010-68421378
sales@cogitosoft.com
Categories
AddFlow  AmCharts JavaScript Stock Chart AmCharts 4: Charts Aspose.Total for Java Altova SchemaAgent Altova DatabaseSpy Altova MobileTogether Altova UModel  Altova MapForce Altova MapForce Server Altova Authentic Aspose.Total for .NET Altova RaptorXML Server ComponentOne Ultimate Chart FX for SharePoint Chart FX CodeCharge Studio ComponentOne Enterprise combit Report Server Combit List & Label 22 Controls for Visual C++ MFC Chart Pro for Visual C ++ MFC DbVisualizer version 12.1 DemoCharge DXperience Subscription .NET DevExpress Universal Subscription Essential Studio for ASP.NET MVC FusionCharts Suite XT FusionCharts for Flex  FusionExport V2.0 GrapeCity TX Text Control .NET for WPF GrapeCity Spread Studio Highcharts Gantt Highcharts 10.0 版 HelpNDoc Infragistics Ultimate  ImageKit9 ActiveX ImageKit.NET JetBrains--Fleet JetBrains-DataSpell JetBrains--DataGrip jQuery EasyUI jChart FX Plus OPC DA .NET Server Toolkit  OSS ASN.1/C Oxygen XML Author  OSS 4G NAS/C, C++ Encoder Decoder Library OSS ASN.1 Tools for C with 4G S1/X2 OSS ASN.1/C# OSS ASN.1/JAVA OSS ASN.1/C++ OPC HDA .NET Server Toolkit OPC DA .Net Client Development Component PowerBuilder redgate NET Developer Bundle Report Control for Visual C++ MFC  Sencha Test SPC Control Chart Tools for .Net Stimulsoft Reports.PHP Stimulsoft Reports.JS Stimulsoft Reports.Java Stimulsoft Reports. Ultimate Stimulsoft Reports.Wpf Stimulsoft Reports.Silverlight SlickEdit Source Insight Software Verify .Net Coverage Validator Toolkit Pro for VisualC++MFC TeeChart .NET Telerik DevCraft Complete Altova XMLSpy Zend Server

Fastvue Reporter for Sophos UTM and XG

 

 

Fastvue Reporter for Sophos UTM and XG

 

Sensible Web Reports

Sophos Reporter’s web reports are not cluttered with advertising sites, tracking pixels, CDNs and social sharing widgets.

 

HR and Manager Reports

Policing Internet usage is a job for HR and Managers, not IT (that’s a bit creepy).

Fastvue Sophos Reporter makes self-serve web reporting for HR and department managers easy.

 

Simple and Effective

Don’t have time to become a log file analysis expert and create customized reports? No problem. We’ve done the leg work for you.

 

Don’t Trust Your Firewall’s Internet Usage Reports

Fastvue Site Clean makes the log data from your firewall reflect real Internet usage activity. It removes images, scripts, fonts, ads, and other background traffic so you can send meaningful Internet usage reports and alerts, to the right person.

 

The Problem of Reporting on the Modern Web

Internet Reports produced by web gateways such as Sophos UTM do not distinguish between the web sites people intentionally access, and the web sites that are automatically accessed behind the scenes.

 

Fastvue Site Clean (Patent Pending) digs deeper and looks at all characteristics of web browsing log file data, to provide a more accurate picture of real web activity.

 

Sophos UTM Reporting Made Awesome

Generate Overview Reports or detailed Activity Reports on users, sites, apps, categories or any web traffic that flows through your Sophos UTM.

 

Sophos Reporter’s comprehensive filtering interface and seamless Activity Directory integration makes it a breeze to get the report you need.

 

  • User Reports
  • Security Group Reports
  • Department Reports
  • Website Reports
  • Subnet Reports
  • Policy Reports
  • Productivity Reports
  • + Reports on anything in the Sophos UTM Web Filter logs

 

 

Live Real Time Dashboards

Sophos Reporter collects syslog messages from Sophos UTM to display live bandwidth, user productivity, and web protection dashboards.

Simply hover over anything that looks interesting to run a detailed report and get at the heart of the problem.

 

Slow Network?

Check the Bandwidth Dashboard for sites, applications, users, categories and files that are dominating your network’s bandwidth.

 

Grumpy Users?

See in real time the Productive sites being blocked by the UTM, and the Unproductive sites being allowed. Fix your policies before the calls start coming in!

 

Confused?

