password Use Active Directory Account Type Administrator Operator FullName Administrator E Mail Address _ firstlast company com Home Directory CATEMP i l Select Group s SS Expand Collapse al ll Enterprise 925 Accounting Department 51 _ Drafting Department 46 Engineering Department 128 _ Marketing Department 108 _ Sales Department 100 _ Technical Services Department 105 Ungrouped IDs 386 VIP 1 E PE FP Pr PF _ Check Uncheck All Groups 3 Inthe Account Name field the account name or logon name is display only and is not modifiable 4 Inthe Authentication field select one of the following options Use Current This option allows you to keep the existing password for the account NOTE For Active Directory account names this option is not available Generate New Password This option resets the existing password to password and the account user will be prompted to change it after logging on
141. or all HTTP connections begin with configuring your proxy information first Go to Settings Internet Connection If Internet traffic does not go through a proxy then you can 51 Cyfin User Guide v 9 2 0 skip to downloading the list since Direct connection is the default selection When trying to download the list the product always tries the HTTP first and if that fails then it tries the FTP connection 1 6 La Go to Categorization URL List Download Update List Download Settings Download Manual Daily Hour 1 e PM e E Mail Confirmation Never y Download and Schedule Schedule If the URL List is expired older than 45 days the Status message will be red stating that the list is expired If the URL List is about to expire older than 30 days the Status message will be yellow and will state how many days old your list is If you get either of these messages you should download the URL List immediately These messages will also appear when you log on If your latest list was downloaded within 30 days the Status message will be green NOTE To avoid the risk of having the list expire it is recommended that you schedule the URL List to automatically download daily To download the latest version of the list select the Manual option Update List Download Settings Download 9 Manual Daily Click Download Now A dialog box will appear that will show the download s progress percentage a
142. ories type the URLs NOTE 1 If you add a URL that already exists in another category the URL will be removed from the other category NOTE 2 To add multiple URLs enter the first URL and press ENTER then enter the second URL and press ENTER Repeat until you have included all the URLs Optional Add Wildcard Entries You can use wildcards to add multiple URLs simultaneously This can be done with domain matching domain and path matching or parameter matching a Wildcards With Domain Matching This URL matching method categorizes Web sites whose pages all contain the same type category of content e g Shopping News and Sports In these relatively simple cases one category applies to the entire site Under this method if the Web log entries are in any of the following formats and the URL List contains a matching URL the product will categorize the visit on the basis of the domain name www mydomain com mydomain com www mydomain mydomain 55 Cyfin User Guide v 9 2 0 NOTE For this method to work and as reflected in the examples the entry in the URL List must contain a complete domain name element That is the domain name between the periods dots must be complete and must not be augmented with an asterisk or any other character For example the list must not contain mydomain com or mydomain com b Wildcards With Domain and Path Matching This URL matching method categorizes Web site visit a
143. ormation are provided other left to right positioning schemes and column names will also work Use of Full Name Although Figure 1 shows full names as well as user IDs the use of full names is optional User ID Considerations In some cases the customer s directory will be one that is used in IT to control network access Active Directory is a good example In such cases the directory s user IDs will exactly match those that Wavecrest products find in the network log files However it is possible that a different type of LDAP based directory e g one used for HR or payroll purposes may be more suitable for Web use management purposes If this is the case it may identify employees differently than the access control directory For example it may use employee numbers or social security numbers to identify employees In such cases the customer may need to insert another field in the HR Payroll directory to duplicate the user IDs found in the access control directory Ensuring Compatibility Between the Product and the Directory As mentioned above in some cases for grouping purposes the information in the directory will already be appropriate That is the directory will contain some form of user ID and it may contain columns denoting the group to which each employee belongs and each group s progressively higher organizational levels If it does not you can easily correct the situation by inserting additional columns to fully accommodate th
144. ort how to find category descriptions how to check for product updates and how to accept and print the End User License Agreement Help and Contact Information Additional help for the product is also available in the product Just click Help in the navigation bar at the top The product Help window will then appear in which you can search for information If you ever need additional help beyond what is available in the manual or the product please feel free to contact our Technical Support team Contact Information Telephone Numbers Toll Free 877 442 9346 Ext 4 U S and Canada Direct 321 953 5351 Ext 4 Si International 001 321 953 5351 Ext 4 outside U S and Canada Technical Support supportOwavecrest net General Info info wavecrest net Logon 1 Log on to the product using the following default credentials Logon admin Password password 2 Click Logon The Change Your Password page is displayed 3 After changing your temporary password log on with your new password WavecrestCyfin Logon Password Forgot password NOTE If the Logon page does not appear bring it up by going to Start All Programs Cyfin Browser Interface Forgot Password If you ever forget your password click the Forgot password link on the Logon page The Reset Password page will be displayed Request Password Reset Enter your logon to reset your password Logon Submit
145. ows you to quickly find out which ten sites had the most visits or hits or used the most bandwidth for the time period you specify 1 Goto Reports Dashboard Top Sites A chart with your top ten sites will automatically load with the default metric of Visits and time frame of Last Week Chart Top Sites 15 000 12 568 11 386 10 000 I I 9 320 4 7 764 5 6 963 6 947 6 832 gt 5 858 i 1 I i Ss Ss Ss Ss Ss se y Ss g p r eo s S gt s amp ES lt E v Pal ai Ba j Es amp ES d A lt Feb 23 2013 12 AM Mar 03 2013 12 AM Metrics Chart View Visits e Time Frames Date Range Custom e Start Feb23 2013 Hour 12 AM e Stop Mar03 2013 ES Hour 12 AM Update Chart 2 Under Metrics use the Chart View field to change the metric you are viewing 3 Under Time Frames use the Date Range field to select a different time frame f you selected Custom set a start date time and stop date time The Start and Stop fields show the previous date range that was selected Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Sel
146. page Click Submit to apply your settings User Management Introduction In User Management you can input and import user ID information into the product for subsequent use in reporting and or filtering Users can be grouped in accordance with some common characteristic usually by department groups They can also be entered without grouping IDs The groups and IDs import process can be performed manually or automatically You also have the option of managing your groups and IDs users inside the product or at your directory source Before importing users you must complete the Getting Started Checklist which covers all setup procedures to get the product running Once you have completed the product setup you need to understand the product s grouping structure which is discussed below The product consists of a core grouping structure for groups and IDs that can be used as is or expanded to fit your organization and its policies The core structure cannot be deleted or changed It contains a single top level group called Enterprise and two subordinate groups called Ungrouped IDs and VIP You can add additional subordinate groups and or individual IDs to Enterprise if desired The functions of these core groups are as follows Enterprise The Enterprise group encompasses all monitored users specifically those Internet and or intranet users whose IDs are made available to the product For example if Enterprise is specified du
