[isalist] Re: "Top Users" report

  • From: "Jonathon J. Howey" <Jonathon@xxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 17 Apr 2006 11:56:27 -0600

Anyways, turned out I already had the CNAME DNS entry setup, plus the
o252.  I've since removed the o252.  So unless I'm missing something, I
don't think it has to do with auto-discovery as servername is hardcoded
and the auto-discovery stuff was setup both ways if it didn't work
before.
 
I will change my own FWC to do auto-discovery for now to see if it's a
problem with hard-coded server names.
 
________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Moffat
Sent: April 17, 2006 11:44 AM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report



Take it out the dhcp scope, (it don't work as it should), and just use a
DNS A record for wpad.

 

S

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 12:46 PM
To: ISA Mailing List
Subject: [isalist] Re: "Top Users" report

 

Each client does have FWC installed (hard-coded to the ISA WINS name
(instead of DNS i've now realized); but i also have configured the WPAD
o252 in my domain.local DHCP scope .. ), and then after I installed it,
I proceeded to the 'Web Browser' tab and hit 'Configure Now', which
changed the old ISASERVER:8080 config in the client's Internet Options
to the configuration script.

 

After reading the 'Client Overview' in the Help section, I'm pretty sure
that I just have FWC users which would also be Web Proxy users, so
therefore the report should be working... yes?

 

 

Jonathon J. Howey

MENSE Inc.

P 780.409.5620

F 780.409.5621

D 780.409.5628

C 780.965.8363

Jonathon@xxxxxxxx

 

Defining the Future of Transportation

www.MENSE.ca <http://www.mense.ca/> 

 

 

 

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: April 17, 2006 9:33 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: "Top Users" report

Read up on client types. The help file has excellent information on
this. If it's authentication you'd like and tracking by username rather
than IP address, then you'll need the firewall client.

 

As far as what the #7 entry represents you'll have to consult your logs
to see what t Client Typesdd

\ hat user was doing. 

 

Amy

 

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathon J. Howey
Sent: Monday, April 17, 2006 11:13 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] "Top Users" report

 

Anyone have any idea on why the IP of the machine is showing up instead
of the user?  Has it anything to do with using a config. script in
IE/Mozilla instead of proxy and port?  Reason I ask is, the report is
misleading if you use DHCP, as it looks like the User (IP) is being
stored as the PK, and hence if that IP get's re-assigned to a diff. user
(as it has in my case), it doesn't reset the totals.

 

As well, anyone have any ideas of where I can find out where the IP in
#7 is coming from?  Is it possible that it's a spammer server and the
ISA report is considering traffic on port 25 as well?  (this is an SBS
box).

 

 

No

User

Requests

% of Total Requests

Bytes In

% of Total Bytes In

Bytes Out

% of Total Bytes Out

Total Bytes

% of Total Bytes

1

192.168.100.119

20096

2.90 %

22.69 GB

30.60 %

2.30 GB

4.80 %

24.99 GB

20.50 %

2

192.168.100.117

3626

0.50 %

19.37 GB

26.10 %

1.33 GB

2.80 %

20.70 GB

17.00 %

3

192.168.100.126

15047

2.20 %

3.29 GB

4.40 %

10.74 GB

22.40 %

14.03 GB

11.50 %

4

192.168.100.127

13424

2.00 %

1.88 GB

2.50 %

8.44 GB

17.60 %

10.32 GB

8.50 %

5

192.168.100.139

17883

2.60 %

5.90 GB

8.00 %

3.80 GB

7.90 %

9.70 GB

7.90 %

6

192.168.100.100

13107

1.90 %

1.29 GB

1.70 %

3.16 GB

6.60 %

4.45 GB

3.60 %

7

198.53.112.177

76

0.00 %

3.38 GB

4.60 %

219.57 MB

0.40 %

3.60 GB

2.90 %

8

192.168.100.104

746

0.10 %

611.11 MB

0.80 %

2.73 GB

5.70 %

3.33 GB

2.70 %

9

192.168.100.122

5902

0.90 %

1.38 GB

1.90 %

1.27 GB

2.70 %

2.66 GB

2.20 %

10

192.168.100.85

110655

16.10 %

725.06 MB

1.00 %

1.94 GB

4.00 %

2.65 GB

2.20 %

11

192.168.100.124

14410

2.10 %

1.15 GB

1.60 %

1.11 GB

2.30 %

2.26 GB

1.90 %

12

192.168.100.134

12922

1.90 %

1.28 GB

1.70 %

920.23 MB

1.90 %

2.18 GB

1.80 %

13

192.168.100.114

20273

3.10 %

1.60 GB

2.20 %

548.31 MB

1.10 %

2.13 GB

1.80 %

14

192.168.100.132

14908

2.30 %

216.83 MB

0.30 %

1.83 GB

3.80 %

2.04 GB

1.70 %

15

192.168.100.113

14029

2.20 %

1.09 GB

1.50 %

451.77 MB

0.90 %

1.53 GB

1.30 %

 

All Others

374959

59.30 %

6.29 GB

11.10 %

7.06 GB

15.10 %

13.36 GB

12.60 %

 

Total

652063

100.00 %

72.12 GB

100.00 %

47.81 GB

100.00 %

119.93 GB

100.00 %

 

Thanks.

 

Jonathon J. Howey

MENSE Inc.

P 780.409.5620

F 780.409.5621

D 780.409.5628

C 780.965.8363

Jonathon@xxxxxxxx

 

Defining the Future of Transportation

www.MENSE.ca <http://www.mense.ca/>

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 04-2006