Not sure why your UTM is blocking or allowing certain traffic? Use the Web Protection dashboard to drill into your Web Policies and see exactly what they’re doing.

 

Easy Report Scheduling

Stop wasting time manually running reports for everyone else. Automatically generate customized reports every day, week or month.

Send Department Managers reports on their department’s activity every week. Send subnet reports to network administrators each day, or unacceptable browsing reports to HR managers.

 

 

 

Alerts

Sophos Reporter’s real-time alerting system notifies you as soon as there is something you need to know about.

Sophos Reporter can automatically email details about events such as Malware, enormous file downloads, unacceptable browsing, or undesirable applications as soon as it occurs.

 

 

Productivity Assessment

Sophos UTM’s URL Filtering does a great job at categorizing web sites, and Sophos Reporter makes it extremely easy for you to assign those categories as Unacceptable, Unproductive, Acceptable or Productive.

 

This enables you to simply monitor unproductive traffic without necessarily blocking it, find web sites that are making it through the firewall that really shouldn’t be, as well as productive web sites that are being accidentally blocked.

 

 

 

Never miss reporting data, even if syslog goes down.

Monitoring syslog data from Sophos UTM is great, until the syslog stream is interrupted or when you need to reboot the syslog receiver. When that occurs, you end up with gaps in your reporting data!

 

Fastvue Sophos Reporter takes care of this for you by also monitoring Sophos UTM’s Remote Log Archive location to fill in any gaps in the Syslog stream.

 

You can also use this folder to import historical log data from the UTM to investigate previous incidents.

 

 

Consolidated Reporting across all Sophos UTMs

Run multiple Sophos UTMs across your organization’s network? No problem. Just add each UTM as a Source in Sophos Reporter to collate all information into one unified, easy to use reporting solution.

 

 

What Does the customers say?

 

“The best part for me is that once I setup the reports and who they go to, I am out of the loop totally. The department manager can parse through the report, run more detailed reports, and take action without involving me at all as a net admin. Site Clean made it even easier for the managers to understand (How do you explain what a CDN is to the accounting manager?). Sophos UTM with the Fastvue Sophos Reporter together is what sold me on going with the UTM.”
– Andrew Reynolds (frasca.com)

 

“The reporting power of Fastvue is significantly better than the factory Sophos reporting. When our demo ran out I literally felt blind as to what was going on with people surfing, etc. Working with support has been a total pleasure as they’re willing to go above and beyond to make the customer completely satisfied!”

-Scott Bentoske, FEC Automation Systems

 

“Site clean is possibly the most useful tool for web usage analysis and reporting since the Internet began! A true Eureka moment in web reporting.”

Nathaniel Gill, Falkland Island Government

 

“According to my UTM’s on-box reports, akamaihd.net was by far our top site and responsible for huge bandwidth drains. I decided to block it, only to discover it broke half the Internet! I never realized so many legit sites use it for their content. Fastvue Sophos Reporter gave me the insight I needed to just block specific origin domains, not the entire CDN!”

Martin Johns

 

Compare the options

 

 

On-box Reports

  • Designed for the UTM Administrator
  • Reports on UTM and network performance
  • Basic information about web usage (top users, domains and categories)

 

 

iView Appliance

  • Designed for the UTM Administrator
  • Reports on UTM and network performance
  • Basic information about web usage (top users, domains and categories)
  • Collates data from multiple UTMs
  • Provides easy access to the log records that built each report

 

 

Fastvue Reporter for Sophos

  • Designed for everyone else concerned about employee internet usage
  • Also useful for UTM Administrators
  • Goes beyond simple log aggregation to provide sensible and useful information around web usage, productivity and the UTM’s policies
  • Collates data from multiple UTMs
  • Imports historical log data in addition to real time syslog data
  • Provides useful activity reports as opposed to cluttered log searches to view full forensic details.

 

Fastvue Sophos Reporter Features

  • User Reports
  • Security Group Reports
  • Department Reports
  • Website Reports
  • Subnet Reports
  • Policy Reports
  • Productivity Reports
  • Report on any logged item
  • Simple Report Scheduling
  • Private Report Sharing
  • Fully Customizable Web Activity Alerts in your inbox
  • Live Bandwidth Dashboard
  • Live Productivity Dashboard
  • Live Web Protection / Firewall Dashboard
  • Allowed Undesirable Sites Report
  • Blocked Productive Sites Report
  • Easily Investigate Unproductive Users
  • Easily Investigate Unproductive Sites
  • Large Download Alerts
  • Malware and Threat Alerts
  • Seamless Active Directory Integration
  • Full Chronological Web Activity Reports
  • Self-Serve Reporting for HR
  • Distribute Reports for Managers
  • Send Productivity Reports to Employees
  • Warned and Proceeded Websites Alert
  • Customizable Data Retention Policy
  • Export To CSV
  • Simple Installation & Setup

 

Fastvue Reporter for Sophos – Installation and Setup

 

New installations

Sophos Reporter works by consuming both real-time and archived Web Filtering log data from Sophos UTM. Sophos Reporter’s real-time dashboards and alerts rely on Syslog data to be sent from Sophos UTM to the Sophos Reporter machine.

Historical data can be imported from a log folder archive.

 

1. Download and Install

Download Sophos Reporter and install on a machine (or virtual machine) that meets our recommended requirements for your network size.

Note: Fastvue Reporter is a resource intensive application by design in order to import data and run reports as fast as possible. We do not recommend installing Fastvue Reporter on a server that provides a critical network service such as a Domain Controller, DNS server, or DFS server. We recommend installing on a dedicated VM (virtual machine) so you can scale the resources appropriately.

 

Supported Operating Systems

Fastvue Reporter is designed for 64 bit Windows Server Operating Systems running Windows Server 2008 R2, Server 2012 R2, or above.

 

The Fastvue Reporter installer will automatically install and configure the required pre-requisites which include .Net 4.6 and IIS (Web Server and Application Server roles). It will also install Open JDK and Elasticsearch in its own self-managed directory.

 

When installing, you will be asked to select a website to install too. If you are installing on a server with existing websites, we recommend creating a new website in IIS and installing to that. You can also choose to install to a sub-folder of an existing website (such as Default Web Site\Fastvue).

 

RAM / CPU Requirements

Network Size

Recommended Server Specification

Less than 500 Users

4 CPUs/Cores, 6 GB RAM

500 – 1000 Users

4 CPUs/Cores, 8 GB RAM

1000 – 3000 Users

8 CPUs/Cores, 12 GB RAM

3000 – 5000 Users

8 CPUs/Cores, 16 GB RAM

5000+ Users

16 CPUs/Cores, 24 GB RAM

* Virtual environments are recommended so you can scale the resources as required.

 

Data Storage Requirements

During installation, you are asked where you want the Data Location to be. The amount of data stored per day will vary depending on the amount of traffic flowing through your Sophos UTM.

 

The default data retention policy in Fastvue Reporter is 90 days or 90% of drive space, whichever comes first. If 90% of the drive leaves less than 20 GB free, the retention policy will adjust to allow at least 20 GB for Operating System files if the data path is on the same drive as the OS.

 

These data retention settings can be adjusted in Settings | Data Storage.

 

We do not advise installing to a network drive due to latency issues affecting the stability of our very frequent read-write operations. For best performance, use a local SSD drive.

 

Do not install to a mapped network drive, or use a mapped network drive as Fastvue Reporter’s data path, as the assigned drive letters will not exist in the system context – only the user context. If you must use a network drive, specify a UNC path such as \\servername-or-ip\fastvue, but keep in mind the performance issues mentioned above, and you will have to configure ‘full’ permissions for the Fastvue Server’s local system account.

 

After one or two days of collecting data, check the size estimates in Settings | Data Storage | Settings to see if you need to make adjustments to the data retention policy or your server’s disk space. These estimates become more accurate as data is imported.

 

Install Fastvue Reporter

To install Fastvue Sophos Reporter:

  • Double-click the downloaded setup exe on a machine that meets the above recommendations
  • Proceed through the installation wizard to install the software.  The installation wizard will ask you for:
    • Installation folder (defaults to C:\Program Files\Fastvue\Sophos Reporter). Only application files are installed to this folder. It does not require much disk space.
    • Website and Virtual Directory (defaults to ‘Default Web Site’). If you have other websites installed on your server, it is a good idea to install Fastvue Sophos Reporter to a virtual directory such as ‘fastvue’ or ‘sophosreports’. Then you can access the site at http://yourserver/fastvue for example and it does not interfere with any other site on your server.
    • Data Location (defaults to C:\ProgramData\Fastvue\SophosReporter). This is the location where all imported data, configuration and report files are stored. Specify a location with plenty of disk space.