147. ports will no longer be accessible past the number of days you select Type a password in the Reports Password field This password must be used by anyone trying to access an Interactive report The default password is password Click Submit to apply your changes Participate in OtherWise OtherWise is a service provided by Wavecrest that helps reduce the number of noncategorized sites By participating in OtherWise the top noncategorized site data will be sent to Wavecrest Computing site analysts This data does not contain user names and is held in strict confidence For more information on OtherWise and Wavecrest s privacy policy please see Wavecrest s OtherWise Program amp Policy in Appendix C ie Go to Settings Reports OtherWise 109 Cyfin User Guide v 9 2 0 Participate In OtherWise OtherWise is a service provided by Wavecrest that helps reduce the number of noncategorized sites By participating in OtherWise the top noncategorized site data will be sent to Wavecrest site analysts This data does not contain user names and is held in strict confidence For more information on OtherWise and Wavecrest s privacy policy please see VWavecrest s OtherWise Program amp Policy 9 Enable Disable When to Run Day of Week Wednesday v Hour of Day 3 e AM y Select Enable to participate in OtherWise and have top noncategorized site data sent to Wavecrest site analysts No user names are included and all
148. previous date range that was selected 92 Reports Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates Click Update Chart to reload the chart 5 If you want to zoom in click and drag from left to right or from right to left on the chart Click Reset zoom to return to the original view Trend Groups Chart 1 Goto Reports Dashboard Trend Groups A chart will automatically load with the default group Enterprise metric of Visits and time frame of Last Week Chart Trend Enterprise Visits 50 Feb 23 2013 12 AM Mar 03 2013 12 AM Enterprise Groups 28 Select Group HE Enterprise 926 a Accounting Department 51 Drafting Department 46 Engineering Department 128 Marketing Department 108 Sales Department 100 Technical Services Department 105 Ungrouped IDs 387 VIP 1 r reer E E E Fr 2 Under Groups select a group by clicking the group name and the name will appear in the chart 3 Under Metrics
149. previous date range with the first day of that date range selected The calendar begins on the first date of your log files NOTE In Internet Explorer 10 if you have log files in only the current year the drop down arrow disappears when you click the year field Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates 8 Under Groups and IDs on the Browse tab choose groups and IDs by selecting their corresponding check box To view IDs in a group click the group name Groups and IDs Select Browse 28 Groups HE 2 Ds Filter selected Groups IDs El E Enterprise 926 a Ml Angelo Jennifer ja25 a L Accounting Department 51 Arello Jaclyn jacar L Drafting Department 46 Ashton Stephanie sa19 E Engineering Department 128 Y Backman Daniel danback L Marketing Department 108 v Baines Harold haroldb L Sales Department 100 E Bann Joeseph joeb L Technical Services Department 105 v Banning Payton payton E Ungrouped IDs 387 Baugman Scott Mason smbaugman L VIP 1 gt E Bauhaus Michal mb32 z E Check Uncheck All Groups Check Uncheck All IDs Other options
150. r Audit Detail The Create Report page is displayed 68 Reports Settings Select When to Run Report Options 9 Run Now Schedule Report Delivery Wait v Report Format HTML e Report View Read Only Abuse Thresholds Disable v Visits Hits Visits Only does not include jpg gif etc e URL Details Single line URL X Time Frame Date Range Last Week Jan 5 12 00 00 AM to Jan 11 11 59 59 PM Filter Create new filter v P 3 Under Select When to Run for the Report Options field select Run Now or Schedule Run Now Use this option if you want to run the report at this time The report will be displayed as a recently run report on the Manage Reports page Schedule Use this option if you want to set up the report to run manually at a later time or schedule the report to run automatically at a specific time Select When to Run Report Options Run Now Schedule Name Report Name Frequency Manually Inthe Name field type an appropriate name for the report The name limit is 75 characters Inthe Frequency field select Manually if the report will be run manually at a later time or select the schedule for the report that is Daily Weekly or Monthly f you selected Daily select the specific hour and time of day that you want the report to run daily f you selected Weekly select the day of the week and specific hour and time of day that you want the report to run weekly If
151. r steps on how to use the Wavecrest Database and its advantages see Data Management If you have more than one log file type configured in Cyfin the Data Configuration field is displayed to allow you to choose a configuration to include in the report Select a configuration or all configurations In the Anonymous IDs field select Enable if anonymous IDs are turned on in the product and you want to display IDs anonymously on the report NOTE This field is not available if the Report View field is set to Interactive NOTE If anonymous IDs are turned off in the product on the Settings Reports Options page existing reports with anonymous IDs enabled will not generate anonymized reports Under Time Frame in the Date Range field select from the following predefined time frames of data Yesterday Previous 24 Hours Last 7 Days Last Week or Last Month or select Custom to set a specific date range All predefined time frames end at 11 59 59 P M except Previous 24 Hours which ends one second before the current hour When scheduling a report the Date Range options are based on the Frequency selection that is they are less than the frequency For example you cannot schedule a report to run daily with a date range of Last Month Select the appropriate date range Custom le only available if the Run Now option was selected or the Frequency field was set to Manually f you selected Custom set a start date time and stop dat
152. reports have a saved name Up to ten reports are displayed in this list and are sorted by run date time in descending order 1 To create a report click the Add New Manual Report green plus icon The Report Selection page is displayed where you can select the type of report you want to create 2 Hover over a report line to display available icons Recently Run Reports Add New Manual Report Report Type Name Site Analysis Run Date Time Filter All X rk EI ES Dec 23 09 48 44 AM 3 To run a report click the play icon The report runs and is displayed at the top of the list with Running in the Run Date Time column indicating that it is processing If there are many reports running you will see Running for one report and Pending for the remaining reports indicating that they are in the queue to be processed fa report has failed to run for any reason you will see Failed to run The report will not run and you will receive an e mail if E Mail was selected for the report delivery A duplicate icon will be available for you to rerun the report with different settings if necessary A view details icon will allow you to view the reason that the report failed to run and the report parameters used 4 To create an exact copy of an unscheduled report click the duplicate icon The Create Report page is displayed where you can make changes to the settings and run the report 5 To create an exact copy of a scheduled
