WIXLIB

800-782-3762www.stbernard.comReporting GuideVersion 6.410

2001 – 2010 St. Bernard Software Inc. All rights reserved. The St. Bernard Software logo,iPrism and iGuard are trademarks of St. Bernard Software Inc. All other trademarks andregistered trademarks are hereby acknowledged.Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporationin the United States and/or other countries.Other product and company names mentioned herein may be the trademarks oftheir respective owners.The iPrism software and its documentation are copyrighted materials. Lawprohibits making unauthorized copies. No part of this software or documentationmay be reproduced, transmitted, transcribed, stored in a retrieval system, ortranslated into another language without prior permission of St. BernardSoftware, Inc.RPT0001.6.4.1005

ContentsIntroduction . 1Using the Reports Manager . 1Accessing the Reports Manager . 3Navigation menu . 4Shortcuts . 5Working with reports . 5Creating a new report . 5Choosing a report type . 7Sorting and Grouping options by report type . 8Grouping a report . 12Sorting a report. 12Choosing report search criteria . 12Search Criteria: Web Detailed Report. 13Search Criteria: Remote Sessions Report . 16Search Criteria: Web Statistics and Web Hourly Statistics Reports. 19Search Criteria: Web Top Domains and Web Top Hosts Reports . 21Search Criteria: Web Top (Grouped) Report . 24Search Criteria: IM/P2P Detailed Report . 27Search Criteria: IM/P2P Statistics Report . 30Finishing the report. 33Editing a report . 35To edit a report. 35Deleting a report . 37Running and viewing reports. 39Running a report. 39Run a report in the background . 39Choosing the report date range. 43i

Viewing a report. 43Drilling down in a report. 45Example 1: Web Statistics by Category Drilldown Options. 45Example 2: Remote Sessions Drilldown Options. 47Saving a generated report . 51Scheduling reports . 52Scheduling a report . 55Editing a report schedule. 57Deleting a scheduled report. 58Monitoring in real time. 59Using the Real-Time Monitor. 59To Start, Pause, and Resume Monitoring . 60Monitoring activity . 62Editing Real-Time Monitor settings. 65Samples . 66Sample Web Detailed Report . 66Sample Remote Sessions report. 68Sample Web Statistics Report. 73Sample Web Hourly Statistics Report . 74Sample Web Top Reports . 75Web Top Domains report sample . 75Web Top Hosts report sample . 76Web Top (Grouped) report sample . 77Sample IM/P2P Detailed Report. 78Sample IM/P2P Statistics Report . 79Tutorials . 80Scenario 1: What’s happening on the network today? . 80ii

Monitoring the daily system activity. 80Scenario 2: Is an employee abusing access privileges? . 82Find out the details of a user’s web use. 83Drill down to investigate . 84Scenario 3: How are different offices using the network? . 84Create a Web Statistics report for each office. 84Schedule and deliver each report . 86Support . 87Frequently Asked Questions . 87Why do my reports sometimes run slowly? . 87How many days of information does iPrism store? . 87How many entries can a report hold? . 87The Real-time Monitor is not working and I received the error message,“Unable to receive real-time events”. Why? . 87I did not receive my scheduled report in email. 87The Real-time Monitor is not showing all of the IM/P2Por web activity that I know is occurring. . 88When I log in to the Report Manager, it pauses at 84%. Why? . 88iii

IntroductionIntroductionThe iPrism Web Filter from St. Bernard combines simplicity, performance and value to deliverunrivalled protection from Internet-based threats such as malware, viruses, spyware, anonymizers, IM,P2P, and inappropriate content. As a self-contained appliance-based solution, iPrism offers universalinteroperability on any platform and in any network environment, delivering Internet security at theperimeter, to help enforce your Internet acceptable use and security policies. In addition, iPrismseamlessly integrates with your directory services to automate authentication for fast and easydeployment throughout your organization.iPrism’s Reports Manager contains predefined, commonly needed reports that give you the visibilityyou need, such as knowing who was visiting what site and when. You can also create your own customreports.Reports draw from a database that can hold up to 120 million records, including Instant Messaging(IM), Peer-to-Peer (P2P), and URL events.The Reports Manager includes the following features: The ability to report on IM and P2P network useReal-time, graphical status monitoringAn easy-to-use Report WizardDrill-down ability in text reportsSupport for multiple simultaneous users of the Reports ManagerThe ability to run reports immediately or schedule them to run later in batch modeThe ability to export graphic and text reports in PDF format; text reports can also be exported astext files or as comma-separated data, suitable for use in Microsoft Excel or Crystal Reports.Using the Reports ManagerThe Reports Manager allows access to the iPrism’s reporting features. You can create and customizereports, define report grouping and sorting, select the deliverable format, and schedule reports for lateruse.1

Using the Reports ManagerMultiple users may use the Reports Manager at the same time. The following access rights can be setby the iPrism administrator to determine the information they can see: Full Access to information about a certain profile (e.g., BlockOffensive) Access to information about a certain IP address range (e.g., the Marketing subnet)Users with limited access can only generate reports on the authorized information.2

Using the Reports ManagerAccessing the Reports Manager1.From the iPrism Home Page, select Reporting, then Report Manager.FIGURE 1.2.Accessing the Report ManagerClick iPrism Reports to launch the Report Manager.3

Using the Reports Manager3.Once you are in the Report Manager, from the Reports Manager Welcome screen, select an option(Welcome, Reports, Schedules, or Real-Time Monitor) from the Navigation Menu at left or theshortcuts (Create a report, Run a report, Schedule a report, or Exit) on the Welcome screen.FIGURE 2.Welcome screenNavigation menuThe Navigation menu in the left sidebar provides quick access to the different areas of the reportingsystem: Welcome displays the Welcome screen. Reports displays the main Reports Manager screen, from which you can create, run, view, edit,and delete reports. Schedules displays the main Scheduling screen, from which you can create, edit, and deletereport schedules. Real-time Monitor displays the Real-Time Monitor screen, from which you can monitorInternet and IM/P2P use in real time, as well as edit your monitoring configuration.4

Working with reportsShortcutsThe following shortcuts to commonly-used tasks are available from the Welcome screen: Create a report launches the New Report Wizard, where you can create, run, and/or schedule areport. Run a report enables you to run and view an existing report. Schedule a report launches the Schedule Report Wizard, where you can schedule reports andset delivery options. Exit closes the Reports Manager application.Working with reportsCreating a new reportThis topic explains the entire new report creation process; the individual steps, such as selecting areport type, are explained in further detail in separate topics.1.To create a report from the Report Manager welcome screen, either select Reports Create NewReport from the navigation menu, or Create a report from the shortcuts. The New Report Wizardwill open.Note: By selecting Reports from the navigation menu, you can also edit, run, and delete reports.5

Working with reportsFIGURE 3.2.Creating a new report from the Report WizardSelect an option:Create a new report from scratch: Selecting this option allows you to specify all of the optionsyou want to include in the report.Create a new report based on a pre-existing report: Selecting this option allows you to select anexisting report from the dropdown list.3.Click Next.4.In the Type tab, select the type of report you want to create and click Next. For information aboutchoosing a report type, see “Choosing a report type” on page 76

Working with reports5.If you selected Web Statistics, Web Hourly Statistics, Web Top (Grouped), or IM/P2P Statistics inthe Type tab, the Grouping tab will appear when you click Next (see “Grouping a report” onpage 12). Select Grouping options and click Next to go to the Sorting tab (see “Sorting a report” onpage 12).6.If you selected Web Detailed or Remote Sessions in the Type tab, the Sorting tab will appear whenyou click Next (see “Sorting a report” on page 12). Select Sorting options and click Next.7.After clicking Next on the Sorting tab, select the report criteria on the Criteria tab (see “Choosingreport search criteria” on page 12), and click Next.8.On the Finish tab, follow the instructions for naming and processing your report, then click Finish.Choosing a report typeThe type of report you select determines the general type of information that is included in your report:web access statistics, IM/P2P use, top-access lists, and so on. iPrism provides several main reporttypes, as described in the following table. Grouping and Sorting options by Report Type are also listed.Notes: Grouping options (via the Grouping tab) are available only for Web Statistics, Web HourlyStatistics, Web Top (Grouped) or IM/P2P Statistics reports. Sorting options (via the Sorting tab) are available after you select a Web Detailed or RemoteSessions report type, or after you select Grouping options for Web Statistics, Web HourlyStatistics or IM/P2P Statistics report types.7

Working with reportsSorting and Grouping options by report typeReport TypeGrouping Options Sorting OptionsWeb DetailedN/ADate & TimeIP Address, Date & TimeUser Name, Date & TimeProfile, User Name, Date & TimeAction, Date & TimeBandwidth, Date & TimeRating, Date & TimeURL, Date & TimeRemote SessionsN/AFirst Event TimeLast Event TimeUser Name & First Event TimeMachine ID & First Event TimePolicy Decision, Machine ID & First Event Time8

Working with reportsWeb StatisticsCategoryCategory and UserNameCategory and IPAddressCategory andProfileLocationLocation andCategoryUser NameUser Name andCategoryIP AddressIP Address andCategoryProfileProfile andCategory(Dynamic based on selected Grouping)CategoryIP AddressProfileUser Name(Static/available to all Groupings)PassedBlockedOverriddenOverride InitiatedHitsPagesBandwidthDuration19

Working with reportsWeb HourlyStatisticsHourHour and UserNameHour and IPAddressHour and Profile(Dynamic based on selected Grouping)User NameIP AddressProfile(Static/Available to all Groupings)PassedBlockedOverriddenOverride InitiatedHitsPagesBandwidthDurationWeb TopN/AN/AWeb Top(Grouped)User NameIP AddressProfileN/AIM/P2P DetailedN/AN/AIM/P2P StatisticsProtocolPassedBlockedProtocol and IPAddressIP AddressPassedBlocked10

Working with reportsProtocol andProfileProfilePassedBlockedProtocol and User User NameNamePassedBlockedUser Name andProtocolProtocolPassedBlockedIP AddressPassedBlockedIP Address edProfile andProtocolProtocolPassedBlocked1. Duration applies to local as well as remote events, which are calculated the same way.11

Working with reportsGrouping a reportSee “Sorting and Grouping options by report type” on page 8 for detailed information on groupingoptions.Sorting a reportSee “Sorting and Grouping options by report type” on page 8 for detailed information on sortingoptions.Choosing report search criteriaThe Criteria tab allows you to specify search options for a report. For example, you could create areport that highlights activity in one particular profile, or that focuses only on a certain set ofcategories. The default settings include all data.The options on the Criteria tab vary by report type.12