 

2. Configure Syslog

 

For Sophos UTM (SG):

Ensure Sophos UTM has the Web Filtering feature enabled and applied to your network, with at least one category set to block or warn. Then go to Web Admin | Logging and Reporting | Log Settings | Remote Syslog, and add the Fastvue server as a syslog server with these settings:

  • Server = Fastvue Reporter Server IP (add a new host object if necessary)
  • Port = Drag in the predefined SYSLOG protocol. If you already have a syslog application installed on the Fastvue machine, then use a custom port such as 50514.

 

Then check the ‘Web Filtering’ checkbox in the Remote Syslog Log Selection section and click Apply.

 

Sophos XG Firewall:

On your XG Firewall, ensure you have a firewall rule with a ‘Web Policy’ applied and the ‘Log Traffic’ checkbox checked.

 

Then go to Configure | System Services | Log and add the Fastvue server as a syslog server with these

settings:

  • Server = Fastvue Reporter Server IP
  • Port = Any unused port on Fastvue machine (514 is the default)
  • Facility = Daemon
  • Severity = Information
  • Format = Device Standard Format.

 

Then scroll down and check the checkbox for the Fastvue Syslog server next to the following log events and click Apply:

  • Firewall | Firewall Rules
  • Firewall | SSL VPN tunnel
  • IPS | Anomaly
  • IPS | Signatures
  • Antivirus | Check all events
  • Content Filtering | Check all events
  • Events | Authentication Events
  • Advanced Threat Protection | ATP Events
  • Sandstorm | Sandstorm events

 

 

3. Add a Source

Add the Sophos UTM as a Source in Sophos Reporter 2.0. This can be done on the start page that is presented after installation, or in Settings | Sources | Add Source.

It may take 10-20 seconds before the first records are imported. You can watch the records and dates imported in Settings | Sources. Once records start importing, you can go to the Dashboard tab to see your network traffic.

 

 

4. Enjoy!

Now you can test out the many features of Sophos Reporter 2.0.

 

Upgrading Existing Installations

 

 

1. Backup Sophos Reporter’s Data and Settings

If you want to upgrade your existing installation, we recommend backing up your existing settings and data first. This is as simple as making a full copy of the contents of Sophos Reporter’s data location, shown in Settings | Data Storage | Settings (default is C:\ProgramData\Fastvue\Sophos Reporter).

Tip: Compress the backup, especially the data.fvfs folder as this can be quite large.

 

 

2. Backup Custom IIS Settings (if applicable)

If you have secured the Sophos Reporter website with IIS or applied any other custom settings in IIS directly, you should also backup the web.config file in the website’s directory (usually under c:\inetpub\wwwroot\). The installer will attempt to also backup and restore this file for you, but this is a good idea just in case there is an issue with the installation.

 

 

3. Upgrade / Installation

Once your current environment is backed up, simply run the new installer over the top of your existing installation to upgrade. The installer will pick up your existing settings, so just click next throughout the wizard without making any changes. Once installed, browse to the site and clear the browser cache by hitting ctrl + F5 (cmd + R on Mac).

 

If upgrading from version 2.0 to 3.0, your existing data will be migrated to our new database format (Elasticsearch). This new database unfortunately requires twice the disk space as the previous version, so your data retention ‘size’ policy will be automatically increased if your available disk space allows for it. You will be notified of the change and given the option to confirm or change the settings.

 

 

Data migration can take some time depending on the amount of historical data that you need to migrate. This process will happen in the background and you can view its progress in Settings | Data Storage.

 

We do not advise installing to a network drive due to latency issues affecting the stability of our very frequent read-write operations. For best performance, use a local SSD drive.

 

Do not install to a mapped network drive, or use a mapped network drive as Fastvue Reporter’s data path, as the assigned drive letters will not exist in the system context – only the user context. If you must use a network drive, specify a UNC path such as \\servername-or-ip\fastvue, but keep in mind the performance issues mentioned above, and you will have to configure ‘full’ permissions for the Fastvue Server’s local system account.

 

As the data migrates, you can still use the Fastvue Reporter as normal to view dashboards, alerts and run reports on new data, or data that has been migrated.

 

 

4. Enjoy!

It may take 10-20 seconds before the first records are imported. You can watch the records count in Settings | Sources. Once records start importing, you can go to the Dashboard tab to see your live network traffic.

Now you can test out the many features of Sophos Reporter.

 

 

Quick Navigation;

© Copyright 2000-2023  COGITO SOFTWARE CO.,LTD. All rights reserved