153. retail grocery food operations Anonymous Public Proxy 35 Sites that provide information on how to bypass filtering or monitoring systems or provide a way to surf anonymously i e access URLs by bypassing a Web filter or monitor Auction Classified 2 Sites that support the offering purchasing and bartering of goods or services between individuals Banners Ads 3 Electronic banners and advertisements that appear on Web pages Blogs 76 Sites that contain people s online diaries which may contain a wide range of topics and images It excludes topic specific blogs e g a blog about professional football would be located in the sports category Business Services 4 Sites that offer services to help run every day business such as printing and publishing office supplies and furniture consulting accounting services and maintenance and janitorial services Check for Product Updates Use this page to check for new product versions and download the latest release 1 Goto Help Check for Updates This page will tell you if there are any current updates to the version of your product 113 Cyfin User Guide v 9 2 0 Update Information Status Productis up to date Version 9 1 4 Build 475 Release Date Mon Jan 26 2015 4 16 53 PM Release Notes http kb wavecrestnet page_id 881 HTTP Location http downloads wavecrest net release cyfin win64V914 c914win64 exe The Status message will let you kno
154. ring the setup of a report all monitored users who accessed Web sites during the requested time frame will be included in the report This will occur whether or not the user population has been subdivided into lower level groups Ungrouped IDs This group is a subgroup to Enterprise If you do not need user grouping all users can be placed in the Ungrouped IDs group In that case there would be no need to set up additional groups On the other hand if user grouping is set up Ungrouped IDs can be used as a holding area for IDs until they can be moved into your specific groups VIP This group is another subgroup to Enterprise It is used to exclude designated individuals from reports and applies a default blocking policy of Allow All When IDs are placed in this group users Web activity will not appear in reports and users will be allowed full access to Web categories Web content and protocols unless the default policy is changed Next you must decide whether or not you will use grouping Using groups lets you apply different Web policy and report settings for each group Even if you wish to use a universal Web use policy for the entire company you may wish to have individual department or division reports run and sent to their respective managers only Grouping is also recommended if upper management or administrators want to see employee Web use activity If you choose not to use grouping we recommend that you place all of your use
155. rking 15 353 Visits Click to view report 13 168 Date Range Start Feb23 2013 FB Hour 12 y AM v Stop Mar03 2013 ES Hour 12 y AM vw Top Categories 24 054 14 806 11 434 10 586 jiasi L g F R Ba e Feb 23 2013 12 AM Mar 03 2013 12 AM Chart View Visits e Custom e Update Chart Under Metrics use the Chart View field to change the metric you are viewing Under Time Frames use the Date Range field to select a different time frame f you selected Custom set a start date time and stop date time The Start and Stop fields show the previous date range that was selected Click the Start calendar icon to select the start date of the data you want The calendar shows days up to the previous date range with the first day of that date range selected The calendar begins on the first date of your log files Click the Stop calendar icon to select the stop date of the data you want The calendar shows days beyond the previous date range The calendar begins on the start date that you selected Select the specific hour and time of day for the start and stop dates Click Update Chart to reload the chart If you want to view more detailed data on a particular category click the bar for that category A Category Audit Detail report will automatically be generated for that category and the time frame you have selected 89 Cyfin User Guide v 9 2 0 5 If you want to zoom in click and drag from l
156. roduct Operator account users only have access to a limited menu that lets them create run and review reports 1 To create a logon account go to User Management Logon Accounts Add The Create Logon Account page is displayed Enter Account Information Account Name pemith Lookup Authentication Generate Password Use Active Directory Account Type Administrator Operator FullName Bob Smith E Mail Address bsmith company com Home Directory C Program Files Wavecrest Cyfin7984 we Browse 2 Inthe Account Name field type the unique account name or logon name to be used by the account user If you plan to use the Active Directory Authentication option make sure the account name matches the Active Directory account name exactly NOTE The admin account name already exists in the product 3 Inthe Authentication field select one of the following options Generate Password This option generates the default password password and the account user will be prompted to change it after logging on Use Active Directory This option is only available if an Active Directory configuration exists Click Lookup and the Full Name and E Mail Address fields will be populated for the Active Directory account name you entered 4 Inthe Account Type field select Administrator or Operator for the type of account you are creating 5 Inthe Full Name field type the full name of the account user 6 Inthe E Mail A
157. rom Active Directory or a text file all groups and IDs will be updated to identically match that configuration 38 User Management NOTE The Inside the Product option is the default because most administrators will not use the same grouping method from the directory source for the product Most of the time the directory source is grouped according to your network setup and not according to how you want to apply Web use policies 1 To make your selection go to User Management Import Users Manage Required Setup for Import Where do you want to manage additions deletions locations and renaming of imported Groups and IDs The default option is Inside the Product Inside the Product Default This option lets you add delete and move Groups and IDs within the product after importing from Active Directory or a Text file Each time Groups and IDs are imported whether manually or scheduled from Active Directory or a Text file only new IDs will be imported Your existing users will not be modified Outside the Product This option will not let you add delete or move Groups and IDs within the product It will also not let you rename a Group or ID All of these changes must take place in the directory from which you are using to Import Groups and IDs Each time Groups and IDs are imported whether manually or scheduled from Active Directory or a Text file all Groups and IDs will be updated to identically match that confi
158. roups 2 3 and 4 Optional These columns will contain the names of increasingly higher level groups if applicable NOTE These particular import file requirements are essentially the same as those discussed earlier for Active Directory Configuring Wavecrest Products to Work With the Import File After the import file is created the administrator needs to ensure that the product engine is configured to work with the data in the file That is the administrator needs to tell the product a which piece of user information is in which column and b the type of delimiter being used This is done in the User Management Import Users Text File screen The process consists of a few simple data entries For detailed instructions see Import Users From Text File Examples of Import Files Some examples of import files are shown below Although we use the vertical pipe character as the delimiter in all of these examples the delimiter can also be other acceptable characters e g comma or space 1 The following example shows a typical group import file with login names full names and group names 118 Appendix A Groups and IDs smithj Smith Joe Engineering doej Doe John Accounting wilsona Wilson Alvarez Sales 2 The following example is Microsoft Proxy specific Assume your organization has Microsoft domains set up for each department For this example assume there are three departments each with its own Microsoft domain The
