[isalist] Re: "Top Users" report
- From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 17 Apr 2006 17:43:43 -0400
To have your workstations use WPAD you'll have to first install it. Look
to isatools.org for the SBS WPAD implementation.
Amy
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 5:15 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
So to simplify what I need to do, i think either need to enable the Web
Proxy for my Network Properties by hitting that check box that's
currently unchecked [if i want no WPAD], or in that same window, enable
Auto Discovery in it's tab [if i want WPAD]?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: April 17, 2006 3:02 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
Hi Jonathan,
You need the Web proxy and/or Firewall client configuration to get user
names. If you're using WPAD, you must enable autodiscovery information
publishing, or host that information on another Web server.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 3:23 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
Trying to track down what's causing IP's to be published in
report instead of Username
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: April 17, 2006 1:53 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
Why is autodiscovery information publishing unchecked?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 2:34 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
OK found it for the Internal Network.
*On the Auto Discovery tab, "Publish automatic discovery
information" was unchecked
*On Firewall Client tab, "Enable FWC support" is
checked, my Server name is typed in, then "Automatically detect
settings" and "Use automatic config. script" (default URL) is checked.
"Use a Web proxy server" is NOT. (these would all be default as I do
not remember changing any of this).
Now knowing this, should I check 'Use a web proxy
server', or uncheck the auto. detect settings?
Furthermore, I've never changed ISA Console > General >
Define Firewall Client Setting, so everything there should still be the
same.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
Sent: April 17, 2006 1:12 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
From within the ISA console, in the the properties of
your protected network, on the firewall client tab.
That should be selected if you want to autocinfigure the
FWC.
S
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 3:55 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
Could you further explain? I remember during ISA 2004
setup whether I'm connecting a console to an existing ISA server, or
make a new ISA server, but I doubt that's it.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
Sent: April 17, 2006 12:17 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
Have you disabled auto detect in the ISA console,
because that's where the instruction comes from.
S
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 2:52 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
Yes, but like I said, I believe most of my FWC installs
have a hard-coded server address typed in, so it shouldn't be used the
WPAD entry?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
Sent: April 17, 2006 11:44 AM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
Take it out the dhcp scope, (it don't work as it
should), and just use a DNS A record for wpad.
S
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 12:46 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report
Each client does have FWC installed (hard-coded to the
ISA WINS name (instead of DNS i've now realized); but i also have
configured the WPAD o252 in my domain.local DHCP scope .. ), and then
after I installed it, I proceeded to the 'Web Browser' tab and hit
'Configure Now', which changed the old ISASERVER:8080 config in the
client's Internet Options to the configuration script.
After reading the 'Client Overview' in the Help section,
I'm pretty sure that I just have FWC users which would also be Web Proxy
users, so therefore the report should be working... yes?
Jonathon J. Howey
MENSE Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxxx
Defining the Future of Transportation
www.MENSE.ca <http://www.mense.ca/>
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
Sent: April 17, 2006 9:33 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report
Read up on client types. The help file has excellent
information on this. If it's authentication you'd like and tracking by
username rather than IP address, then you'll need the firewall client.
As far as what the #7 entry represents you'll have to
consult your logs to see what t Client Typesdd
\ hat user was doing.
Amy
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 11:13 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] "Top Users" report
Anyone have any idea on why the IP of the machine is
showing up instead of the user? Has it anything to do with using a
config. script in IE/Mozilla instead of proxy and port? Reason I ask
is, the report is misleading if you use DHCP, as it looks like the User
(IP) is being stored as the PK, and hence if that IP get's re-assigned
to a diff. user (as it has in my case), it doesn't reset the totals.
As well, anyone have any ideas of where I can find out
where the IP in #7 is coming from? Is it possible that it's a spammer
server and the ISA report is considering traffic on port 25 as well?
(this is an SBS box).
No
User
Requests
% of Total Requests
Bytes In
% of Total Bytes In
Bytes Out
% of Total Bytes Out
Total Bytes
% of Total Bytes
1
192.168.100.119
20096
2.90 %
22.69 GB
30.60 %
2.30 GB
4.80 %
24.99 GB
20.50 %
2
192.168.100.117
3626
0.50 %
19.37 GB
26.10 %
1.33 GB
2.80 %
20.70 GB
17.00 %
3
192.168.100.126
15047
2.20 %
3.29 GB
4.40 %
10.74 GB
22.40 %
14.03 GB
11.50 %
4
192.168.100.127
13424
2.00 %
1.88 GB
2.50 %
8.44 GB
17.60 %
10.32 GB
8.50 %
5
192.168.100.139
17883
2.60 %
5.90 GB
8.00 %
3.80 GB
7.90 %
9.70 GB
7.90 %
6
192.168.100.100
13107
1.90 %
1.29 GB
1.70 %
3.16 GB
6.60 %
4.45 GB
3.60 %
7
198.53.112.177
76
0.00 %
3.38 GB
4.60 %
219.57 MB
0.40 %
3.60 GB
2.90 %
8
192.168.100.104
746
0.10 %
611.11 MB
0.80 %
2.73 GB
5.70 %
3.33 GB
2.70 %
9
192.168.100.122
5902
0.90 %
1.38 GB
1.90 %
1.27 GB
2.70 %
2.66 GB
2.20 %
10
192.168.100.85
110655
16.10 %
725.06 MB
1.00 %
1.94 GB
4.00 %
2.65 GB
2.20 %
11
192.168.100.124
14410
2.10 %
1.15 GB
1.60 %
1.11 GB
2.30 %
2.26 GB
1.90 %
12
192.168.100.134
12922
1.90 %
1.28 GB
1.70 %
920.23 MB
1.90 %
2.18 GB
1.80 %
13
192.168.100.114
20273
3.10 %
1.60 GB
2.20 %
548.31 MB
1.10 %
2.13 GB
1.80 %
14
192.168.100.132
14908
2.30 %
216.83 MB
0.30 %
1.83 GB
3.80 %
2.04 GB
1.70 %
15
192.168.100.113
14029
2.20 %
1.09 GB
1.50 %
451.77 MB
0.90 %
1.53 GB
1.30 %
All Others
374959
59.30 %
6.29 GB
11.10 %
7.06 GB
15.10 %
13.36 GB
12.60 %
Total
652063
100.00 %
72.12 GB
100.00 %
47.81 GB
100.00 %
119.93 GB
100.00 %
Thanks.
Jonathon J. Howey
MENSE Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxxx
Defining the Future of Transportation
www.MENSE.ca <http://www.mense.ca/>
Other related posts:
