NetFort Advertising

How to use LANGuardian to generate a detailed web activity report for a particular user

Person using laptop to browse web

LANGuardian Web Activity Report Features

The LANGuardian traffic analysis engine may also be used to passively report on web activity.  It is a very useful feature for organizations such as universities who for various reasons including performance, simplicity, and cost do not want to deploy a web proxy or any sort of inline device.

It is also very easy to deploy which is critical for the already pretty busy network engineer who would prefer to concentrate on other tasks and not on the relatively tricky subject of user Internet monitoring. No inline devices required, no agents or clients, no change to browser setting, completely transparent to the user. Just SPAN or mirror the Internet link, connect the LANGuardian to the SPAN port and away you go.

User Internet activity drilldown

The data is captured, stored and immediately accessible when you need it or when it is requested. One can search by IP or MAC address, user name or even part of the domain or URI. For example show me all the users who accessed Dropbox in the last week and how much data was uploaded. Or list all the domains accessed with resources or URIs containing the word Torrent and the user who accessed them.

Bittorrent Protocol Decoder

Whether a web proxy is in use on the network or not, all the detail required, including user name, IP address, domain, resource, size, date and time can be extracted from the raw traffic by the LANGuardian passively usually via a SPAN port or TAP and retained for months in the built in database.

How to focus in on a user

To instantly access and report on web activity for a particular user name, IP or MAC address:

  • Using the search box, top right, enter resource
  • Select the report Web :: Top Website Domains and resources
Sample Web Activity Report
  • Use the Time filter to select the required time period.
  • Using the logon name field enter the name of the user and click view to rerun the report for that particular user.

It is also possible to automatically send a daily or weekly email summarizing the web activity for a particular user by saving this report with the required user name and then under configuration, top right using the email settings to schedule the report.

Find out what users are doing on the Internet

Use the deep packet inspection engine of LANGuardian to collect all web activity down to the URL level from a span port. As a benefit it also provides unique out-of-band network forensics for troubleshooting or identifying odd network traffic.

How does it work?

LANGuardian passively captures HTTP and HTTPS header information from network traffic. In most cases a SPAN or mirror port is setup. There is no impact on network performance as this is not an inline solution. This approach also works for direct and proxy based activity. The video below explains how you can get this setup on your network.