159. rs in Ungrouped IDs You can populate Ungrouped IDs three different ways When high level reports such as Site Analysis are run all new IDs in the log files those not previously found will be placed automatically in Ungrouped IDs You can import IDs into Ungrouped IDs You can manually add IDs to Ungrouped IDs In this section you will find instructions on how to Edit Users Manually add groups and IDs or add them after your initial import as well as delete move and modify groups and IDs Manage Users Specify how users will be managed Completing this section is required mandatory before importing any groups and IDs Import Users Import from Active Directory or a text file Search Users Search for an ID its group and its policy settings 33 Cyfin User Guide v 9 2 0 Logon Accounts Change the password for accounts and create modify and delete accounts Add Group or ID If you do not want to import groups and IDs you can manually add each group or ID in the product Even if you imported your groups and IDs you can add more if you chose to manage your groups and IDs inside the product see User Management Import Users Manage If you chose to manage them outside the product you can only add groups and IDs to your directory source and reimport This page will not be available to you NOTE If you plan to have groups we recommend that you create all groups first before creating the IDs to go in
160. rted on and not be added to your Ungrouped IDs group If the ID is not in your groups and IDs but has data it will be added to your Ungrouped IDs group 15 Click Run Now Depending on how long the report takes to run you may see a progress meter f one report was generated it opens in a Report Results page where you can view save and print it f multiple reports were generated depending on how you ran the report a Reports List page is displayed with links Click the link for the report you want to view When you are finished with the report click Back to List to return to the list of reports or click Close to close the window 16 If you selected the Schedule option the Schedule and Run and Schedule buttons are available Click Schedule and Run to schedule and deliver the report Click Schedule to only schedule the report 17 Click Back to return to the previous page 67 Cyfin User Guide v 9 2 0 Below is an example of a Site Analysis report Time To Create Report Data Source Total IDs With Visits Total Visits Hits 189 929 457 427 Total Kilobytes 3 930 258 Total Denied Visits 593 Total Legal Liability Visits Hits 4 554 18 806 Program Downloads Hits Kilobytes 1 861 1 241 639 Download Time Visits 0 33 987 67 975 2 08 38 45 67 975 35 MINA 67 975 2 08 05 36 67 312 35 MA 67 312 1 21 32 06 54 642 23 54 642 6 14 16 27 189 929 Category Name Download Time Visits 0 11 700 23
161. s Instructions on how to change your password for your account and add logon accounts can also be found here Categorization This section contains instructions on scheduling the download of the URL List checking the category of any URL in the URL List and creating custom categories and populating them with URLs that your company wants to track You can also select the categories to display on your reports Cyfin User Guide v 9 2 0 Reports There are several reports available in the product and the option to use Interactive or Read Only reports Interactive reports allow you to drill down from a higher level report to get more detailed Web use data This section shows you how to use the Dashboard manage reports schedule reports to run automatically and create high level and low level reports System Status This section contains informational screens which are used to view the product s server status and its specifications jobs in the queue and policy related information that you have set in the product Settings This section contains instructions on updating your license information creating a restore point and setting report options for the way that you want report data presented For those organizations that require an array configuration this section gives instructions on how to set this up and maintain all product installations within your array Help This section briefly describes the Profiling page used with Technical Supp
162. s additional columns will be needed The columns do not need to be in any particular left to right order 3 Export the source data to the Wavecrest product as an Excel spreadsheet Each row record in the spreadsheet will represent one user ID 4 Save the spreadsheet as text to a file named wc cf db import cfg for Cyfin or wc cyblock db import cfg for CyBlock This is the import file 5 Confirm that the file has been imported properly and contains the correct items of information Also note the type of delimiter being used to separate the data items The delimiter may be a comma or space for example 6 Restart the product Once this is done the product s server automatically duplicates the imported group structure and assigns the IDs to the correct groups A Typical Import File A typical import file will consist of the following columns ID ID is the login name to a proxy server firewall caching appliance etc It can also be an IP address or a domain name Full Name Optional This is the ID s full name spelled out This field column is required but if full names are not to be used it can be left empty that is no character spaces See examples below If this field is used then all reports will display the full name alongside the user s IP address or login name Group Name This is the name of the group e g department to which the ID is assigned e g Sales Engineering or Accounting Parent G
163. s are not allowed NOTE 1 This feature is not available if you are using the Array feature in CyBlock Software and Cyfin NOTE 2 When you restore settings the product service automatically restarts 1 Goto Settings Restore Points Download 104 Settings Restore Point Settings Restore Point Path C Program Files Wavecrest Cyfin7984 welcfidb restore Browse Update Path Create Restore Point Create New Restore Point Choose Restore Point to Download Restore Point Date Restore Point File Name Size Bytes Jan 13 2014 13 25 36 20140113 132535 zip 4909332 2 Under Restore Point Settings in the Restore Point Path field click Browse to select the location of the backup files You may also edit the path Click Update Path to reload the new restore point path 4 If you wish to create a new restore point click Create under Create Restore Point A link for the new restore point is displayed under Choose Restore Point to Download 5 To download a restore point click the link for the restore point in the Restore Point Date column NOTE The file name is in the format yyyymmdd hhmmss zip Older restore points with file name zip will still be displayed however they are not transferable and should not be used 6 Save the file to a location of your choosing Restart or Shutdown This page allows you to restart the service for the product if necessary 1 Go to Settings Restart or Shutdown Options senc
164. s exist that is you are a first time user or have deleted all reports 59 Cyfin User Guide v 9 2 0 Select Report to Run Recommended Reports High Level Summary Reports Site Analysis Acceptable Visits Neutral Visits User Audit Detail All User Summary Site Analysis Custom Categories Top Users Denied Visits Top Web Sites Legal Liability Unacceptable Visits Audit Detail Reports IT Reports Category Audit Detail Site Audit Detail Network Information Category Audit Summary Site Audit Summary Site Analysis Bandwidth Denied Detail User Audit Detail Top Bandwidth Sites Legal Liability Detail User Audit Summary Search Terms Audit Detail Forensic Reports Improve Your Reporting Results Denied Detail Top Noncategorized Sites Legal Liability Detail Search Terms Audit Detail Lists unidentified URLs categorized as Other User Audit Detail and shows the number of visits to each If you 2 send a copy of this report to Wavecrest the AR most popular of these URLS will be categorized properly and added to our list substantially improving your subsequent reporting results 2 Tosee a description of the report hover over the report name and then hover over the question mark icon that appears beside it A short description of the report is displayed 3 To create a report click the report name The Create Report page is displayed See Run a High Level Summary Report or Run an Audit Detail Report for instructions on how to run repor
165. sers to get more detailed information on employees Web use by clicking a report s elements For example from a high level report such as Site Analysis you can click an ID Name and a User Audit Detail report will automatically begin running on the user They are also delivered differently For example instead of receiving an attachment of the report recipients will receive a link A password is needed to retrieve the reports because they are password protected To use Interactive Reporting you must enable the Wavecrest Database Interactive reports can only be run against data imported into the Wavecrest Database They cannot be used when running reports against the raw log files For steps on how to use the Wavecrest Database see Data Management 1 When an Interactive report is sent via e mail to a recipient the recipient will receive a link or two links depending on server settings to the report The link s below contain a report with the following information Report Type Site Analysis Created By admin Your Company Name Goes Here Current Date Time Jan 22 01 09 25 PM Visits Hits All Hits includes all URLs Group Enterprise IDs Category Time Frame customtimeframe Report Start Date Time Feb 23 12 00 00 AM Report Stop Date Time Mar 2 11 59 59 PM If for any reason the link does not work please contact your administrator 2 To open the report click the appropriate link You will then be asked to
166. served
167. ssification settings will be used for reports NOTE For descriptions of each category go to Help Category Description 1 Goto Categorization Customize Classification 53 Cyfin User Guide v 9 2 0 Classify Categories Anonymous Public Proxy Auction Classified Banners Ads Blogs Business Services Chat Instant Messaging Construction Cults Neutral X Acceptable e Unacceptable e Neutral v Unacceptable v 2 Use the drop down box next to each category to classify each as Neutral Acceptable or Unacceptable 3 Click Submit to apply your changes The report below is an example of how classifying your categories can help you quickly see which site visits were acceptable unacceptable or neutral Classification Name Download Time Visits 0 33 987 67 975 Unacceptable Neutral Acceptable Totals 2 08 38 45 2 08 05 36 1 21 32 06 6 14 16 27 67 975 35 MEN 67 975 67 312 35 MS 67 312 54 642 28 MN 54 642 189 929 Note that each site is color coded based on the classification settings you made Green Acceptable Orange Unacceptable Gray Neutral Edit URLs In addition to 70 standard categories you can create an unlimited number of custom categories for additional filtering using this page Custom categories can be used for a variety of reasons e g to block additional Web sites or track employees use of company intranet sites This page also allows you
168. standard reports and their definitions see Appendix B You also have the option to use Interactive Reporting when using the HTML report format Interactive reports allow you to get more detailed results on employee Web use by clicking the report s elements e g categories ID names and classification ratings To use Interactive Reporting and the Dashboard the Wavecrest Database must be enabled on the Data Management Report Database Configuration Enable page so that reports will run against Web use data in the database Running reports allows you to analyze employee Web use so that you can easily identify instances of Web abuse that can drain productivity pose a legal liability threat or threaten network security Reports can also be useful if you use one or more custom categories to monitor intranet sites in your organization The reports will show how often and how some of these sites are being used by your employees Before running any reports be sure to complete the Getting Started Checklist The Getting Started Checklist covers the required setup needed to start running reports Also before running reports be sure to set report options as well as the categories that you want displayed on the report You may also want to view your policy settings to see if any setting is missing or needs to be changed In this section you will find instructions on how to Manage Reports Provides instructions for managing recently run and sc
169. sticated summary level trending charts on the Dashboard Mass Storage Low Level Database This highly scalable database is designed to store huge amounts of detailed low level Web use data The reports that are supported by this database include audit detail reports that provide every URL visited by a user every category or every domain Enable the Report Database Before using the optional Report Database you must enable it When you do so the product imports your log file data into the Dashboard high level and Mass Storage low level databases These databases greatly increase the speed with which Web use reports can be generated With the Report Database enabled you can also export data to external applications NOTE If the Report Database is disabled URLs will not be hyperlinked in audit detail reports 1 Goto Data Management Report Database Configuration Enable 2 Select the Enable option to enable the Report Database Manage Your Log Data 9 Enable This enables database support Log file data will be imported into the high and low level databases every 24 hours This allows for faster report creation and activates the Dashboard NOTE To report on past time periods older than 24 hours you must manually import older log file data after enabling and configuring Report Database settings Disable Reports will run against log files You will not be able to access Dashboard charts Status The Report Data
170. t just the top 25 Individual sites visited are not shown Benefits This report presents management with a quick look view of the number of acceptable and unacceptable visits made by each user Custom Categories Report Features This report depicts Web use in custom categories only if configured That is it shows which users visited which custom categories and the number of visits to each It does not identify individual sites Benefits This report provides very concise very reliable Web use information focused strictly on subjects of specific interest to the enterprise specified by the enterprise itself For example management can use this information to determine if users are properly using particular intranet sites Human Resources sites supplier sites or customer sites This report can also be used to monitor traffic to inappropriate or unauthorized local sites that may not be popular enough nationwide to be included in the Wavecrest URL List Denied Visits Report Features By category this report shows which users were denied access to Web sites or a page on a Web site Individual users are identified but specific URLs are not Each attempt is displayed in the category attempted Denied attempts for a Web page can signify the user may not be authorized to receive the page the page may not have been found by the Web server or the page may have been blocked for access Benefits If you have Web filtering enabled this report
171. t or from right to left on the chart Click Reset zoom to return to the original view 85 Cyfin User Guide v 9 2 0 Dashboard Last 7 Days Date Feb 24 13 Visits 139 MB 1 396 Visits MB Trend Enterprise Feb 23 2013 12 AM Mar 03 2013 12 AM Top Users Visits 11 026 10 000 7 114 6 526 5 833 5 321 mer Hi i IR Ss e Es gt di Ee g e a Feb 23 2013 12 AM Mar 03 2013 12 AM Top Charts Top Categories Visits 30 000 24 051 20 000 15 850 15 352 14 1790 060 11 405 10 51610 352 o i i I J x Es S sS Fij gt ge 2 sf o Bo x S gt gt g e Rod By e be Feb 23 2013 12 AM Mar 03 2013 12 AM These charts show Web use for the top users groups categories classifications and sites for the entire enterprise by the metric and time frame specified Top Users Chart L Go to Reports Dashboard Top Users A chart with your top ten users will automatically load with the default metric of Visits and time frame of Last Week 86 Reports Chart Top Users 12 500 11 026 10 000 7 161 7 500 6552 5 i 5 857 A 5 000 2 500 0 E 2 2 a ES Es Feb 23 2013 12 AM Mar 03 2013 12 AM Metrics Chart View Visits X Time Frames Date Range Custom Start Feb23 2013 Hour 12 AM v Stop Mar 03 2013 FA Hour 12 AN v Update Chart Under Metrics use the Chart View field to change the metric you are
172. ter a valid e mail address If you wish to send the report to multiple e mail addresses enter the addresses separated by a comma or semicolon Reports with no spaces Duplicate addresses are not allowed The report is sent in the file name format that you specified in Report Options Save This option allows you to save the report In the Save Directory field type the directory path or click Browse to locate the directory The report is saved with the file name format that you specified in Report Options Be aware that you may overwrite a previously run report if saving to the same directory In the Report Format field select HTML or PDF NOTE If you select PDF you will only have the option to get a Read Only report selected in the Report View field below NOTE for Linux Users In order for PDF reports to work on Linux installations the following libraries and all of their dependencies are required X11 libraries Font Configuration libraries Run the following two commands which will install the above libraries if they are not already installed yum install libXrender so 1 yum install libfontconfig so 1 In the Report View field select Read Only or Interactive NOTE The Interactive option is not available if Save was selected for the report delivery NOTE Interactive reports can only be run against data imported into the Wavecrest Database They cannot be used when running reports against the raw log files Fo
173. th included www mydomain com keyword value www mydomain com keyword value www mydomain com id www mydomain com id 8 sr example of multiple pairs mydomain com path id NOTE 1 Parameter matching always requires the use of If a question mark is placed at the end of the domain or the path the URL List will perform this matching method NOTE 2 The is also required for this method However the amp is optional and is only needed when more than one keyword value pairing is involved as indicated above Note that the amp is added between pairs and the pairs do not have to be in any particular order Rules for Custom URLs The rules for entering custom URLs include Protocols such as http and https are not necessary and are removed when the entry is saved Entries consisting of only and are not allowed e g Spaces in the middle of the domain name are not allowed 56 Categorization Inthe domain name can only be preceded and or followed by or e g mydomain Incorrect domain entries such as google and goo gle com are saved as google and google com respectively Inthe path can only be preceded and or followed by eg mydomain com path Incorrect path entries are not saved and need to be reentered correctly 7 To modify a URL highlight the portion of the URL you would like to modify Then type
174. the MySQL Command Line Client by going to Programs MySQL MySQL Server x x MySQL Line Client Command Login as the user name root Enter the command create database Superview To verify it was created enter the command show databases and you should see the database Superview present Restart your MySQL Service There are two ways you can do this a Goto Services right click the MySQL Service and click Restart 23 Cyfin User Guide v 9 2 0 b Sign in to the MySQL Administrator and use the Service Control options Click the Stop button and when it changes to Start click it again Option B Te a bk wo bh Open the MySQL Query Browser Login as the user name root Right click the Schema Explorer and click Create New Schema In the pop up box enter Superview for the Schema Name and click OK Right click in the Schemata pane and click Refresh You should now also be able to see the Superview database Restart your MySQL Service There are two ways you can do this a Goto Services right click the MySQL Service and click Restart b Sign in to the MySQL Administrator and use the Service Control options Click the Stop button and when it changes to Start click it again Connect to MySQL Database I 24 Go to Data Management Report Database Configuration Settings High Level Database Current Database Derby Modify Database Low Level Database Wavecrest Database Location C Pr
175. they do not have a ready status the settings in the product installations on those servers will not be updated As you add secondary servers each one is automatically synchronized with the primary when added As long as the secondary servers remain active with a status of ready they will be automatically updated to match the configuration on the primary However if a secondary is ever down for a period of time or gets out of sync with the primary click the Synchronize button If at any time you want to delete a secondary server in the array click the associated red x icon Memory Settings You must configure the maximum amount of memory that the product will use to perform its operations The memory setting helps optimize overall system performance and precludes unnecessary degradation of system speed The default setting is 256 MB For optimal performance it is recommended that you choose the setting that is approximately half of your available memory RAM If you start to meet your memory threshold the product will notify you to increase your memory setting 1 2 3 106 To set your memory go to Settings Memory Change Memory Please set this product s virtual memory to one of the following selections 10GB e Use the drop down box to select the appropriate amount of memory to be used keeping in mind your available RAM Click Submit to apply the change Settings 4 After you click Submit you will re
176. third party unless legally required to do so by the appropriate authorities The Company retains no client records produced by the product the only records retained are those pertaining to the sale itself and contact information Wavecrest Computing will not sell share or rent your personal information to any third party or use your e mail address for unsolicited mail Any emails sent by this Company to Customer will only be in connection with the provision of agreed services and products We constantly review our systems and data handling processes to ensure the privacy and confidentiality of Customers information Equally if not more important by virtue of our being a preapproved provider of software to the U S Government via General Services Administration GSA contract GS 35F 0212L we are subject to the provisions of a federal statute known as The Privacy Act of 1974 5 U S C 552a Public Law No 93 579 Dec 31 1974 This statute establishes a Code of Fair Information Practice that governs the 127 Cyfin User Guide v 9 2 0 collection maintenance use and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies and may be available to Government contractors Under penalty of law the Privacy Act prohibits the unauthorized disclosure of information from a system of records absent the written consent of the subject individual The confidentiality prov
177. to populate both standard and custom categories with URLs of your own choosing NOTE Your category and URL changes will override any future list downloads by Wavecrest 1 Goto Categorization Customize URLs The Edit URLs page is displayed 54 Categorization Add Custom URLs to a Category Category Type Custom Standard All Add Category Custom URLs Submit For Category Type the Custom option is selected by default initially to allow you to create a custom category The Standard option allows you to select a standard category The All option shows both custom and standard categories and permits you to create a custom category If no custom categories exist in the Add Category field type the category name The name cannot exceed 50 characters If custom categories exist in the Select Category field select Create Custom Category to create a new custom category or you can choose to modify or delete an existing one After selecting Create Custom Category enter a category name in the Add Category field If you are modifying or deleting a previously created category its name will appear in the Select Category field To rename the category click the pencil icon To delete the category click the red x icon next to the field NOTE Standard categories cannot be deleted To add URLs to a selected category in the Custom URLs box for custom categories or Supplemental URLs box for standard categ
178. ts NOTE A Back button is displayed only if you arrived at this page by clicking a green plus icon on the Manage Reports page to create a report Manage Reports Go to Reports Manager The Manage Reports page is displayed if recently run or scheduled reports exist 60 Reports Recently Run Reports Add New Manual Report Report Type Name Custom Categories Search Terms Audit Detail Search Terms Audit Payton Legal Liability Detail Legal Liability Detail Accounting Denied Detail Denied Detail Sales User Audit Detail Site Analysis Clear List Scheduled Reports Name 4 Denied Detail Sales Legal Liability Detail Accounting Search Terms Audit Payton Site Analysis Enterprise Site Analysis Bandwidth Tech Services User Audit Detail Payton Delete All Report Type Denied Detail Legal Liability Detail Search Terms Audit Detail Site Analysis Site Analysis Bandwidth User Audit Detail Run Date Time Filter All X Oct 22 01 22 18 PM Oct 22 01 21 06 PM Oct 22 01 20 49 PM Oct 22 01 20 48 PM Oct 22 12 01 33 PM Oct 22 12 00 58 PM Frequency 5 AM Daily Mondays at 6 AM 28th of the Month Manually Fridays at 6 PM Manually Recently Run Reports This section shows reports that were run manually and through scheduling Reports can be run at the present time that is unscheduled as well as scheduled or set up to run at a later time Unscheduled reports have no report name whereas scheduled
179. ts you choose whether or not to receive e mail notifications of suspected data errors if they occur during the import Arrays In arrays the import data storage location needs to be on a shared network drive so that all servers in the array will be able to find the imported data If that is not the case on your already configured installation it is recommended that you save copies of all import data war files to a safe location as a backup precaution Then change the locally configured storage path to a shared network drive location Place copies of any preexisting pre array import data in the new shared location It is recommended that you also keep backup copies of preexisting import data elsewhere for a short amount of time to ensure that no data is lost NOTE Test results have proven that having this location on a different physical hard disk rather than the log file configuration set previously results in much faster import time This setup is recommended because in this scenario you are reading from one hard disk and writing to another 1 Goto Data Management Report Database Configuration Settings 27 Cyfin User Guide v 9 2 0 High Level Database Current Database Derby Modify Database Low Level Database Wavecrest Database Location C Program Files Wavecrest Cyfin7982 we cf db Notify Admin of Errors Enable Disable 2 Inthe Wavecrest Database Location field type the path or use the Browse button t
180. ttempts at the path level This method enables individual pages to be categorized If the URLs visited as documented in the Web logs are in any of the following formats and there is a corresponding entry in the URL List the product will categorize the visit on the basis of the domain name and path www mydomain com path www mydomain com path mydomain com path mydomain com path NOTE 1 For this method to work the entry in the URL List must contain a complete path element That is the path element between the forward slashes must be complete and must not be augmented with an asterisk or any other character For example the list must not contain path NOTE 2 As indicated at the end of the fourth example above the asterisk is not always required i e an exact path can be entered However as indicated in all four examples forward slashes are always required c Wildcards With Parameter Matching This method adds parameter matching to the two methods defined above domain alone and domain plus path It focuses more on syntax found in URL parameters than on content of the site being evaluated by the product The parameter method works as follows If the Web log entries are in any of the formats listed below the product will categorize the visit on the basis of a the domain name plus the parameter or b domain name plus path and parameter Note that the first three bullets are examples of the former no pa
181. u will not have to use this feature If for any reason some log files are invalid you should go to the Data Management Log Data Source Revalidate page There the product will reexamine any invalid log files that were included in a configuration and may validate those that were previously invalid NOTE 1 For a log file to be valid it must contain some Web use data i e it cannot be empty 20 Data Management NOTE 2 If you have more than one data configuration a data configuration field is displayed to allow you to choose a configuration to revalidate You may select a single configuration or all configurations In some cases the log files are invalid because the configuration is incorrect If this is the case you must fix the configuration in the Data Management Log Data Source Setup page Once you have done so you need to go back to Data Management Log Data Source Revalidate so that log files can be revalidated based on the revised configuration If your log files are still invalid contact our Technical Support team Our Support team is available Monday Friday 8 00 a m 6 00 p m Eastern Time and can be reached by phone 321 953 5351 or e mail supportOwavecrest net Report Database The Report Database features two special purpose databases Dashboard High Level Database This database is designed to meet a very different set of requirements Its job is to store high level data that is used to generate sophi
182. udit Summary Report Features This report lists the top users who visited a particular site The report can be run for more than one site and shows the total number of visits made by the user hourly total visits and hourly total kilobytes read A hyperlink to each user is provided to allow management to further review the sites that were visited Benefits This report can be used by administrators to get a quick summarized look at Internet activity by Web site It lists the users with the highest volume of activity User Audit Detail Report Features This very detailed report focuses on a single user Every visit made by the user is listed separately in chronological order Information for each visit consists of the site s category and full URL Each URL is hyperlinked so the site or page can be quickly accessed for review if desired A summary total of visits by category is also provided Benefits Management has a concise but complete view of every URL the user has clicked This information can be used for personnel appraisal purposes incident investigations usage audits etc User Audit Summary Report Features This report lists all the Web sites visited by a single user during the reporting period The report indicates each listed site s category and the number of visits made to it A hyperlink to each site is provided to facilitate further review by management Benefits Management is provided with reliable information to use in ana
183. ux installations the following libraries and all of their dependencies are required X11 libraries Font Configuration libraries Run the following two commands which will install the above libraries if they are not already installed yum install libXrender so 1 yum install libfontconfig so 1 In the Report View field select Read Only or Interactive NOTE The Interactive option is not available if Save was selected for the report delivery NOTE Interactive reports can only be run against data imported into the Wavecrest Database They cannot be used when running reports against the raw log files For steps on how to use the Wavecrest Database and its advantages see Data Management If you have more than one log file type configured in Cyfin the Data Configuration field is displayed to allow you to choose a configuration to include in the report Select a configuration or all configurations In the Abuse Thresholds field select Enable if abuse thresholds are set and you want to display them on the report In the Visits Hits field select whether you want visits only or all hits displayed on the report NOTE Choose Visits Only if you want the report to count and show only true visits Le actual user clicks Doing so will exclude all other types of hits e g banners ads and audio Choose All Hits if you want reports to show all types of hits solicited or unsolicited For URL Details choose how you want the URLs to
184. valldato Log EE 20 ele 21 Enable the Report Database dba 21 e le EE 21 Dashboard High Level Database Settings ccececeeeeeeeceeeeeeeee senses ceaeeeeeaeseaeeseeeeeseeeesaeeeeeeseeeees 22 PSF YG OM TIC AON BEE 22 MySQL Configuration es 23 Allocate Memory to Database coooiconi nicioncorir dd TESEN 23 Cyfin User Guide v 9 2 0 Greate Ata ASS cae rele Peas plea she ica ii Dh nea da eens te tie ha ee eden ts binant tetas eee 23 Connectto MySQUL DatabasO sica a 24 MSSQL Configuration micas ii id 25 Set Up SQL Server Authentication ecccececcceceeeeeeececeeeeeeeaeeeeaeeseeeecaaeeeeaaeseeneeseeeeseaaeseeeaeseneeees 25 Create Database Gupervlew cnn rn 25 lees IIe 25 Allow TC EE 26 Connect to MSSQL Database ria 26 Mass Storage Low Level Database cccccecceeeeeeceeeeceeeeeceaeeeeaeeseeeeeseeeesaaeeseaaeseeeeeseaeeesaeeseeeeeeeees 27 EE Ee e 27 Import LOG File Dala EE 28 Schedule Data IMPO geesde dee Aslan e ia 29 View Imported Data ss irena Aana A EAE AEE EE OAE AAEREN AREA AAEE ARTA 30 BER E 31 schedule Daily Data REMOVAL sa tiviacshveceteascecsiie abdetevsedecde taia aaae aoaia sag lene AAE 31 User Managements EE 33 MMTFOGUGTIO Maisie EE 33 AJO Group OrIDi EE 24 Delete ele el RE 35 Move Groups or IDS iii her iis ting eee dedi tenner 36 Modify Group or EE 37 E Le CHE 38 Inside the Product Default EE 38 Outside the Prod Gt EEN 38 Active Directory Setup EE 39 Import Users From Active DItS
185. ve purchased the product This can be found on the certificate provided at time of purchase During product evaluation the serial number default setting should not be changed In the Activation Key field type your activation key This can be found on the certificate provided at time of purchase During product evaluation the activation key default setting should not be changed Click Submit to apply your changes Internet Connection If your Internet traffic goes through a proxy this page allows you to configure your proxy information This will ensure that you can download the list and product updates and also receive product news When trying to download the list the product always tries the HTTP connection first and if that fails then it tries the FTP connection 1 102 Go to Settings Internet Connection Settings HTTP Proxy Settings Proxy Port 8080 Password FTP used if HTTP fails FTP Server FTP Login encrypted FTP Password encrypted FTP Directory Bound to NIC Card Bound To Port Select Internet Connection to Wavecrest Download Servers Choice Direct connection Use an HTTP proxy HTTP URL http downloads wavecrestnet release wa Proxy Host Enter proxy server or IP address Domain YOUR DOMAIN CONTROLLER UserName Your user name to Domain Controller fip wavecrestnet sgcerng JpPv34eGg56j release wavelist v8 standard 1 2 3 4 7996 2 Fill in the fields w
186. ve the filter 11 Under Groups and IDs on the Browse tab choose groups and IDs by selecting their corresponding check box To view IDs in a group click the group name Groups and IDs Select Browse 28 Groups HE 2 IDs Filter selected Groups IDs ll E Enterprise 926 3 v Angelo Jennifer ja25 E L E Accounting Department 51 Arello Jaclyn jacar L E Drafting Department 46 El Ashton Stephanie sa19 L Engineering Department 128 Y Backman Daniel danback L E Marketing Department 108 Y Baines Harold haroldb L E Sales Department 100 F Bann Joeseph joeb L _ Technical Services Department 105 Y Banning Payton payton L H Ungrouped IDs 387 El Baugman Scott Mason smbaugman e E vP 1 S Bauhaus Michal mb32 E Check Uncheck All Groups Check Uncheck All IDs 76 Reports Other options include Expand or collapse groups To expand and view group tiers click the plus icon To expand or collapse all groups click the plus or minus icon next to Groups Search for a specific ID If you know the ID names you want to filter you can search for and select them using the Filter selected Group s IDs field Begin typing the ID or name of a user Users with a matching ID or name will be displayed in the IDs box Select the check boxes for the IDs you want Check Uncheck all groups and or all IDs Use the
187. w if there are any new updates or if your product is currently up to date If updates are available click Update Now to upgrade the product NOTE While the product is updating the service will be down for a very short time End User License Agreement This page allows you to accept and print the License Agreement 1 2 114 Go to Help EULA The End User License Agreement page is displayed License and Warranty Please read and accept the terms of the License Agreement IR WAVECREST COMPUTING INC END USER LICENSE AGREEMENT m PLEASE READ THIS AGREEMENT CAREFULLY By copying installing or using all or any portion of the Wavecrest Services Services including without limitation CyBlock Web Security Software CyBlock Cloud Cyfin data analysis and monitoring software Cyfin forensic software Wavecrest Mobile Security App or any other proprietary software designed to run on computers smartphones tablet computers and other mobile devices and any related computer software or associated media and or documentation Software and CyBlock8 filtering hardware or any other proprietary hardware Hardware designed to run with the Software You You or Customer agree to be bound by the terms and conditions of this End User License Agreement Agreement If You do not agree to the terms of this Agreement do not accept this Agreement do not continue with your use of this site and
188. will find yourself at the Logon page where you can log on to the product Array Configuration Introduction Wavecrest products offer an advanced array configuration option for those organizations that need to have multiple installations of Cyfin to help manage large amounts of log files This allows an organization to manage all configurations and run reports from one location i e the primary server As shown in Figure 1 below an array configuration allows for the workload to be distributed and processed on the Cyfin secondary servers while all reports and administrative functions are managed on the Cyfin primary server This configuration greatly reduces the amount of time it takes to process large amounts of log files In order for the array to work the log files must be located on a shared network storage drive so that they can be distributed among the Cyfin secondaries for quick processing to the Report Database which must also be located on a shared drive NOTE If you already have existing import data prior to moving an array scenario we recommend that you save copies of the data war files to a safe location first Likewise if you have an array in production but decide to disband it you should save copies of your import data first This way you can Cyfin Cyfin Cyfin Cyfin place it where you want after the array is disbanded Secondary Secondary Secondary Primary Cl min browser 8 Ss El reports 1011141041
189. y to quickly identify wnen Web abuse has occurred For instructions on setting default classification ratings see Classify Categories Will you incorporate abuse thresholds This is another feature that allows you to quickly identify Web abuse in reports Abuse thresholds allow you to set the number of allowed visits to each category by the individual user group or entire enterprise If that threshold is ever exceeded this will be displayed via a red bar in the reports To learn more about abuse thresholds see Abuse Thresholds How will you distribute reports Reports can either be run manually on an ad hoc basis or can be scheduled to run daily weekly or monthly Scheduled reports can either be sent via e mail to someone you specify or saved to a directory where managers can retrieve the report See Reports for creating reports If you plan for managers to log on and create their own reports see the instructions for creating operator access accounts in Create Logon Account Will you create administrator and operator access accounts Cyfin User Guide v 9 2 0 Administrators have full access to the product while operators are limited to only reporting Operator accounts can be further limited to only have access to run reports on specified users and or groups When creating these accounts you also have the option to assign a new password or authenticate to Active Directory For instructions on creating administrator and operator accou
190. you selected Monthly select the day of the month and specific hour and time of day that you want the report to run monthly 4 Under Settings in the Report Delivery field select one of the following options Wait This option is available for only the Run Now option After the report runs you can view save and print it The report is saved with a universally unique identifier UUID in the file name e g 14ec2d98 346f 4cb5 806a f85f7b74f1e1 html E Mail This option allows you to specify e mail addresses to which you want to send the report In the Recipients field enter a valid e mail address If you wish to send the report to multiple e mail addresses enter the addresses separated by a comma or semicolon with no spaces Duplicate addresses are not allowed The report is sent in the file name format that you specified in Report Options 69 Cyfin User Guide v 9 2 0 70 10 11 Save This option allows you to save the report In the Save Directory field type the directory path or click Browse to locate the directory The report is saved with the file name format that you specified in Report Options Be aware that you may overwrite a previously run report if saving to the same directory In the Report Format field select HTML or PDF NOTE If you select PDF you will only have the option to get a Read Only report selected in the Report View field below NOTE for Linux Users In order for PDF reports to work on Lin
Download Pdf Manuals
Related Search